A Simple Web Application: RMB

Web application RMB implements the functionality of a simple message board. It maintains a list of messages accessible from a browser. A user can view the posted messages, post a new message or remove an existing message. There is no security mechanism built into this application (yet). Although a user is asked to enter his or her name while posting a message, this is only for displaying the author's name. All users are allowed to post and any user can delete a message.

The source files and compilation scripts of RMB are available in the directory tree rooted at rmb within srcjsbookch9 directory of the bundled software. Refer to Listing 9-1 for the RMB directory structure and individual filenames.

Compile the RMB source files by running command "javac rmb*.java" from rmbWEB-INFclasses directory and deploy the Web application by copying the directory tree rooted at rmb to webapps directory and point your browser to http://localhost:8080/rmb. You should get the start page of RMB, generated by index.jsp. Figure 9-4 illustrates the main elements of the screens created by different JSPs and flow of control within the application. Try posting and removing messages to become familiar with the application behavior.

Now that we have RMB up and running and we understand its internal design, let us identify its security requirements and satisfy them. We will not present the source code of this Web application, as it doesn't introduce any security concept.