Java Web Programming with Eclipse contents
Last modified March 07, 2011 10:25 am

back next

Web Application Security (continued)


(1) Persistent Sessions

By default, Tomcat caches sessions between restarts. This means that logged in users will remain logged in after restarting Tomcat. Construct and carry out an experiment to verify this.

Tomcat stores the cached session data in a file called ''SESSIONS.ser.'' Locate this file in your file system. Construct and carry out an experiment that proves this is where Tomcat stores cached session data.

(2) Class Hierarchy

Notice that User and NewsItem both contain an id member variable. Define a new class called PersistentObject that contains a single member variable called id of type long and with protected access. Create getter and setter methods for this member variable. Remove id from User and NewsItem, and have these two classes extend PersistentObject. Test that your application functions correctly with this change.

(3) Elimination of Redundant Code

Study the classes UserDAO and NewsItemDAO for the presence of redundant code. Devise a means to move this redundancy into their parent class DataAccessObject. Implement and test your design.

(4) User Account Management

Add user account management functionality to the publisher application that allows the user with username admin to list, view, create, edit and delete user accounts. Follow the architecture presented in the chapter on item management. Modify the security filter to permit only the admin user to access this new functionality.

back next

Copyright 2007-2009 David Turner and Jinseok Chae. All rights reserved.