CPRG 352 Web Application Programming

ASSIGNMENT #1 – Servlet-based Application

Problem

You are asked to create a Java web application called ShopList. This application will allow users to create a shopping list of items they want to buy. Users will each have to log in to the system before they can create a list, and users who have not logged in will not be allowed to create a shopping list.

The solution you create for this assignment must use only servlets for both UI output, and data processing. You will create individual sessions (HttpSession) for each user to hold his/her username, and the list of items s/he has added to the list (as an ArrayList<String>). Both the username and the shopping list should be stored as attributes of an individual user's session.

Create three servlets in your solution:

1. LoginPage: displays the initial login form for the user, and can also display a message that is sent to it. This should be the default object in the application (users see this first when the application runs)
2. Validate: a controller which validates a given username and password. If valid, the user is sent on to the ListPage (the main page in this web application), if not then the user is sent back to LoginPage with a suitable message (see below). This servlet will also be responsible for handling user logouts
3. ListPage: the page that allows a user to create a shopping list, which will be displayed therein.

The user will also be able to log out of the application from here

Login:

LoginPage submits the username and password to Validate. For this application only a user called "user", with a password of "pass" will be considered valid. If invalid details are submitted Validate will send the user back to the login page, and have it display a message stating "Invalid username or password!". If either or both login values are missing, again the user will be sent back to the login page, this time with a message of "Both values required!"

Example 1: invalid details were provided

Example 2: required login data was not provided

If the required data is given, and is valid, then Validate will do a number of things:

• Start a HttpSession for the user
• Add the username as an attribute of the session (using the attribute name "username")
• Create an empty ArrayList<String>, and store a reference to it as another attribute in the session (called "list")
• Send the user to ListPage

ListPage:

Initially, ListPage should show as follows:

The name after "Hello, " would be the name of any valid user who has logged in (it is not hard-coded).

The form below the welcome message allows the user to add a new item to his/her shopping list. The list is initially empty, but shows the heading anyway.

Example: user adds an item to the list

Here the user has added "apples" as an item.

Example 2: user adds three more items to the list

The list shows the items in the order they were added, using alternating background colours for the rows to aid readability.

Each time a new item is to be added to the list, the form should submit the form data back to the

ListPage servlet. This will add the new item into the ArrayList<String> created in the use's session during login.

Logout:

The Logout hyperlink to the right of the welcome message in ListPage should take the user to the Validate servlet, sending it a parameter called "logout" which Validate will detect and which will cause it to destroy the user's session, and then send the user back to the login form while displaying a message stating "Logged out".

Example: user has logged in, and then logged out

Security:

Users who have not logged in should not be able to navigate directly to the ListPage. If anyone attempts to do this s/he should be sent back to the login page, which should display a message stating "Not logged in!".

Example: