95-702 Notes on Running a Servlet with User Authentication Hands On Exercise In this exercise we will configure a web server to demand a user name and password from visitors. If a visitor is new then our servlet will report that. If a visitor has visited before then our servlet will report on the time of the last visit. Week 2 of Class =============== 1) Run NetBeans. 2) Choose Services/Servers/GlassFish V3/ Right Click and Start server. 3) Choose Services/Servers/GlassFish V3/ Right Click and View Admin Console. 4) Choose Security/Realms/File/Manage Users enter two users with passwords. 5) Return to NetBeans and use the following web.xml file. NameInThisFile UserAuthorizationDemo NameInThisFile /UserAuthorizationDemo/* index.jsp SomeProtection /UserAuthorizationDemo/* GET student BASIC file student 6) Use the following servlet. import java.io.*; import java.util.*; import javax.servlet.*; import javax.servlet.http.*; public class UserAuthorizationDemo extends HttpServlet { public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { res.setContentType("text/plain"); PrintWriter out = res.getWriter(); String name = req.getRemoteUser(); // ask the server if(name == null) { System.out.println("The system administrator should protect" + " this page."); } else { out.println("This user was authorized by the server:" + name); VisitTracker visit = VisitTracker.getInstance(); Date last = visit.lastVisit(name); if(last == null) out.println("Welcome, you were never here before"); else out.println("Your last visit was on " + last); visit.addVisit(name); } } } 7) Use this as a singleton. // Servlet collaboration can be done through a shared object. // Any servlet has access to this object and it only has one // instance. // It maintains a hash table of names and dates. // Sections of code that must not be executed simultaneously // are called critical sections. Java provides the synchronized // keyword to protect these critical sections. For a synchronized // instance method, Java obtains an exclusive lock on the class // instance. import java.util.*; public class VisitTracker { private Map nameDatePairs; private static VisitTracker instance = new VisitTracker(); private VisitTracker() { // private constructor nameDatePairs = new HashMap(); } public static VisitTracker getInstance() { return instance; } synchronized public void addVisit(String userName) { nameDatePairs.put(userName, new Date()); } synchronized public Date lastVisit(String name) { Date d = (Date)nameDatePairs.get(name); return d; } } 8) Use this as your index.jsp page. <%@page contentType="text/html" pageEncoding="UTF-8"%> The UserAuthorzationDemo index.jsp page
Only authorized visitors please

9) Use the following sun-web.xml. Note the user names and the role. You need to assign these names to passwords by using the administrator console. /UserAuthorizationProject student Mike Jethro Keep a copy of the generated servlet class' java code. 10) Try to deploy and visit the JSP and servlet.