Our professor decided to give us a really hard assignment in our 2nd week in the course. I really have no clue where to start.
Requirements
Writing reusable code to check a user name and password can be a challenging task. Three major things can change between one password checker and another.
• How the user name and password is obtained. This could be via a textual prompt asking for a user name and password or a graphical user interface with boxes to enter the user name and password and a button to submit them for verification.
• How the list of user names and password is stored. The simplest solution is to create a class which knows all of the user names and passwords and tells you whether you have the correct password for a user name. This is not a good solution, since the class has to be modified and the program recompiled every time we add or delete a user or when a user changes their password. A better solution is to store all of this information in a file so that the file can be edited and the program will read the file to pick up any changes.
• How the passwords are stored. The simplest technique is to store the passwords in plain text. This makes them easy for anyone to read, which is a big problem. A better solution is to use an encryption algorithm which renders the stored passwords to anyone who might find them.
We will start off by creating a class called PasswordChecker with the following methods:
class PasswordChecker
{
/**
* Display prompt and get user name and password from the user.
* Return true if we actually got a user name and password to
* verify.
*/
boolean getUserNameAndPassword() { … }
/**
* This will verify the password against a list of passwords and
* return true if the user name and password combination is valid.
*/
boolean verifyPassword(String username, String password){ … }
}
Of course, your PasswordChecker can contain any other methods and constructors you need and whatever variables you might need to make the class function properly.
Since the PasswordChecker could be deployed in an environment which uses a textual or graphical interface or stores its passwords in different locations we have to make the class configurable. To do this we will use a properties file. The class java.util.Properties has the method getProperty(String key) which can be given a key and will return the value associated with that key. These keys and values can be stored in a file in the format:
key1=value1
key2=value2
key3=value3
…
The Properties class has a method load(InputStream is) which will load the file and then you can use getProperty() to get the value for any property in the table.
We can use the property file to configure our password checker by using the following keys and values:
PasswordSolicitor=GUI or TEXT
PasswordStorage=CLASS or FILE
PasswordLocation=className or filename
PasswordEncryptionClass=className
The PasswordChecker class can read the property file when it starts up and configure itself appropriately.
Storing a user name and password in a file can also be done using property files as long a we say that the equals sign cannot be used as part of a user name. Encryption of passwords is a bit trickier, but we will use a simple algorithm. The ASCII character set consists of 256 characters which are really represented as numbers from 0 .. 255. This means we can treat a char as a number and add 10 to it and modulus 255 of the result. This will give us a letter which is shifted 10 higher and wraps around if necessary. The result will be unreadable, although a professional cryptanalyst could break our cipher in minutes.
The last thing we have to know is how to create a class if we only know the name of the class as a string. Normally, we just type the name of a class into our program and compile it. What do we do if we do not know the name of the class until run-time? There is a class called java.lang.Class which actually can represent any class. It has a method forName(String className) which takes a fully qualified class name and returns a Class object representing that class. Once we have a Class object, we can call the newInstance() method which will create a new instance of that class using the parameterless constructor for the class to create it.
Deliverables
You will submit a complete NetBeans project directory that is ready to load and run. The subdirectory should contain a configuration file called passwd.properties, a plain text password file called plain_passwd.properties and an encrypted password file called enc_passwd.properties.