From 176f942f48b3eac24fb7630ed6ffa7558d3b45c6 Mon Sep 17 00:00:00 2001
From: Chanaka Sandaruwan <49502187+chanakas1995@users.noreply.github.com>
Date: Sun, 15 Aug 2021 17:30:12 +0530
Subject: [PATCH 1/2] Create authentication example

---
 .../my-web-app1/src/main/webapp/index.jsp     | 12 ++++++++--
 .../my-web-app1/src/main/webapp/login.jsp     | 23 +++++++++++++++++++
 2 files changed, 33 insertions(+), 2 deletions(-)
 create mode 100644 CL-BSCSD-22-03/my-web-app1/src/main/webapp/login.jsp

diff --git a/CL-BSCSD-22-03/my-web-app1/src/main/webapp/index.jsp b/CL-BSCSD-22-03/my-web-app1/src/main/webapp/index.jsp
index 2ea3277..973c360 100644
--- a/CL-BSCSD-22-03/my-web-app1/src/main/webapp/index.jsp
+++ b/CL-BSCSD-22-03/my-web-app1/src/main/webapp/index.jsp
@@ -14,6 +14,11 @@
         <title>JSP Page</title>
     </head>
     <body>
+        <%
+            String username = request.getParameter("username");
+            String password = request.getParameter("password");
+            if ((username != null) && (password != null) && (username.equals("admin")) && (password.equals("123"))) {
+        %>
         <table border="1">
             <thead>
                 <tr>
@@ -31,13 +36,16 @@
                 %>
                 <tr>
                     <td><%= p.getNic()%></td>
-                    <td><%= p.getName() %></td>
+                    <td><%= p.getName()%></td>
                     <td><%= p.getDateOfBirth()%></td>
                     <td><%= p.getGender()%></td>
                     <td><%= p.getMobile()%></td>
                 </tr>
-                <% } %>
+                <% }%>
             </tbody>
         </table>
+        <% } else {
+                response.sendRedirect("login.jsp");
+            }%>
     </body>
 </html>
diff --git a/CL-BSCSD-22-03/my-web-app1/src/main/webapp/login.jsp b/CL-BSCSD-22-03/my-web-app1/src/main/webapp/login.jsp
new file mode 100644
index 0000000..f8849a2
--- /dev/null
+++ b/CL-BSCSD-22-03/my-web-app1/src/main/webapp/login.jsp
@@ -0,0 +1,23 @@
+<%-- 
+    Document   : login
+    Created on : Aug 15, 2021, 4:59:23 PM
+    Author     : Chanaka
+--%>
+
+<%@page contentType="text/html" pageEncoding="UTF-8"%>
+<!DOCTYPE html>
+<html>
+    <head>
+        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+        <title>JSP Page</title>
+    </head>
+    <body>
+        <form action="index.jsp" method="POST">
+            <label>Username :</label>
+            <input type="text" name="username"><br/>
+            <label>Password :</label>
+            <input type="password" name="password"><br/>
+            <input type="submit" value="Login">
+        </form>
+    </body>
+</html>

From 05f6c73b0be2fc53ba48921704e167458c74898a Mon Sep 17 00:00:00 2001
From: Chanaka Sandaruwan <49502187+chanakas1995@users.noreply.github.com>
Date: Sun, 29 Aug 2021 12:35:10 +0530
Subject: [PATCH 2/2] Create session base authentication

---
 .../my-web-app1/src/main/java/oop/Utill.java  | 47 +++++++++++++++++--
 .../my-web-app1/src/main/webapp/index.jsp     | 24 ++++++----
 .../my-web-app1/src/main/webapp/login.jsp     |  9 ++++
 .../my-web-app1/src/main/webapp/logout.jsp    | 10 ++++
 4 files changed, 77 insertions(+), 13 deletions(-)
 create mode 100644 CL-BSCSD-22-03/my-web-app1/src/main/webapp/logout.jsp

diff --git a/CL-BSCSD-22-03/my-web-app1/src/main/java/oop/Utill.java b/CL-BSCSD-22-03/my-web-app1/src/main/java/oop/Utill.java
index 21428db..855d568 100644
--- a/CL-BSCSD-22-03/my-web-app1/src/main/java/oop/Utill.java
+++ b/CL-BSCSD-22-03/my-web-app1/src/main/java/oop/Utill.java
@@ -5,8 +5,14 @@
  */
 package oop;
 
+import java.net.HttpCookie;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.UUID;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 
 /**
  *
@@ -14,13 +20,44 @@
  */
 public class Utill {
 
-    public List<Person> getPersons() {
+    public static List<Person> getPersons() {
         List<Person> persons = new ArrayList<>();
-        persons.add(new Person("Roshan","54657","0715236589","1990-05-26","Male"));
-        persons.add(new Person("Amali","98414","0774582658","1986-08-15","Female"));
-        persons.add(new Person("Sudath","63874","0782463598","1970-04-02","Male"));
-        persons.add(new Person("Hasini","25896","0725896354","1991-10-20","Female"));
+        persons.add(new Person("Roshan", "54657", "0715236589", "1990-05-26", "Male"));
+        persons.add(new Person("Amali", "98414", "0774582658", "1986-08-15", "Female"));
+        persons.add(new Person("Sudath", "63874", "0782463598", "1970-04-02", "Male"));
+        persons.add(new Person("Hasini", "25896", "0725896354", "1991-10-20", "Female"));
         return persons;
     }
 
+    public static boolean authenticate(HttpServletRequest request, HttpServletResponse response, HttpSession session) {
+        String username = request.getParameter("username");
+        String password = request.getParameter("password");
+        if ((username != null) && (password != null) && (username.equals("admin")) && (password.equals("123"))) {
+            String newSessionId = UUID.randomUUID().toString();
+            session.setAttribute("session_id", newSessionId);
+            Cookie newCookie = new Cookie("session_id", newSessionId);
+            response.addCookie(newCookie);
+            return true;
+        } else {
+            try {
+                Cookie sessionCookie = null;
+                Cookie[] cookies = request.getCookies();
+                for (Cookie cookie : cookies) {
+                    if (cookie.getName().equals("session_id")) {
+                        sessionCookie = cookie;
+                    }
+                }
+                if (sessionCookie != null) {
+                    String sessionId = session.getAttribute("session_id").toString();
+                    if (sessionId.equals(sessionCookie.getValue())) {
+                        return true;
+                    }
+                }
+                return false;
+            } catch (NullPointerException e) {
+                return false;
+            }
+        }
+    }
+
 }
diff --git a/CL-BSCSD-22-03/my-web-app1/src/main/webapp/index.jsp b/CL-BSCSD-22-03/my-web-app1/src/main/webapp/index.jsp
index 973c360..25b5b95 100644
--- a/CL-BSCSD-22-03/my-web-app1/src/main/webapp/index.jsp
+++ b/CL-BSCSD-22-03/my-web-app1/src/main/webapp/index.jsp
@@ -15,9 +15,8 @@
     </head>
     <body>
         <%
-            String username = request.getParameter("username");
-            String password = request.getParameter("password");
-            if ((username != null) && (password != null) && (username.equals("admin")) && (password.equals("123"))) {
+
+            if (Utill.authenticate(request, response, session)) {
         %>
         <table border="1">
             <thead>
@@ -31,8 +30,7 @@
             </thead>
             <tbody>
                 <%
-                    Utill utill = new Utill();
-                    for (Person p : utill.getPersons()) {
+                    for (Person p : Utill.getPersons()) {
                 %>
                 <tr>
                     <td><%= p.getNic()%></td>
@@ -41,11 +39,21 @@
                     <td><%= p.getGender()%></td>
                     <td><%= p.getMobile()%></td>
                 </tr>
-                <% }%>
+                <%
+                    }
+                %>
             </tbody>
         </table>
-        <% } else {
+        <br>
+        <br>
+        <br>
+        <form action="logout.jsp" method="POST">
+            <input type="submit" value="Logout" />
+        </form>
+        <%
+            } else {
                 response.sendRedirect("login.jsp");
-            }%>
+            }
+        %>
     </body>
 </html>
diff --git a/CL-BSCSD-22-03/my-web-app1/src/main/webapp/login.jsp b/CL-BSCSD-22-03/my-web-app1/src/main/webapp/login.jsp
index f8849a2..e890cb3 100644
--- a/CL-BSCSD-22-03/my-web-app1/src/main/webapp/login.jsp
+++ b/CL-BSCSD-22-03/my-web-app1/src/main/webapp/login.jsp
@@ -4,8 +4,14 @@
     Author     : Chanaka
 --%>
 
+<%@page import="oop.Utill"%>
 <%@page contentType="text/html" pageEncoding="UTF-8"%>
 <!DOCTYPE html>
+<%
+    if (Utill.authenticate(request, response, session)) {
+        response.sendRedirect("./");
+    } else {
+%>
 <html>
     <head>
         <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
@@ -21,3 +27,6 @@
         </form>
     </body>
 </html>
+<%
+    }
+%>
diff --git a/CL-BSCSD-22-03/my-web-app1/src/main/webapp/logout.jsp b/CL-BSCSD-22-03/my-web-app1/src/main/webapp/logout.jsp
new file mode 100644
index 0000000..360eeaa
--- /dev/null
+++ b/CL-BSCSD-22-03/my-web-app1/src/main/webapp/logout.jsp
@@ -0,0 +1,10 @@
+<%-- 
+    Document   : logout.jsp
+    Created on : Aug 29, 2021, 12:17:48 PM
+    Author     : Chanaka
+--%>
+
+<%
+    session.invalidate();
+    response.sendRedirect("./login.jsp");
+%>