1 Introduction
1.1 Purpose
Shimmer is the program that provides the signup sheets used to select a project, among other things. It also can administer surveys, maintain rosters, and count votes. Modifications will be done to allow Kerberos user authentication by secure certificate. Also the following functionality will be added:
- Signup allowed only by preauthorized users in the password file;
- Any authorized Eos/Unity realm user should be allowed to sign up.
- Anonymous usage allowed;
- Anyone can sign up anonymously, but has to "create an account" to do so;
- Scope
The administrator page will be modified to allow the administrator to set the type of login for a particular assignment as per the types in section 1.1. The extensions will not give the user any control over the type of login.
1.3 Background
Shimmer is a program that allows an administrator to create assignments so that users can: select projects, review projects, submit projects, etc. It also maintains reports the administrator can view based on surveys, rosters, user signups, and vote counts.
1.4 Documentation
The source code for Shimmer may be found at:
/afs/eos.ncsu.edu/project/csc/ctoolkit/Shimmer/Shimmer.1.2/src.
The modified source files will be:
- Assignment.java
- AssignmentInfo.java
- AssignmentServlet.java
- LoginServlet.java
- DataModel.java
- PropertyPanel.java
- MainAppletWindow.java
1.5 Standards
Kerberos version 4.0 wil be used for Eos/Unity user authentication. Java 1.2.2 will be used to implement the Shimmer extensions.
2 System Architecture
The above figure illustrates the interaction among the various files involved in Shimmer authentication. The authentication option submitted by MainAppletWindow determines the value of the authentication parameter written to the AssignmentInformation file.
On submittal of LoginPage.html, the LoginServlet will read the authentication parameter and perform the corresponding type of authentication.
3 System Requirements
The system requirements are:
- Allow Kerberos user authentication by secure certificate;
- Signup allowed only by preauthorized users in the password file;
- Any authorized Eos/Unity realm user should be allowed to sign up;
- Anonymous usage allowed.
- Anyone can sign up anonymously, but has to "create an account" to do so;
3.1Detailed Requirements
3.1.1Details
- The user-name and password that is submitted in the login page will be sent across the network using HTTPS. These will then be authenticated by kerberos against their realm user-id/password.
- If the administrator has set the assignment authentication type to be such that preauthorized users, whose names are present in the password file, are allowed to login for this particular assignment. Accordingly when the html file is submitted, the java servlet authenticates the user against an entry in the password file.
- If the administrator has set the assignment authentication type to be such that Eos/Unity users are allowed to login for this particular assignment. Accordingly when the html file is submitted, the java servlet authenticates the user using kerberos authentication.
- If the administrator has set the assignment authentication type to be such that anonymous users are also allowed to login. Accordingly when the html file is submitted, the java servlet checks if the user name is set to “anonymous”, and if so, then allows the user to proceed.
- If the administrator has set the assignment authentication to allow anonymous login, with the pre-condition that the user must create an account. Accordingly when the html file is submitted, the java servlet creates a new account for this user, by making an entry in the password file.
Note that points 4 & 5 and also 2 & 3 are mutually exclusive.
3.1.2Testing requirements
For each of the above requirements, a test case will be created. This test case will require a new assignment to be created with each of the above authentication types, and accordingly, valid/invalid/anonymous user-names/passwords will be entered for each test case.