ff3 ls0 ws5">First, judge the existence or overdue of the session:
HttpSession session =request.getSession ();
if (session.getAttribute (“tokenuser”) == null) {
request.setAttribute (“logout”, “true”);
dispatcher = request.getRequestDispatcher
(“/login.jsp”) ;}
Second, begin to verify the token number.
First, assign the token number named passCode to the
user, then verify by the authUser () method. If the verifi-
cation passed, the program will turn to result.jsp, else if
the token number got is incorrect 3 times, the program
will turn to the log in page login.jsp.
AuthUserBean user = (AuthUser Bean)
Copyright © 2012 SciRes. OJAppS
B. B. XIA, Y. P. DONG
Copyright © 2012 SciRes. OJAppS
179
session.getA t t ribute (“toke n user”);
user.setPassCode (passCode);
User = manager.authUser (user);
if (user.getStatus () ==0){
dispatcher = request.getRequestDispatcher (“/result.jsp”);
dispatcher.forwar d (request, response);}
else if (user.getStatus () ==1&&user.getCount () <3) {
dispatcher = request.getRequestDispatcher (“/login.jsp”);
dispatcher.forward (request, response) ;}
2.4. Web.xml File
The content that needs to be configured in web.xml is as
below:
<Web-app>
<Servlet>
<servlet-name>MainController</servlet-name>
<servlet-class>servlet.MainController</servlet-class>
<Init-param>
<param-name>path</param-name>
<Param-value>
D:\\userlogin\\WEB-INF\\classes\\rsa_api.properties
</param-value>
</init-param>
</servlet>
<Servlet-mapping>
<servlet-name>MainController</servlet-name>
<url-pattern>/servlet.do</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>servlet.do</welcome-file>
</welcome-file-list>
</web-app>
2.5. Application Resources
The main part of the file rsa_api.properties is as follows:
#RSA verification necessary file path created at the
server port:
SDCONF_TYPE=FILE
SDCONF_LOC=D:\\userlogin\\sdconf.rec
SDSTATUS_LOC=D:\\userlogin\\JAStatus.1
#RSA verification file path after the first success dis-
path between the server and the WEB server:
SDNDSCRT_TYPE=FILE
SDNDSCRT_LOC=D:\\userlogin\\securid
#WEB server log path:
RSA_LOG_TO_CONSOLE=NO
RSA_LOG_TO_FILE=YES
RSA_LOG_FILE=D:\\userlogin\\rsa_api.log
RSA_LOG_LEVEL=INFO
3. Conclusion
The process of two-factor authentication of user identity
can be achieved through the dynamic password provided
by RSA token. The reliability of v erification is improved
and all user information verified will be stored in the
system for later use [6]. Through the process of token
code validation, the accuracy of user identity is guaran-
teed thus to enhance the system security. It can be seen
as a practical solution.
4. Acknowledgements
I would like to express my deepest gratitude to Tian Rui,
who helped me a lot to complete this paper. Second, I
will extend my heartfelt gratitude to teacher Dong You
ping that helped me a lot during my work.
REFERENCES
[1] RSA Laboratories, “PKCS #15 v1.0: Cryptographic To-
ken Information Format Standard [S]”.
[2] H. Krawczyk, M. Bellare and R. Canetti, “HMAC:
Keyed-Hasing for Message Authentication [S],” 1997.
[3] International Organization for Standardisation (ISO),
“JTX 1/SC17.ISO/IEC 7816 Identification Cards-Inte-
grated Circuit(s) Cards with Contacts [S]”.
[4] Y.-L. Wei, H. Zhu and B. Qiu, “Authentication Technol-
ogy Research of Information Safety Based Dual Factor,”
Journal of Shandong University, Vol. 40, No. 3, 2005.
[5] V. Chopra and J. Eaves, “Jsp Programming,” Posts and
Telecom Press, Beijing, 1999.
[6] M.-H. Xu, “Java Web Integrate Development and Project
Design,” Posts and Telecom Press, Beijing, 2010.