Homework 2
CS320,
Winter 2013
Due: Thursday, January 31
Please upload your files to CSNS.
The files should include all the source code, documentation (optional),
and an
HTML
file hw2.html
which
contains a link to your application deployed on the CS3 server. Note
that file
uploading will be disabled automatically after 11:59PM
of the due date, so please turn in your work on time.
[Readings]
[CS320Starter]
In this assignment you are
going to continue to work on the application CS320Starter. All features
described in Homework
1
must work properly; otherwise you will not receive any credit.
1. (50pt) Security.
Implement security so that all
users
can view the information about the projects,
but only authenticated users
(i.e. users who have already logged in) can create and sponsor
projects.
In particular, your implementation must meet the following
requirements:
- Whenever a user tries to
create or sponsor a project,
the application should first check whether the user is already
logged in. If not, the user should be redirected to a login page where
they must provide a valid username and the corresponding password.
- User authentication must
happen on the server side, i.e. you cannot use JavaScript to validate
username/password on the client side.
- Once a user is
authenticated, a session is created so the user
won't be asked for username and password repeatedly. A user
may choose to log out, in which case the session
should be
terminated.
For session tracking, you must use Servlet Session Tracking API.
- Two user accounts should be
pre-created for testing purposes:
- Username cysun
and
password abcd
- Userrname cs320stu31
with password abcd
Note that a few changes must be
made to the user interface as part of the security implementation:
- A Login/logout link should
be shown on each page. The link should show Login if
the user has not logged in yet, and Logout
if the user is already logged in.
- After a user logs in (or
logs out), the user should be redirected to the Project List page.
- The name of the user is no
longer needed when a user creates a project, because the
user would have already logged in
and the server
should keep track who the user is.
2. (50pt) Sponsor A Project
A link Sponsor This Project
should be shown on the Project page. When a user clicks on the link,
the application shows a form where the user can enter a dollar
amount and select a reward. Note that
- A user can only sponsor a project once. After a user sponsors
a project, the Sponsor This Project
link will no longer be shown to that
user.
- The Project List page should be change to show the funding
progress of the projects. In particular, two columns Percentage Funded and Amount Pledged should be added to
the display.