From ba1ee2d06cb95990dd272abefb25990728ce70ec Mon Sep 17 00:00:00 2001 From: edgar Date: Mon, 20 May 2019 17:08:47 +0200 Subject: [PATCH 1/4] Login --- .../de/hsel/spm/baudas/web/LoginServlet.java | 51 +++++++++++++++++++ .../de/hsel/spm/baudas/web/LogoutServlet.java | 27 ++++++++++ src/main/webapp/preview/login.html | 9 ++-- 3 files changed, 84 insertions(+), 3 deletions(-) create mode 100644 src/main/java/de/hsel/spm/baudas/web/LoginServlet.java create mode 100644 src/main/java/de/hsel/spm/baudas/web/LogoutServlet.java diff --git a/src/main/java/de/hsel/spm/baudas/web/LoginServlet.java b/src/main/java/de/hsel/spm/baudas/web/LoginServlet.java new file mode 100644 index 0000000..819f6c4 --- /dev/null +++ b/src/main/java/de/hsel/spm/baudas/web/LoginServlet.java @@ -0,0 +1,51 @@ +package de.hsel.spm.baudas.web; + +import java.io.IOException; +import java.io.PrintWriter; + +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +@WebServlet("/LoginServlet") + +public class LoginServlet extends HttpServlet { + + //private final String username = "admin"; + private final String password = "password"; + + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + + // get request parameters for username and password + //String username = request.getParameter("username"); + String password = request.getParameter("pwd"); + + //if (this.username.equals(username) && this.password.equals(password)) { + if (this.password.equals(password)) { + //get the old session and invalidate + HttpSession oldSession = request.getSession(false); + if (oldSession != null) { + oldSession.invalidate(); + } + //generate a new session + HttpSession newSession = request.getSession(true); + + //setting session to expiry in 5 mins + newSession.setMaxInactiveInterval(5*60); + + Cookie message = new Cookie("message", "Welcome"); + response.addCookie(message); + response.sendRedirect("/index.jsp"); + } else { + RequestDispatcher rd = getServletContext().getRequestDispatcher("/login.html"); + PrintWriter out = response.getWriter(); + out.println("Das eingegebene Passwort ist falsch."); + rd.include(request, response); + } + } +} diff --git a/src/main/java/de/hsel/spm/baudas/web/LogoutServlet.java b/src/main/java/de/hsel/spm/baudas/web/LogoutServlet.java new file mode 100644 index 0000000..19a7852 --- /dev/null +++ b/src/main/java/de/hsel/spm/baudas/web/LogoutServlet.java @@ -0,0 +1,27 @@ +package de.hsel.spm.baudas.web; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +/** + * Servlet implementation class LogoutServlet + */ +@WebServlet("/web/LogoutServlet") +public class LogoutServlet extends HttpServlet { + + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + + //invalidate the session if exists + HttpSession session = request.getSession(false); + if(session != null){ + session.invalidate(); + } + response.sendRedirect(request.getContextPath() + "/loginPage.html"); + } +} diff --git a/src/main/webapp/preview/login.html b/src/main/webapp/preview/login.html index 8538999..4457556 100644 --- a/src/main/webapp/preview/login.html +++ b/src/main/webapp/preview/login.html @@ -23,15 +23,18 @@
- - lock_openLogin + +
+ + +
- + From 398909615e67207efec8e70178921ad7a90f8110 Mon Sep 17 00:00:00 2001 From: edgar Date: Thu, 23 May 2019 18:46:34 +0200 Subject: [PATCH 2/4] Login working and commented. Logout working and commented but not linked. Authentication working and commented. --- .../spm/baudas/web/AuthenticationFilter.java | 66 +++++++++++++++++++ .../de/hsel/spm/baudas/web/LoginServlet.java | 41 +++++------- .../de/hsel/spm/baudas/web/LogoutServlet.java | 19 ++++-- src/main/webapp/{preview => }/login.html | 6 +- src/main/webapp/preview/index.html | 4 +- src/main/webapp/preview/registration.html | 2 +- 6 files changed, 103 insertions(+), 35 deletions(-) create mode 100644 src/main/java/de/hsel/spm/baudas/web/AuthenticationFilter.java rename src/main/webapp/{preview => }/login.html (91%) diff --git a/src/main/java/de/hsel/spm/baudas/web/AuthenticationFilter.java b/src/main/java/de/hsel/spm/baudas/web/AuthenticationFilter.java new file mode 100644 index 0000000..a32eb27 --- /dev/null +++ b/src/main/java/de/hsel/spm/baudas/web/AuthenticationFilter.java @@ -0,0 +1,66 @@ +package de.hsel.spm.baudas.web; + +import java.io.IOException; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.annotation.WebFilter; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +/** + * Filter implementation class AuthenticationFilter. + * + * @author Edgar Schkrob + */ + +@WebFilter(urlPatterns = {"/*"}) +public class AuthenticationFilter implements Filter{ + private ServletContext context; + + /** + * Called by the web container to indicate to a filter that it is being placed into service. + * @param fConfig This parameter provides access to everything the code needs to work. + * @throws ServletException Defines a general exception a servlet can throw when it encounters difficulty. + */ + + public void init(FilterConfig fConfig) throws ServletException { + this.context = fConfig.getServletContext(); + this.context.log("AuthenticationFilter initialized"); + } + + /** + * The doFilter method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain. + * @param request This parameter provides access to everything the code needs to work. + * @param response This parameter provides access to everything the code needs to issue a response. + * @param chain This parameter allows passing request along the chain of potential handlers until one of them handles the request. + * @throws ServletException Defines a general exception a servlet can throw when it encounters difficulty. + * @throws IOException Signals that an I/O exception of some sort has occurred. This class is the general class of exceptions produced by failed or interrupted I/O operations. + */ + + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { + HttpServletRequest req = (HttpServletRequest) request; + HttpServletResponse res = (HttpServletResponse) response; + HttpSession session = req.getSession(false); + String url = req.getRequestURI(); + if(url.contains("login") || url.contains("logo") || url.contains("js/")){ + chain.doFilter(request, response); + } else if (session == null || !((boolean) session.getAttribute("authentication"))) { //checking whether the session exists and if authentication succeded + this.context.log("Unauthorized access request"); + res.sendRedirect(req.getContextPath() + "/login.html"); + } else { + chain.doFilter(request, response); + + } + } + + public void destroy() { + //close any resources here + } +} \ No newline at end of file diff --git a/src/main/java/de/hsel/spm/baudas/web/LoginServlet.java b/src/main/java/de/hsel/spm/baudas/web/LoginServlet.java index 819f6c4..e9e2e6c 100644 --- a/src/main/java/de/hsel/spm/baudas/web/LoginServlet.java +++ b/src/main/java/de/hsel/spm/baudas/web/LoginServlet.java @@ -6,41 +6,36 @@ import java.io.PrintWriter; import javax.servlet.RequestDispatcher; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; -import javax.servlet.http.Cookie; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -@WebServlet("/LoginServlet") +/** + * Servlet implementation class LoginServlet. + * + * @author Edgar Schkrob + */ +@WebServlet("/login") public class LoginServlet extends HttpServlet { - //private final String username = "admin"; - private final String password = "password"; + private final String password = "SPM2019SS"; + + /** + * This is a Servlet that manages the Login and creates Sessions. + * @param request This parameter provides access to everything the code needs to work. + * @param response This parameter provides access to everything the code needs to issue a response. + * @throws ServletException Defines a general exception a servlet can throw when it encounters difficulty. + * @throws IOException Signals that an I/O exception of some sort has occurred. This class is the general class of exceptions produced by failed or interrupted I/O operations. + */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - - // get request parameters for username and password - //String username = request.getParameter("username"); - String password = request.getParameter("pwd"); - - //if (this.username.equals(username) && this.password.equals(password)) { if (this.password.equals(password)) { - //get the old session and invalidate - HttpSession oldSession = request.getSession(false); - if (oldSession != null) { - oldSession.invalidate(); - } - //generate a new session HttpSession newSession = request.getSession(true); - - //setting session to expiry in 5 mins - newSession.setMaxInactiveInterval(5*60); - - Cookie message = new Cookie("message", "Welcome"); - response.addCookie(message); - response.sendRedirect("/index.jsp"); + newSession.setAttribute("authentication", true); + newSession.setMaxInactiveInterval(5*60*60); //setting session to expiry in 5 hours + response.sendRedirect("index.jsp"); } else { RequestDispatcher rd = getServletContext().getRequestDispatcher("/login.html"); PrintWriter out = response.getWriter(); diff --git a/src/main/java/de/hsel/spm/baudas/web/LogoutServlet.java b/src/main/java/de/hsel/spm/baudas/web/LogoutServlet.java index 19a7852..165f851 100644 --- a/src/main/java/de/hsel/spm/baudas/web/LogoutServlet.java +++ b/src/main/java/de/hsel/spm/baudas/web/LogoutServlet.java @@ -2,7 +2,6 @@ package de.hsel.spm.baudas.web; import java.io.IOException; -import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; @@ -10,18 +9,26 @@ import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; /** - * Servlet implementation class LogoutServlet + * Servlet implementation class LogoutServlet. + * + * @author Edgar Schkrob */ -@WebServlet("/web/LogoutServlet") + +@WebServlet("/logout") public class LogoutServlet extends HttpServlet { - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + /** + * This is a Servlet that manages the Logout and deletes Sessions. + * @param request This parameter provides access to everything the code needs to work. + * @param response This parameter provides access to everything the code needs to issue a response. + * @throws IOException Signals that an I/O exception of some sort has occurred. This class is the general class of exceptions produced by failed or interrupted I/O operations. + */ - //invalidate the session if exists + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { HttpSession session = request.getSession(false); if(session != null){ session.invalidate(); } - response.sendRedirect(request.getContextPath() + "/loginPage.html"); + response.sendRedirect(request.getContextPath() + "/"); } } diff --git a/src/main/webapp/preview/login.html b/src/main/webapp/login.html similarity index 91% rename from src/main/webapp/preview/login.html rename to src/main/webapp/login.html index 4457556..cf45487 100644 --- a/src/main/webapp/preview/login.html +++ b/src/main/webapp/login.html @@ -18,14 +18,14 @@
- +
-
- + +
diff --git a/src/main/webapp/preview/index.html b/src/main/webapp/preview/index.html index 31a72e1..790c14b 100644 --- a/src/main/webapp/preview/index.html +++ b/src/main/webapp/preview/index.html @@ -29,11 +29,11 @@
diff --git a/src/main/webapp/preview/registration.html b/src/main/webapp/preview/registration.html index a8705ba..98cbb0e 100644 --- a/src/main/webapp/preview/registration.html +++ b/src/main/webapp/preview/registration.html @@ -37,7 +37,7 @@
Bestätigen - Zurück + Zurück
From e24a6147a507b6e56c56876e1f74b0c09f0928f0 Mon Sep 17 00:00:00 2001 From: edgar Date: Thu, 23 May 2019 18:52:38 +0200 Subject: [PATCH 3/4] Login working and commented. Logout working and commented but not linked. Authentication working and commented. --- src/main/java/de/hsel/spm/baudas/web/AuthenticationFilter.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/de/hsel/spm/baudas/web/AuthenticationFilter.java b/src/main/java/de/hsel/spm/baudas/web/AuthenticationFilter.java index a32eb27..aa28ce4 100644 --- a/src/main/java/de/hsel/spm/baudas/web/AuthenticationFilter.java +++ b/src/main/java/de/hsel/spm/baudas/web/AuthenticationFilter.java @@ -25,7 +25,7 @@ public class AuthenticationFilter implements Filter{ private ServletContext context; /** - * Called by the web container to indicate to a filter that it is being placed into service. + * Called by the web container to indicate to a filter that it is being placed into service. This filter manages the authentication. * @param fConfig This parameter provides access to everything the code needs to work. * @throws ServletException Defines a general exception a servlet can throw when it encounters difficulty. */ From 441cf59a4fdd510030605f71446385316d532cd8 Mon Sep 17 00:00:00 2001 From: Johannes Theiner Date: Fri, 24 May 2019 07:50:49 +0200 Subject: [PATCH 4/4] ~ someone removed the password parameter Signed-off-by: Johannes Theiner #SPM-25: add work 20m testing --- .../de/hsel/spm/baudas/analysis/ShoppingTimes.java | 2 +- .../hsel/spm/baudas/web/AuthenticationFilter.java | 13 +++---------- .../java/de/hsel/spm/baudas/web/LoginServlet.java | 6 +++--- 3 files changed, 7 insertions(+), 14 deletions(-) diff --git a/src/main/java/de/hsel/spm/baudas/analysis/ShoppingTimes.java b/src/main/java/de/hsel/spm/baudas/analysis/ShoppingTimes.java index 4c4a697..ed99ee2 100644 --- a/src/main/java/de/hsel/spm/baudas/analysis/ShoppingTimes.java +++ b/src/main/java/de/hsel/spm/baudas/analysis/ShoppingTimes.java @@ -27,7 +27,7 @@ public class ShoppingTimes implements Analysis> { /** * get customer count at specific times. * - * @return Map of Day-Hour Combinations and the corresponding customer count + * @return Map of Day-Hour Combinations and the corresponding user count */ @Override public Map getResult() { diff --git a/src/main/java/de/hsel/spm/baudas/web/AuthenticationFilter.java b/src/main/java/de/hsel/spm/baudas/web/AuthenticationFilter.java index aa28ce4..d262553 100644 --- a/src/main/java/de/hsel/spm/baudas/web/AuthenticationFilter.java +++ b/src/main/java/de/hsel/spm/baudas/web/AuthenticationFilter.java @@ -1,18 +1,11 @@ package de.hsel.spm.baudas.web; -import java.io.IOException; - -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletContext; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; +import javax.servlet.*; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import java.io.IOException; /** * Filter implementation class AuthenticationFilter. @@ -51,7 +44,7 @@ public class AuthenticationFilter implements Filter{ String url = req.getRequestURI(); if(url.contains("login") || url.contains("logo") || url.contains("js/")){ chain.doFilter(request, response); - } else if (session == null || !((boolean) session.getAttribute("authentication"))) { //checking whether the session exists and if authentication succeded + } else if (session == null || !((boolean) session.getAttribute("authentication"))) { //checking whether the session exists and if authentication succeed this.context.log("Unauthorized access request"); res.sendRedirect(req.getContextPath() + "/login.html"); } else { diff --git a/src/main/java/de/hsel/spm/baudas/web/LoginServlet.java b/src/main/java/de/hsel/spm/baudas/web/LoginServlet.java index e9e2e6c..ce33667 100644 --- a/src/main/java/de/hsel/spm/baudas/web/LoginServlet.java +++ b/src/main/java/de/hsel/spm/baudas/web/LoginServlet.java @@ -1,8 +1,5 @@ package de.hsel.spm.baudas.web; -import java.io.IOException; -import java.io.PrintWriter; - import javax.servlet.RequestDispatcher; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; @@ -10,6 +7,8 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import java.io.IOException; +import java.io.PrintWriter; /** * Servlet implementation class LoginServlet. @@ -31,6 +30,7 @@ public class LoginServlet extends HttpServlet { */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + String password = request.getParameter("password"); if (this.password.equals(password)) { HttpSession newSession = request.getSession(true); newSession.setAttribute("authentication", true);