3.1 A Banking Account Example

This section introduces an online banking application that will be used to familiarize you with Struts. The example presented here is not complete, but it provides an overview of the major components that are present in all Struts applications and shows how those components fit together. A more comprehensive and thorough shopping-cart example will be used throughout the rest of the book.

Most people are familiar with the concept of online banking, so we won't spend too much time explaining the business requirements. In short, the online banking application will allow an end user to log in to the financial institution's web site, view account information, and transfer funds from one account to another (assuming the user has more than one account). The user must present a valid set of credentials to enter the site—in this case, an access number and a personal identification number (PIN).

If the user leaves one or both fields blank, the application will display a formatted message informing the user that both fields are required. If the user enters values for both fields but the authentication fails, the login screen will be redisplayed, along with a formatted error message informing the user that the login has failed. Figure 3-1 shows the online banking login screen after an invalid login attempt has been detected.

Figure 3-1. Login screen for the online banking application

figs/jstr_0301.gif

If the proper credentials are entered for an account, the user is taken to the account information screen. This screen shows all of the accounts that the user has with the financial institution, as well as the current balance for each account.

For this example, we are not going to provide a robust, full-fledged security service and security realm. Handling security in a web application can be complicated, and there's no reason to muddy the waters with it at the moment. For the purposes of this chapter, we'll use a simple Java interface that contains a single login( ) method to authenticate users. The authentication interface is shown in Example 3-1.

Example 3-1. The IAuthentication interface used by the banking application
package com.oreilly.struts.banking.service;
 
import com.oreilly.struts.banking.view.UserView;
/**
 * Provides methods that the banking security service should implement.
 */
public interface IAuthentication {
  /**
   * The login method is called when a user wants to log in to
   * the online banking application.
   * @param accessNumber- The account access number.
   * @param pin- The account private id number.
   * @returns a DTO object representing the user's personal data.
   * @throws InvalidLoginException if the credentials are invalid.
   */
  public UserView login( String accessNumber, String pin )
    throws InvalidLoginException;
}

The IAuthentication interface contains a very simple login( ) method, which takes the accessNumber and pin from the login page. If the authentication is successful, a com.oreilly.struts.banking.view.UserView object is returned. If the login is unsuccessful, an InvalidLoginException is thrown.

The UserView is a simple JavaBean that can be stored within the user's session and used to display customer-specific content in the application. Although it's not completely relevant to the current discussion, the source listing for the UserView will be shown later in the chapter.

The com.oreilly.struts.banking.service.SecurityService class is shown in Example 3-2. It implements the IAuthentication interface from Example 3-1 and allows the application to authenticate users. We are not going to authenticate against a security realm for this example, so the SecurityService class will contain hardcoded logic to authenticate users.

Example 3-2. The security service used by the example banking application
package com.oreilly.struts.banking.service;
 
import com.oreilly.struts.banking.view.UserView;
/**
 * Used by the example banking application to simulate a security service.
 */
public class SecurityService implements IAuthentication {
 
  public UserView login( String accessNumber, String pin ) 
    throws InvalidLoginException {
 
    // A real security service would check the login against a security realm.
    // This example is hardcoded to let in only 123/456.
    if( "123".equals(accessNumber) && "456".equals(pin) ){
      /* Dummy a UserView for this example.
       * This data/object would typically come from the business layer
       * after proper authentication/authorization had been done.
       */
      UserView userView = new UserView( "John", "Doe" );
      userView.setId( "39017" );
      return userView;
    }
    else {
      // If the login method is invalid, throw an InvalidLoginException.
      // Create a msg that can be inserted into a log file.
      String msg = "Invalid Login Attempt by " + accessNumber + ":" + pin;
      throw new InvalidLoginException( msg );
    }
  }
}

For this example application, we will authenticate the user only if the accessNumber entered is "123" and the pin entered is "456".

If the SecurityService were being used in a real application, it would have to check the credentials against some type of security realm, such as a relational database or an LDAP server.

Once the user has logged in successfully, she may perform one of three actions:

·         View an account detail

·         Transfer funds from one account to another (if the user has two or more accounts)

·         Log out

Figure 3-2 shows the account information screen to which the user is taken after a successful login. The user can view detailed information about an account by clicking on that account. Figure 3-3 shows the account detail screen for the checking account listed in Figure 3-2.

Figure 3-2. The account information screen

figs/jstr_0302.gif

Figure 3-3. The account detail screen

figs/jstr_0303.gif

The user also can transfer funds from one account to another by clicking on the Transfer button next to the account from which she wants to transfer the funds. As the purpose of this chapter is to familiarize you with the components of the Struts framework, not to teach you the correct functionality of a web banking application, the funds-transfer functionality will not actually be implemented here (feel free to implement it as a practical exercise if you'd like!). Finally, the user may log out of the application altogether by clicking on the Logout button. When she does so, she will be logged out of the application and returned to the login screen.