Assignment 3 - Tag Libraries
Due: 2007-08-21, 10:00
The assignment shall be solved individually.
The purpose of this assignment is to introduce the use of tag libraries in JSP,
and show how to incorporate them with session management in JSP development.
In this assignment you are to create a set of custom tags, export them in a
tag library and incorporate the tag library in an existing web application.
More specifically you are to create a series of custom tags which handle
user authentication (login and logout) for JSP pages, and then modify your
solution from assignment 2 to make use of these tags to secure the shopping
application.
NOTE that you are to copy all of the files in your solution from
assignment 2 to the assignment3 directory in your laboration
environment prior to modifying the files for assignment 3.
If you have not completed assignment 2 before handing in assignment 3 you may
use your existing solution for assignment 2, you will not need to fix problems
in assignment 2 twice (unless ofcourse they completely obscure the use of the tags in
assignment 3).
If your solution of assignment 2 is structured in a way which prohibits reasonable
use of the tags in assignment 3 (e.g., if you have implemented a MVC architecture
which obsoletes the use of RequireAuthenticationTag ) you may
construct a simple demonstration web site which demonstrates the use of the tags.
If you elect to do this, you must document the site and its use of the tags in a
brief report which is to be handed in with your solution (an explanatory section of
an email will suffice).
Tag name
|
Tag parameters
|
Description
|
LogInTag
|
skipPage
(optional, default "false")
|
Present a log-in form which sends an authentication request to itself.
If a log-in request was made (i.e., the log-in form was submitted),
authenticate the user and create a session variable which stores the
username of the authenticated user.
If user authentication fails, present the log-in form again.
If skipPage equals "true", skip the rest if the JSP content
when presenting the log-in form.
|
LogOutTag
|
None
|
Reset the username variable in the session (i.e., perform a user log-out).
|
GetCurrentUserTag
|
message
|
Present the username of the currently logged-in user, or
message if no user is currently logged in.
|
RequireHTTPSTag
|
None
|
Throw a JspException if the current request was made using a non-secure channel
(i.e., over HTTP).
|
RequireAuthenticationTag
|
redirectURL
(optional)
|
Redirect the request to the specified redirectURL
if no user has been authenticated in the current session.
If no redirectURL has been specified, throw a JspException.
|
All tag classes shall be placed in the Java package
assignment3.tags .
A template taglib descriptor file named
assignment3-taglib.tld
is provided and should be usable as-is for the assignment.
Note that for a passing grade on this assignment you need to provide
both the specified tags and integrate them in the files copied from your
solution for assignment 2.
If the structure of your solution / adaptation of assignment 2 is not
self-evident and completely transparent you should provide some form of
documentation for this
(i.e., in a very brief report or in the form of comments in your JSP pages).
Laboration environment
Download assignment3.jar and place it in your
web applications library directory
(5dv076/username/web/WEB-INF/lib ).
This JAR-file contains a data access layer for a simulated user database.
The system is provided in a Java package called
assignment3
which contains the following classes:
assignment3.Id <- a UUID wrapper class
assignment3.User <- a user representation
assignment3.UserAccessor <- an accessor interface for the user database
assignment3.UserAccessorSimulator <- a simulated implementation of the accessor
assignment3.UserAccessorSimulator.Factory <- a factory class for the simulator
The users in this system contains three data fields:
id, username and password.
Although the User class contains get methods for
each of them, use of the UserAccessor interface
is sufficient for the solution of the assignment.
The accessor interface contains a single method for authenticating users
using a (username,password) tuple.
Using the system:
To use the system to authenticate a user simply instantiate an accessor:
UserAccessor accessor = UserAccessorSimulator.Factory.getInstance();
and authenticate the user using the provided user credentials
(username and password submitted via a log-in form)
boolean authenticationResult = accessor.authenticate(username,password);
Note that the authentication method is case sensitive, i.e., username and
password must be specified using an exact case match when logging in.
The simulated user database contains by default 10 test users, with
username and passwords created on the pattern
testuser1 testpassword1
testuser2 testpassword2
. .
. .
. .
See the environment page for details on the
laboration environment.
Examination
Place a WAR-file containing your solution in
~/edu/5dv076/assignment3/
Place your custom tag Java source code in
~/edu/5dv076/assignment3/src/
and email the teachers when you have completed the assignment.
Due date
2007-08-21, 10:00
|