WCD-LAB @HOME 9-Ans
1
Add a filter to an existing servlet
Task - Examine the Starting Point
1. Open the project SL314m091ab2 in the d:\labs\student\exercises directory and run the project.
2. Select different operations and obsen-e the application's behavior.
Task - Install a Login Mechanism in the Application
1. Add code to the ApplicationController to attempt to read an attribute user from the current session. Set the value found (or null if not found) in an attribute user in the request scope.
2. Modify the quote, jsp and advertize, jsp pages to conditionally welcome the user if the user attribute is not null. Use the core JSTL tag library to provide the conditional behavior for this.
3. Create a new JSP called login, jsp. This should collect a username on a form, and submit this along with the parameter operation set to login to the ApplicationCont roller. You might need to use the following HTML tag to achieve this:
cinput type="hidden" uame="operation" value="Login"/>
4. Add a JSP called welcome, jsp. Tliis should welcome the new user and be the target of the controller's forwarding in the case that the operation is Login.
5. Modify the ApplicationController so that if the operation parameter is login it creates an HttpSession. and embeds the provided user name in that session.
6. Test that the application now addresses a logged-in user by name. You will need to navigate to the login, jsp page manually.
Task - Install a Security Filter in the Application
1. Create a Servlet Filter, called SecurityFilter:
a. Right click the project select Other —* Web — Filter.
b. Enter the name and set the domain to Web.
c. Click Next.
d. Click the New button.
e. For the URL enter /ApplicationController.
f. Check the request box for dispatch option.
g. Click Finish.
2. Edit the template-generated filter:
a. Delete the methods doBeforeProcessing and doAfterProcessing.
b. Delete everything in the doFilter method except for the call to chain.doFilter.
c. Delete the methods getFilterConfig and setFilterConfig.
d. Delete the method tostring.
e. Delete the method sendPrccessingError.
f. Delete the method log.
g. In the init method, delete everything except the Ime that stores the f ilterconf ig parameter m the instance variable of the same name.
3. In the doFilter method, before the call to chain.doFilter. add code to do the
following:
a. Determine what the operation to be performed is (use a request.getParameter("operation") call).
b. If the operation is anything other than Quote, proceed to call chain. doFilter and end processing m this doFilter method.
4. For Quote operations only, proceed as follows:
a. Determine if there is a session associated with this request, and if so. determine if the session contains an attribute called user.
b. If the user attribute exists and is not empty, processmg proceeds with the call to chain. doFilter.
c. If the session does not exist, or if the user attribute does not exist or is empty, processmg proceeds by forwarding through a RequestDispatcher configured to dispatch to the page login, jsp.
5. Rim the program and verify:
a. Any user, regardless of whether the}- are logged m or not. can log m. and can access the advertisement.
b. When an attempt is made to get a Quote, this is success fill only if the user has logged m already. Otherwise, the request results m a redirection to the logm page.
Task - Examine the Starting Point
1. Open the project SL314m091ab2 in the d:\labs\student\exercises directory and run the project.
2. Select different operations and obsen-e the application's behavior.
Task - Install a Login Mechanism in the Application
1. Add code to the ApplicationController to attempt to read an attribute user from the current session. Set the value found (or null if not found) in an attribute user in the request scope.
2. Modify the quote, jsp and advertize, jsp pages to conditionally welcome the user if the user attribute is not null. Use the core JSTL tag library to provide the conditional behavior for this.
3. Create a new JSP called login, jsp. This should collect a username on a form, and submit this along with the parameter operation set to login to the ApplicationCont roller. You might need to use the following HTML tag to achieve this:
cinput type="hidden" uame="operation" value="Login"/>
4. Add a JSP called welcome, jsp. Tliis should welcome the new user and be the target of the controller's forwarding in the case that the operation is Login.
5. Modify the ApplicationController so that if the operation parameter is login it creates an HttpSession. and embeds the provided user name in that session.
6. Test that the application now addresses a logged-in user by name. You will need to navigate to the login, jsp page manually.
Task - Install a Security Filter in the Application
1. Create a Servlet Filter, called SecurityFilter:
a. Right click the project select Other —* Web — Filter.
b. Enter the name and set the domain to Web.
c. Click Next.
d. Click the New button.
e. For the URL enter /ApplicationController.
f. Check the request box for dispatch option.
g. Click Finish.
2. Edit the template-generated filter:
a. Delete the methods doBeforeProcessing and doAfterProcessing.
b. Delete everything in the doFilter method except for the call to chain.doFilter.
c. Delete the methods getFilterConfig and setFilterConfig.
d. Delete the method tostring.
e. Delete the method sendPrccessingError.
f. Delete the method log.
g. In the init method, delete everything except the Ime that stores the f ilterconf ig parameter m the instance variable of the same name.
3. In the doFilter method, before the call to chain.doFilter. add code to do the
following:
a. Determine what the operation to be performed is (use a request.getParameter("operation") call).
b. If the operation is anything other than Quote, proceed to call chain. doFilter and end processing m this doFilter method.
4. For Quote operations only, proceed as follows:
a. Determine if there is a session associated with this request, and if so. determine if the session contains an attribute called user.
b. If the user attribute exists and is not empty, processmg proceeds with the call to chain. doFilter.
c. If the session does not exist, or if the user attribute does not exist or is empty, processmg proceeds by forwarding through a RequestDispatcher configured to dispatch to the page login, jsp.
5. Rim the program and verify:
a. Any user, regardless of whether the}- are logged m or not. can log m. and can access the advertisement.
b. When an attempt is made to get a Quote, this is success fill only if the user has logged m already. Otherwise, the request results m a redirection to the logm page.
No comments:
Post a Comment