CST8218 Assignment 2
Group size: 2-5, with the following requirements depending on the size of the group:
2 members: Authentication and Testing
3 members: Authentication, Testing, and a React page
4 members: Authentication, Testing, React page, Java Swing Client or Mobile (that does something additional/different from the given Java swing client)
5 members: Authentication, Testing, React page, Java Swing Client and Mobile (that does something additional/different from the given Java swing client)
Due Date: See Brightspace for due dates of submission and demonstration
Objective: Add security constraints to protect both the JSF pages and the RESTful API of your Assignment 1 solution. (Use the attached SpriteBase project if you have no Assignment 1 solution.)
Methodology:
• Implement an admin area with JSF pages to manage the appuser table, which contains the accounts for the application (re-use Lab 4).
• Practice applying Basic Authentication to the address-book application
• Start by adding a user to the file realm and testing with that user
• Then, add the @DatabaseIdentityStoreDefinition annotation to a class in your project (which one?) in order to test with users in your appuser table
• Apply Basic Authentication to your Sprite application JSF pages
• Base the authentication on the accounts in your appuser table
• Test both successful and unsuccessful authentication
• Test both successful and unsuccessful authorization
• Apply Basic Authentication to your Sprite application RESTful API
• Base the authentication on the accounts in your appuser table
• Test both successful and unsuccessful authentication with Postman
• Test both successful and unsuccessful authorization with Postman
• Add a login form (username/password) to your JSF pages to do Form Authentication
• After you have tested Form Authentication, switch back to Basic Authentication
• Both JSF pages and RESTful resources can be protected with Basic Authentication
Requirements:
• The RESTful interface works as specified in Assignment 1, except now it is secured. (NO RESTful API is required for the AppUser entities.)
• Ensure your code has appropriate implementation comments.
• User administration area to manage users for your Sprite project (re-use Lab4).
• Lock down the application with authentication of users to the application, so that in order to use the JSF pages or the RESTful interface, the user must have been added to the database with the right group:
• RESTful resources accessible only to group RestGroup
• JSF Sprite Pages accessible only to group JsfGroup
• Admin group can access both of the above, and JSF admin area pages
• Other users cannot access any of the above
• Implement some meaningful unit tests using Junit
• Implement some meaningful Selenium tests
• (Groups of 3 or more): Implement a React Page that displays the position and speed information for the list of Sprites (making changes to sprites though the React page is not required)
• (Groups of 4) Implement a Java Swing Client that can make some sort of change to a sprite; OR implement a Mobile Application that displays the position and speed information for the list of Sprites (making changes through the Mobile app is not required)
• (Groups of 5) Implement a Java Swing Client that can make some sort of change to a sprite; AND implement a Mobile Application that displays the position and speed information for the list of Sprites (making changes through the Mobile app is not required)
Grading Criteria:
20% Deduction from the total grade for each missing group-size-related component
Examples:
• A group of three with no React page: -20%
• A group of four with no React page and no Swing or Mobile client: -40%
Submission 10/
AppUsers functionality merged into the Sprite project: 2
Password Hashing: (included in 2 marks above)
RESTful resources accessible only to group RestGroup: 2
JSF Pages accessible only to group JsfGroup: 2
Admin group can access both and AppUser table (included in 4 marks above for JSF and RESTful)
Other users cannot access either (included in 4 marks above for JSF and RESTful)
Implementation comments:
Comments in all files added or changed: 4
Demo 10/
Be prepared to show source code, and answer questions about your work to get the full marks listed below
Show that the source code is under control with git
Actually ready: 2 (app running, admin console running, Netbeans running, users added, and Postman running with correct URL)
Run app showing users with hash passwords: 2
Show Postman request successful: 2
JSF request fail: 2
Demo Testing: 2
Demo Group-related feature to avoid deduction
Submission
Demonstrate your final secured Sprite program to your Lab Instructor, and submit a zipped archive of the Netbeans project folder(s) using the Brightspace link provided. Please use only zip, and do NOT use .7zip, or .rar formats for the submitted archive.