Version 16 (modified by wouter, 5 years ago) ( diff )

--

AccountServer

The AccountServer is a very lightweight apache tomcat application that builds on top of the AccountManager to build a set of web pages allowing internet based account handling. Remember to set the accountdatabase env variable if you use this, see AccountManager.

Core functionality

The core of the AccountServer is the Account servlet. It has four modes

  • GET: this returns a json structure {"name":username, "id":userid} with the current user name and id. It returns error 500 if the user is not logged in.
  • POST: this is a login request. Extra data to be send is a NamePassword structure which basically is {'name':XXX, 'password':YYY} json structure. As long as the browser does not start a new session (this depends on the browser but usually this means "staying on the same page") the user stays logged in.
  • PUT: this is a register request. Extra data to be send is a NamePasswordEmail structure which basically is {'name':XXX, 'password':YYY, 'email':ZZZ} json structure. The email can be empty. This creates a new account if the name.
  • DELETE. this is a reset-password request. This takes just the user name (string) and mails the user a new password. This fails with error 500 if the user does not exist or did not set his email properly.

Webpage files

If you run this on a tomcat server, the startpage is http://localhost:8080/accountserver/. You get a login prompt

https://tracinsy.ewi.tudelft.nl/pubtrac/Utilities/raw-attachment/wiki/AccountServer/login.png

To register, you click on the register button, after which you get this

https://tracinsy.ewi.tudelft.nl/pubtrac/Utilities/raw-attachment/wiki/AccountServer/register.png

If you log in with valid name/pass you get this simplistic page, suppostedly to be replaced by your own application.

https://tracinsy.ewi.tudelft.nl/pubtrac/Utilities/raw-attachment/wiki/AccountServer/loggedin.png

If you click the 'I forgot my password' you go to this

https://tracinsy.ewi.tudelft.nl/pubtrac/Utilities/raw-attachment/wiki/AccountServer/reset.png

After clicking 'reset' you will receive a mail that looks like this 

This is to inform you that a password reset was requested for user test3. 
Your new password is: 
x87vqZgW

Security

The security features of the AccountManager are inherited. But it's important that the server should be set up to require HTTPS. The password is transmitted in plain text to the server (this is the de-facto standard way to do this) and would be in plain sight for every network sniffer if HTTPS were not used.

Technical note

Firefox appears to create a new session every time you go to a different HTML page, but keeps the same session if you go to a JSP page on the same server. So you should stick with JSP if you want firefox to operate nicely.

Attachments (4)

Download all attachments as: .zip

Note: See TracWiki for help on using the wiki.