CS320 HW2

Homework 2
CS320, Spring 2011

Due: Thursday, April 21

Please upload your files to CSNS. The files should include all the source code, documentation (optional), and an HTML file hw2.html which contains a link to your application deployed on the CS3 server. Note that file uploading will be disabled automatically after 11:59PM of the due date, so please turn in your work on time.

[Readings]

Textbook Chapter 8-12.

[CS320Answers]

In this assignment you are going to continue to work on the application CS320Answers. All features described in Homework 1 must work properly; otherwise there will be a credit penalty of up to 60%.

1. (40pt) Security.

Implement security so that all users can view questions and answers, but only authenticated users (i.e. users who have already logged in) can post questions and answers. In particular, your implementation must meet the following requirements:

Whenever a user tries to post a question or an answer, the application should first check whether the user is already logged in. If not, the user should be redirected to a login page where they must provide a valid username and the corresponding password.
User authentication must happen on the server side, i.e. you cannot use JavaScript to validate the username/password on the client side.
Once a user is authenticated, a session is created so the user won't be asked for username and password repeatedly. A user may choose to log out, in which case the session should be terminated. For session tracking, you must use Servlet Session Tracking API.
Two user accounts should be pre-created for testing purposes:

Username cysun with password abcd

Username cs320stu31 with password abcd

Note that a few changes must be made to the user interface as part of the security implementation:

A Logout link or button should be shown after a user is logged in, and if a user clicks Logout, he or she will be logged out and redirected to the question list page.
The name of the user is no longer needed when a user posts a question or an answer, because the user would have already signed in and the server should keep track the user information.

2. (50pt) Vote on Answers.

An authenticated user may give an answer a positive vote (i.e. 1) or a negative vote (i.e. -1) depending on whether the user thinks the answer is helpful or not. Each user can only give one vote to an answer, though the user is allowed to change the vote at any time. A user may not vote on their own answers.

Answers for a question should be displayed in descending order of the sum of their votes. Answers with the same vote sum should be ordered by the time they are posted in descending order.

To receive full credit for this exercise, the user interface for voting on answers should be intuitive and easy to use.