95-702 Notes on Running a Servlet with User Authentication
Hands On Exercise
In this exercise we will configure a web server to demand a user
name and password from visitors. If a visitor is new then our
servlet will report that. If a visitor has visited before then our
servlet will report on the time of the last visit.
Week 2 of Class
===============
1) Run NetBeans.
2) Choose Services/Servers/GlassFish V3/ Right Click and Start server.
3) Choose Services/Servers/GlassFish V3/ Right Click and View Admin Console.
4) Choose Security/Realms/File/Manage Users enter two users with passwords.
5) Return to NetBeans and use the following web.xml file.
NameInThisFile
UserAuthorizationDemo
NameInThisFile
/UserAuthorizationDemo/*
index.jsp
SomeProtection
/UserAuthorizationDemo/*
GET
student
BASIC
file
student
6) Use the following servlet.
import java.io.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class UserAuthorizationDemo extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
res.setContentType("text/plain");
PrintWriter out = res.getWriter();
String name = req.getRemoteUser(); // ask the server
if(name == null) {
System.out.println("The system administrator should protect" +
" this page.");
}
else {
out.println("This user was authorized by the server:" + name);
VisitTracker visit = VisitTracker.getInstance();
Date last = visit.lastVisit(name);
if(last == null) out.println("Welcome, you were never here before");
else out.println("Your last visit was on " + last);
visit.addVisit(name);
}
}
}
7) Use this as a singleton.
// Servlet collaboration can be done through a shared object.
// Any servlet has access to this object and it only has one
// instance.
// It maintains a hash table of names and dates.
// Sections of code that must not be executed simultaneously
// are called critical sections. Java provides the synchronized
// keyword to protect these critical sections. For a synchronized
// instance method, Java obtains an exclusive lock on the class
// instance.
import java.util.*;
public class VisitTracker {
private Map nameDatePairs;
private static VisitTracker instance = new VisitTracker();
private VisitTracker() { // private constructor
nameDatePairs = new HashMap();
}
public static VisitTracker getInstance() { return instance; }
synchronized public void addVisit(String userName) {
nameDatePairs.put(userName, new Date());
}
synchronized public Date lastVisit(String name) {
Date d = (Date)nameDatePairs.get(name);
return d;
}
}
8) Use this as your index.jsp page.
<%@page contentType="text/html" pageEncoding="UTF-8"%>
The UserAuthorzationDemo index.jsp page
9) Use the following sun-web.xml. Note the user names and the role.
You need to assign these names to passwords by using the administrator
console.
/UserAuthorizationProject
student
Mike
Jethro
Keep a copy of the generated servlet class' java code.
10) Try to deploy and visit the JSP and servlet.