Assignment 3 - Custom Tag Libraries
Due: 2008-08-08, 10:00
The assignment shall be solved individually.
The purpose of this assignment is to introduce the use of tag libraries in JSP,
and show how to incorporate them with session management in JSP development.
In this assignment you are to create a set of custom tags, export them in a
tag library and incorporate the tag library in an existing web application.
More specifically you are to create a series of custom tags that handle
user authentication (login and logout) for JSP pages, and then modify your
solution from assignment 2 to make use of these tags to secure the web shop
application.
NOTE that you are to copy all of the files in your solution from
assignment 2 to the assignment3 directory in your laboration
environment prior to modifying the files for assignment 3.
If you have not completed assignment 2 before handing in assignment 3 you may
use your existing solution for assignment 2, you will not need to fix problems
in assignment 2 twice (unless ofcourse they completely obscure the use of the
tags in assignment 3).
If your solution of assignment 2 is structured in a way that prohibits
reasonable use of the tags in assignment 3
(e.g., if you have implemented an MVC architecture that obsoletes the use of
RequireAuthenticationTag ) you may construct a simple
demonstration web site which demonstrates the use of the tags.
If you elect to do this, you must document the site and its use of the tags in
a brief report which is to be handed in with your solution
(an explanatory email will suffice).
Tag name
|
Tag parameters
|
Description
|
LogInTag
|
skipPage
(optional, default "false")
|
Present a log-in form which sends an authentication request to itself.
If a log-in request was made (i.e., the log-in form was submitted),
authenticate the user and create a session variable which stores the
username of the authenticated user.
If user authentication fails, present the log-in form again.
If skipPage equals "true", skip the rest if the JSP content
when presenting the log-in form.
|
LogOutTag
|
None
|
Reset the username variable in the session (i.e., perform a user log-out).
|
GetCurrentUserTag
|
message
|
Present the username of the currently logged-in user, or
message if no user is currently logged in.
|
RequireHTTPSTag
|
None
|
Throw a JspException if the current request was made using a
non-secure channel (i.e., over HTTP).
|
RequireAuthenticationTag
|
redirectURL
(optional)
|
Redirect the request to the specified redirectURL
if no user has been authenticated in the current session.
If no redirectURL has been specified, throw a JspException.
|
All tag classes shall be placed in the Java package
authentication.tags .
A template taglib descriptor file named
authentication-taglib.tld
is provided and should be usable as-is for the assignment.
Note that for a passing grade on this assignment you need to provide
both the specified tags and integrate them in the files copied from your
solution for assignment 2.
If the structure of your solution / adaptation of assignment 2 is not
self-evident and completely transparent, you should provide some form of
documentation for this
(i.e., in a very brief report or in the form of comments in your JSP pages).
Laboration environment
Download authentication.jar
and place it in your web applications library directory
(5dv076/username/web/WEB-INF/lib ).
This JAR-file contains a data access layer for a simulated user database.
The system is provided in a Java package called
authentication
which contains the following classes:
authentication.Id <- a UUID wrapper class
authentication.User <- a user representation
authentication.UserAccessor <- an accessor interface for the user database
authentication.UserAccessorSimulator <- a simulated implementation of the accessor
authentication.UserAccessorSimulator.Factory <- a factory class for the simulator
The users in this system contains three data fields:
id, username and password.
Although the User class contains get methods for
each of them, use of the UserAccessor interface
is sufficient for the solution of the assignment.
The accessor interface contains a single method for authenticating users
using a (username,password) tuple.
Using the system:
To use the system to authenticate a user simply instantiate an accessor:
UserAccessor accessor = UserAccessorSimulator.Factory.getInstance();
and authenticate the user using the provided user credentials
(username and password submitted via a log-in form)
boolean authentication = accessor.authenticate(username,password);
Note that the authentication method is case sensitive, i.e., username and
password must be specified using an exact case match when logging in.
The simulated user database contains by default 10 test users, with
username and passwords created on the pattern
testuser1 testpassword1
testuser2 testpassword2
. .
. .
. .
See the environment page for details on the
laboration environment.
Examination
Place a WAR-file containing your solution in
~/edu/5dv076/assignment3/
Place your custom tag Java source code in
~/edu/5dv076/assignment3/src/
You laboration report should be placed in
~/edu/5dv093/assignment3/report/
Due date
2008-08-08, 10:00
|