How to code Manager to register Cashier with username and password in Java netbeans (gui) with login validation for Cashier

Question

This is a banking system and I have to create two user levels, Manager and Cashier. I have to provide username and password for manager and manager has to provide username and password for a cashier. I am not really sure how to code validation for cahsier login. This has to be coded in Java in Netbeans IDE (GUI)

Answer 1

My answer is more a series of questions and suggestions to get you to think about how to do it. Also, I cannot be very specific because you have provided very little detail in your question.

Question 1, after your manager enters the cashier details, where do you store them? In memory? In a file? In a database? Something else?

Question 2, when validating the cashier login, why would you not validate the cashier details against that database/file/memory store? The answer is you should validate your cashier logins against the place where they are stored.

Also for whatever it is worth, you should never hardcode a logon (eg the manager) into an application (not even for testing). Why?

1. There is no way to get rid of it without releasing a new version of the software.
2. It is a security risk (because of reason 1).
3. If you do it in testing, it is entirely possible that you will forget to remove it before the code is released. Then reason 2 applies.
4. There is no need for it - you can simply "seed" your user store with a single record representing the manager's login and default password (ideally with a "password has expired" indication) in your distribution or if you have an installer, prompt the person doing the setup to create the manager login during the installation process.

Therefore, the way you validate the manager's credentials will be exactly the same as everybody else.

This will (should) have the advantage of a simpler program which will be easier to maintain.

And just in case, the way you tell the difference between the manager, the cashier, a supervisor or whatever other user types that you might have (or need in the future) is via a role. In your user data store have a field that define which role the user is in (eg manager, cashier etc). Another model is "muliple fields" where you indicate that a user has that role (and thus access to the associated function or not). For example, you might have manager, supervisor, cashier, backoffice etc roles. Then just put a true/false in your user record that indicates whether that user can access the functions associated with a particular role.

Finally, your program becomes simpler because your logic is now simply

if user has manager role then display manager menu
if user has supervisor role then display supervisor menu"
etc

Note that there is no else in the above psuedo code.

Answer 2

My point is just a concern as your question needs you to have a basic understanding of Java. I am not sure whether you are storing your login details in a database or in a text file. If you store the data in a database, then you can just use the normal java validation techniques described below:

1. Get a username and a password from the cashier.
2. Select the records that match the user name and password you've entered above from the database.
3. Print a message if the number of records that you match is zero.
4. Login the cashier if the entered records match the ones stored in the database. Please refer to here for more information on connecting to the database and storing/retrieving user data using java.

Also, note that banking applications should be more secure and therefore the best practice is to store seeded hashes of the passwords and use a cryptographically strong hashing function.

In case you are saving your data in a text file, then you can refer to this sample code . You can read more about the Java Scanner Class here . You can also decide to use a map to map all users on registering and then just check the map to confirm the login details.

N/B: In all of these cases, check if the username and password fields are empty before you submit the details.

Answer 3

If this were a real application, you would store usernames and hashed-and-salted versions of the passwords on disk (or you would query them over a network), ideally using bcrypt , pbkdf2 , or another strong and upgrade-able password-hashing scheme. There are multiple open-source libraries that implement those for you.

Since this appears to be a programming exercise, the question of how you store them is probably mandated by whoever wrote it, and security may therefore be minimal.

The easiest way (which is not secure at all) of implementing this is to keep a password file around. You could, for example, use something similar to the following code:

public class InsecurePasswordStore {
    private Map<String, String> passwords = new HashMap<>();

    public void setPassword(String user, String password) {
        passwords.put(user, password);
    }

    public boolean isPasswordCorrect(String user, String password) {
        return passwords.get(user) != null && passwords.get(user).equals(password);
    }

    public void save(File file) throws IOException {
        try (PrintWriter writer = new PrintWriter(new BufferedWriter(new FileWriter(file)))) {
            for (Map.Entry<String, String> e: passwords.entrySet()) {
                writer.println(e.getKey());
                writer.println(e.getValue());
            }
        }
    }

    public void load(File file) throws IOException {
        passwords.clear();
        try (BufferedReader reader = new BufferedReader(new FileReader(file))) {
            boolean finished = false;
            while ( ! finished) {
                String user = reader.readLine();
                String password = reader.readLine();
                if (user == null || password == null) {
                    finished = true;
                } else {
                    passwords.put(user, password);
                }
            }
        }
    }

    public static void main(String[] args) throws IOException {

        InsecurePasswordStore store = new InsecurePasswordStore();
        File passwordFile = new File("secrets.txt");

        // create initial password file before first run
        store.setPassword("manager", "12345");
        store.save(passwordFile);

        // load file when the app is launched
        store.load(passwordFile);

        // check password for a user
        String badGuess = "2345";
        System.out.println("Is " + badGuess
                + " the correct password for the manager? " + store.isPasswordCorrect("manager", badGuess));
        String goodGuess = "12345";
        System.out.println("Is " + goodGuess
                + " the correct password for the manager? " + store.isPasswordCorrect("manager", goodGuess));

        // if the password was correct, set another username-password pair
        if (store.isPasswordCorrect("manager", goodGuess)) {
            store.setPassword("cashier", "abcde");
        }
        store.save(passwordFile);
    }
 }