CS320 HW2

Homework 2
CS320, Winter 2012

Due: Tuesday, February 7

Please upload your files to CSNS. The files should include all the source code, documentation (optional), and an HTML file hw2.html which contains a link to your application deployed on the CS3 server. Note that file uploading will be disabled automatically after 11:59PM of the due date, so please turn in your work on time.

[Readings]

Textbook Chapter 8-12.

[CS320Wiki]

In this assignment you are going to continue to work on the application CS320Wiki. All features described in Homework 1 must work properly; otherwise there will be a credit penalty of up to 60%.

The features to be implemented in this assignment are demonstrated in this video. Note that the user interface of your wiki should be the same as the one shown in the video.

1. (50pt) Security.

Implement security so that all users can view existing wiki pages, but only authenticated users (i.e. users who have already logged in) can create or edit wiki pages. In particular, your implementation must meet the following requirements:

Whenever a user tries to create or edit a wiki page, the application should first check whether the user is already logged in. If not, the user should be redirected to a login page where they must provide a valid username and the corresponding password.
User authentication must happen on the server side, i.e. you cannot use JavaScript to validate username/password on the client side.
Once a user is authenticated, a session is created so the user won't be asked for username and password repeatedly. A user may choose to log out, in which case the session should be terminated. For session tracking, you must use Servlet Session Tracking API.
Two user accounts should be pre-created for testing purposes:

Chengyu Sun with username cysun and password abcd

John Doe with userrname jdoe with password abcd

Note that a few changes must be made to the user interface as part of the security implementation:

A Login/logout link should be shown when a wiki page is displayed. The link should show Login if the user has not logged in yet, and Logout if the user is already logged in.
After a user logs in (or logs out), the user should be redirected to the wiki page index.
The name of the user is no longer needed when a user creates or edits a wiki page, because the user would have already logged in and the server should keep track the user information.

2. (50pt) Page Editing and Revisions

A user may edit any wiki page, including the index page. Note that each edit of a page creates a new revision of the page, and the wiki application should keep track of all the revisions for each page. Specifically, you must implement the follow features in this assignment:

When a wiki page is displayed, an Edit link should be shown at the top of the page. Clicking on this link allows a user to edit the content of the wiki page. Note that the edit form should be pre-filled with the current content of the page.
When a wiki page is displayed, a Revisions link should be shown at the top of the page. Clicking on this link allows a user to see the list of revisions this page went through. A user may click on a revision to see the content of that revision.