95-702 Notes on Running a Servlet with User Authentication
Hands On Exercise

   In this exercise we will configure a web server to demand a user
name and password from visitors. If a visitor is new then our 
servlet will report that. If a visitor has visited before then our
servlet will report on the time of the last visit. 

Week 2 of Class
===============

1) Run NetBeans.
2) Choose Services/Servers/GlassFish V3/ Right Click and Start server.
3) Choose Services/Servers/GlassFish V3/ Right Click and View Admin Console.
4) Choose Security/Realms/File/Manage Users enter two users with passwords.
5) Return to NetBeans and use the following web.xml file.

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
         http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
    <servlet>
        <servlet-name>NameInThisFile</servlet-name>
        <servlet-class>UserAuthorizationDemo</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>NameInThisFile</servlet-name>
        <url-pattern>/UserAuthorizationDemo/*</url-pattern>
    </servlet-mapping>
    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>SomeProtection</web-resource-name>
            <url-pattern>/UserAuthorizationDemo/*</url-pattern>
            <http-method>GET</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>student</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>file</realm-name>
    </login-config>
    <security-role>
        <role-name>student</role-name>
    </security-role>
</web-app>


6) Use the following servlet.

import java.io.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;

public class UserAuthorizationDemo extends HttpServlet {

     public void doGet(HttpServletRequest req, HttpServletResponse res)
                       throws ServletException, IOException {

    res.setContentType("text/plain");
    PrintWriter out = res.getWriter();
    String name = req.getRemoteUser();    // ask the server
    if(name == null) {
          System.out.println("The system administrator should protect" +
                                         " this page.");
    }
    else {

          out.println("This user was authorized by the server:" + name);
          VisitTracker visit = VisitTracker.getInstance();
          Date last = visit.lastVisit(name);
          if(last == null) out.println("Welcome, you were never here before");
          else out.println("Your last visit was on " + last);
          visit.addVisit(name);
      }
    }
}


7) Use this as a singleton.

// Servlet collaboration can be done through a shared object.
// Any servlet has access to this object and it only has one
// instance.
// It maintains a hash table of names and dates.

// Sections of code that must not be executed simultaneously
// are called critical sections. Java provides the synchronized
// keyword to protect these critical sections. For a synchronized
// instance method, Java obtains an exclusive lock on the class
// instance.

import java.util.*;
public class VisitTracker  {

       private Map nameDatePairs;
       private static VisitTracker instance = new VisitTracker();

       private VisitTracker() {            // private constructor
               nameDatePairs = new HashMap();
       }

       public static VisitTracker getInstance() { return instance; }

       synchronized public void addVisit(String userName) {

               nameDatePairs.put(userName, new Date());
       }
       synchronized public Date lastVisit(String name) {

              Date d = (Date)nameDatePairs.get(name);
              return d;

       }
}


8) Use this as your index.jsp page.

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd">

<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>The UserAuthorzationDemo index.jsp page</title>
    </head>

    <!-- GetForm.html -->
<body>
    <form method="get" action="UserAuthorizationDemo">
         Only authorized visitors please<p>
         <input type = "submit">
    </form>
</body>
</html>

9) Use the following sun-web.xml. Note the user names and the role.
You need to assign these names to passwords by using the administrator
console.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
<sun-web-app error-url="">
  <context-root>/UserAuthorizationProject</context-root>
  <security-role-mapping>
    <role-name>student</role-name>
    <principal-name>Mike</principal-name>
    <principal-name>Jethro</principal-name>
  </security-role-mapping>
  <class-loader delegate="true"/>
  <jsp-config>
    <property name="keepgenerated" value="true">
      <description>Keep a copy of the generated servlet class' java code.</description>
    </property>
  </jsp-config>
</sun-web-app>
 
10) Try to deploy and visit the JSP and servlet.