Institutionen för datavetenskap: Webutveckling för serversidan

Assignment 3 - Custom Tag Libraries

Due: 2008-08-08, 10:00

The assignment shall be solved individually.

The purpose of this assignment is to introduce the use of tag libraries in JSP, and show how to incorporate them with session management in JSP development.

In this assignment you are to create a set of custom tags, export them in a tag library and incorporate the tag library in an existing web application. More specifically you are to create a series of custom tags that handle user authentication (login and logout) for JSP pages, and then modify your solution from assignment 2 to make use of these tags to secure the web shop application.
NOTE that you are to copy all of the files in your solution from assignment 2 to the assignment3 directory in your laboration environment prior to modifying the files for assignment 3.
If you have not completed assignment 2 before handing in assignment 3 you may use your existing solution for assignment 2, you will not need to fix problems in assignment 2 twice (unless ofcourse they completely obscure the use of the tags in assignment 3). If your solution of assignment 2 is structured in a way that prohibits reasonable use of the tags in assignment 3 (e.g., if you have implemented an MVC architecture that obsoletes the use of RequireAuthenticationTag) you may construct a simple demonstration web site which demonstrates the use of the tags. If you elect to do this, you must document the site and its use of the tags in a brief report which is to be handed in with your solution (an explanatory email will suffice).

Tag name	Tag parameters	Description
LogInTag	`skipPage` (optional, default "false")	Present a log-in form which sends an authentication request to itself. If a log-in request was made (i.e., the log-in form was submitted), authenticate the user and create a session variable which stores the username of the authenticated user. If user authentication fails, present the log-in form again. If `skipPage` equals "true", skip the rest if the JSP content when presenting the log-in form.
LogOutTag	None	Reset the username variable in the session (i.e., perform a user log-out).
GetCurrentUserTag	`message`	Present the username of the currently logged-in user, or `message` if no user is currently logged in.
RequireHTTPSTag	None	Throw a `JspException` if the current request was made using a non-secure channel (i.e., over HTTP).
RequireAuthenticationTag	`redirectURL` (optional)	Redirect the request to the specified `redirectURL` if no user has been authenticated in the current session. If no `redirectURL` has been specified, throw a JspException.

All tag classes shall be placed in the Java package authentication.tags. A template taglib descriptor file named authentication-taglib.tld is provided and should be usable as-is for the assignment.

Note that for a passing grade on this assignment you need to provide both the specified tags and integrate them in the files copied from your solution for assignment 2. If the structure of your solution / adaptation of assignment 2 is not self-evident and completely transparent, you should provide some form of documentation for this (i.e., in a very brief report or in the form of comments in your JSP pages).

Laboration environment

Download authentication.jar and place it in your web applications library directory (5dv076/username/web/WEB-INF/lib).

This JAR-file contains a data access layer for a simulated user database. The system is provided in a Java package called authentication which contains the following classes:

authentication.Id                              <- a UUID wrapper class
authentication.User                            <- a user representation
authentication.UserAccessor                    <- an accessor interface for the user database
authentication.UserAccessorSimulator           <- a simulated implementation of the accessor
authentication.UserAccessorSimulator.Factory   <- a factory class for the simulator

The users in this system contains three data fields: id, username and password. Although the User class contains get methods for each of them, use of the UserAccessor interface is sufficient for the solution of the assignment. The accessor interface contains a single method for authenticating users using a (username,password) tuple.

Using the system: To use the system to authenticate a user simply instantiate an accessor:

  UserAccessor accessor = UserAccessorSimulator.Factory.getInstance();

and authenticate the user using the provided user credentials
(username and password submitted via a log-in form)

  boolean authentication = accessor.authenticate(username,password);

Note that the authentication method is case sensitive, i.e., username and password must be specified using an exact case match when logging in.

The simulated user database contains by default 10 test users, with username and passwords created on the pattern

testuser1   testpassword1
testuser2   testpassword2
   .              .
   .              .
   .              .

See the environment page for details on the laboration environment.

Examination

Place a WAR-file containing your solution in

~/edu/5dv076/assignment3/

Place your custom tag Java source code in

~/edu/5dv076/assignment3/src/

You laboration report should be placed in

~/edu/5dv093/assignment3/report/

Due date

2008-08-08, 10:00

http://www.cs.umu.se/kurser/5DV093/SOM-08/assignments/3/index.html
Ansvarig för sidan: P-O Östberg
Senast ändrad 2008-06-18