Question

Option 1: Authentication System

For security-minded professionals, it is important that only the appropriate people gain access to data in a computer system. This is called authentication. Once users gain entry, it is also important that they only see data related to their role in a computer system. This is called authorization. For the zoo, you will develop an authentication system that manages both authentication and authorization. You have been given a credentials file that contains credential information for authorized users. You have also been given three files, one for each role: zookeeper, veterinarian, and admin. Each role file describes the data the particular role should be authorized to access. Create an authentication system that does all of the following:

  



 

 

You are

Asks the user for a username
Asks the user for a password
Converts the password using a message digest five (MD5) hash

o It is not required that you write the MD5 from scratch. Use the code located in this document and follow the comments in it to perform this operation.

Checks the credentials against the valid credentials provided in the credentialsfile

o Usethehashedpasswordsinthesecondcolumn;thethirdcolumncontainstheactualpasswordsfortestingandthefourthrowcontains the role of each user.

Limits failed attempts to three before notifying the user and exiting the program
Gives authenticated users access to the correct role file after successfulauthentication

o The system information stored in the role file should be displayed. For example, if a zookeeper’s credentials is successfully authenticated, then the contents from the zookeeper file will be displayed. If an admin’s credentials is successfully authenticated, then the contents from the admin file will be displayed.

Allows a user to log out
Stays on the credential screen until either a successful attempt has been made, three unsuccessful attempts have been made, or a user chooses to exit

allowed to add extra roles if you would like to see another type of user added to the system, but you may not remove any of the existing roles.

Specifically, the following critical elements must be addressed:

I.

Process Documentation: Create process documentation to accompany your program that addresses all of the followingelements:

Problem Statement/Scenario: Identify the program you plan to develop and analyze the scenario to determine necessary consideration for

building your program.

Overall Process: Provide a short narrative that shows your progression from problem statement to breakdown to implementation strategies. In other words, describe the process you took to work from problem statement (your starting point) to the final product. Your process description should align to your end resulting program and include sufficient detail to show the step-by-step progress from your problem statement analysis.

Pseudocode: Break down the problem statement into programming terms through creation of pseudocode. The pseudocode should demonstrate your breakdown of the program from the problem statement into programming terms. Explain whether the pseudocode differs from the submitted program and document any differences and the reason forchanges.

Methods and Classes: Your pseudocode reflects distinct methods and classes that will be called within the final program. If the pseudocode differs from the submitted program, document the differences and reason for changes.

Error Documentation: Accurately document major errors that you encountered while developing yourprogram.

Solution Documentation: Document how you solved the errors and what you learned from them.

Program: Your working program should include all of the specified requirements. The comments within your program will count toward the assessment of the documentation aspects of your submission.

A. Functionality

Input/Output: Your program reads input from the user and uses system output.

Control Structures: Your program utilizes appropriate control structures for program logic.

Libraries: Your program utilizes standard libraries to pull in predefined functionality.

Classes Breakdown: Your program is broken down into at least two appropriateclasses.

Methods: Your program utilizes all included methods correctly within the classes.

Error Free: Your program has been debugged to minimize errors in the final product. (Your program will be run to determine functionality.)

AI.

B. Best Practices: These best practices should be evident within your working program and process documentation.

Formatting Best Practices: Provide program code that is easy to read and follows formatting best practices as defined by the industry,

such as with indentation.

Documentation Best Practices: Include comments where needed within the program in appropriate detail for communicating purpose, function, and necessary information to other information technology (IT) professionals.

Coding Best Practices: Ensure your program supports clean code through descriptive variablenames.

Answer 1

/ import library files import java.io.BufferedReader; import java.io.FileReader; import java.io. IOException; import java.io.InputStreamReader; import java.security.MessageDigest; import iava.securitv.NoSuchAlgorithmException: import java.util.Scanner; // Create a class Secretproc public class Secretproc // main method public static void main (String[ args) throws IOException Call login ) method to get login login // login) method for user login public static void login) /7 Declare variables String userPassword int flag0, attempts 3; // Create an object of BufferedReader class as buffer //user and read data from a file to accept input from BufferedReader buffer new BufferedReader (new System. out.println("\nLogin") try InputstreamReader (System.in)); do t

attempts System. out.println ("Enter Username") string user buffer.readLine) System. out.println("Enter Password"); String password = buffer.readLine(); reate t he object 'md' for the MessageDigest class to convert // password in md5 MessageDigest message - MessageDigest.getInstance("MD5") message.update (password.getBytes )) byte bytes message.digest) // Create the object for String stringBuilder sb new StringBuilder ) for (int j 0; j< bytes.length; j++) sb.append (Integer.tostring (bytes [j] & Oxff) 0x100, 16) substring (1)); userPassword sb.toString ) String currentline; // create object of BufferedReader to Open credentials.txt file BufferedReader filenew BufferedRe ader (new Fİ IeRea der ( "CRE DENT IALS . txt " ) ) ; // Check the username and password from the file Read the each line from the file

while ((currentLine - file.readLine ()) !- null) // split the line where the tab İs present string arrcurrentLine.split (" /7 Check for username if (ar [0].equals (user)) // Check password matches or not if (arr [1].equals (user Password)) flag1; break; file.close() Checks if the user enters more then 3 attempts if (attempts O) System.out.println ("You are attempted to login more then three times") System. out.println ("Exiting.. ."); System.exit (1); // If username and password is true if (flag1) /7 Call adminScreen () method admin) break; // If invalid username and passw else System.out.println ("Invalid Username or Password.")

System. out.println ("Please try again.") System.out.println (attempts+" more attemptes left. \n") Jwhile (attempts>0) catch (NoSuchAlgorithmException exp) exp.printStackTrace ) catch (IOException exp) exp.printstackTrace) // Create adminScreen public static void admin( method string signOut; // Create object of Scanner class to accept input from the user Scanner scan= new scanner (syster. in); System.out.println(" InWelcome Admin"); System. out.println("Press 999 for log out\n") // Accept data from the user do sign Out = scan.nextLine(); while(signout.equals("999")); To exit from user Screen if(signOut.equals ("999")) // Call login () method login) /Iclose the scanner object scan.close)

Sample Output:

Login

Enter Username
xyz
Enter Password
aaaaa
Invalid Username or Password.
Please try again.
2 more attemptes left.

Enter Username
rosario.dawson
Enter Password
animal doctor
Hello, System Admin!

As administrator, you have access to the zoo's main computer system. This allows you to monitor users in the system and their roles.
Press 999 for log out

999

Login
Enter Username
bruce.grizzlybear
Enter Password
letmein
Hello, System Admin!

As administrator, you have access to the zoo's main computer system. This allows you to monitor users in the system and their roles.
Press 999 for log out

999

Login
Enter Username

Sample Output 2:

Login
Enter Username
abc
Enter Password
123
Invalid Username or Password.
Please try again.
2 more attemptes left.

Enter Username
abc
Enter Password
124
Invalid Username or Password.
Please try again.
1 more attemptes left.

Enter Username
abc
Enter Password
125
You are attempted to login more then three times
Exiting...

credentials.txt

griffin.keyes 108de81c31bf9c622f76876b74e9285f "alphabet soup" zookeeper

rosario.dawson 3e34baa4ee2ff767af8c120a496742b5 "animal doctor" admin

bernie.gorilla a584efafa8f9ea7fe5cf18442f32b07b "secret password" veterinarian

donald.monkey 17b1b7d8a706696ed220bc414f729ad3 "M0nk3y business" zookeeper

jerome.grizzlybear 3adea92111e6307f8f2aae4721e77900 "grizzly1234" veterinarian

bruce.grizzlybear 0d107d09f5bbe40cade3de5c71e9e9b7 "letmein" admin

Code to copy:

//import statements

import java.io.BufferedReader;

import java.io.FileReader;

import java.io.IOException;

import java.io.InputStreamReader;

import java.security.MessageDigest;

import java.security.NoSuchAlgorithmException;

import java.util.Scanner;

//Create a class Authentication

public class Secretproc

{

// main() method

public static void main(String[] args) throws IOException

{

// Call loginScreen() method

loginScreen();

}

// loginScreen() method for user login

public static void loginScreen()

{

// Declare variables

String genPwd = "";

int flag = 0, attempts = 3;

// Create an object 'br' for BufferedReader class to accept data from

// user and read data from a file

BufferedReader br = new BufferedReader(new InputStreamReader(System.in));

System.out.println("\nLogin");

try {

do {

attempts--;

System.out.println("Enter Username");

String uName = br.readLine();

System.out.println("Enter Password");

String pwd = br.readLine();

// Create the object 'md' for the MessageDigest class to convert

// password in md5

MessageDigest md = MessageDigest.getInstance("MD5");

md.update(pwd.getBytes());

byte[] bytes = md.digest();

// Create the object for String

StringBuilder sb = new StringBuilder();

for (int j = 0; j < bytes.length; j++)

{

sb.append(Integer.toString((bytes[j] & 0xff) + 0x100, 16).substring(1));

}

genPwd = sb.toString();

//System.out.println("Password entered by you:" + genPwd);

String currentLine;

// Open credentials.txt file

BufferedReader bin = new BufferedReader(new FileReader("credentiail.txt"));

// Check the username and password from the file

// Read the each line from the file

while ((currentLine = bin.readLine()) != null)

{

// Split the line where the tab is present

String[] arr = currentLine.split(" ");

// Check username

if (arr[0].equals(uName))

{

// Check password

if (arr[1].equals(genPwd))

{

flag = 1;

break;

}

}

}

// Checks if the user enters more then 3 attempts

if (attempts == 0)

{

System.out.println("You are attempted to login more then three times");

System.out.println("Exiting...");

System.exit(1);

}

// If username and password is true

if (flag == 1)

{

// Call adminScreen() method

adminScreen();

break;

}

// If invalid username and password

else

{

System.out.println("Invalid Username or Password.");

System.out.println("Please try again.");

System.out.println(attempts + " more attemptes left.\n");

}

} while (attempts>0);

}

catch (NoSuchAlgorithmException e)

{

e.printStackTrace();

}

catch (IOException e)

{

e.printStackTrace();

}

}

// Create adminScreen() method

public static void adminScreen()

{

String logOut;

// Create Scanner class object to accept data from the user

Scanner sc = new Scanner(System.in);

System.out.println("\nWelcome Admin");

System.out.println("Press 999 for log out\n");

// Accept data from the user

do

{

logOut = sc.nextLine();

} while (!logOut.equals("999"));

// If the user want to exit from admin screen

if (logOut.equals("999"))

{

// Call login screen

loginScreen();

}

}

}

1. Process Documentation: Process documentation containing all of the following elements:

A. Problem Statement/Scenario: Class Secretproc is defined to solve the problem. Problem is to make an authorized system for login. If username and password will be matched only then a user can login the system.

B. Overall Process: Problem is divided into further methods. Like a method named adminScreen() to welcome the admin of the system and to display the welcome message.

Another method loginScreen() to read the username and password from the file and read the filenames and match by the username and password entered by the user.

C. Pseudocode: Whole program is breakdown into different methods of the class.

loginScreen() method to get login in the system. For login user has to match the username and password entered by the user to the data stored in the credential.txt file.
adminScreen() method to display the message on the screen when user get login in the system.
Main() method to call other methods of the class.​​
D. Methods and Classes: class Secretproc is there that is used in the program.

Methods used in the program are loginScreen() and adminScreen() and main method.

E. Error Documentation: Errors can be occurred if file would not be created correctly.

F. Solution Documentation: Solution Document gives all the output of the program and that will be error-free.