Homework AWT: Secure Passwords Safe


The students will realize a (small) JSF project for the course of Advanced Web Technologies (AWT). This project will be realized in groups of two students. If a class contains an odd number of students, one student will make the project alone.
We want to provide a platform for generating and storing passwords in an online tool. The idea is that users need a safe to store all their passwords. They just need to remember one single password and can access to all of them.
Your system will provide a way for a user to log-in the system. The password for the system should be stored hashed and salted inside the database. You will then use this secret password (not stored in the database) to encrypt all other passwords. So that the database administrator has no possiblity to see any of the passwords. The passwords are encrypted inside the user's browser using a new JSF-Component that you have to write. The password is never stored inside the server.

What you have to do


You have to write a JSF-program for a user
  • A person can register inside the system as a new user (giving just a username and a password)
  • The system must allow a user to log-in and change his or her password (for your application).
  • A user can see a list of all the accounts he / she has
  • An account can be opened, the password is displayed
  • One can create a new account having at least the following properties: title, web site, username, password. At least the password must be encrypted with the user's password or another secret key.
  • One can edit or remove an existing account
    You have to provide a "password generator" that provides random generated passwords.
  • Write a new component, that makes the encryption of the password in the browser of the user.
  • The system must be internationalized. (translation like: "FR_Send_FR" is accepted).
You can use user's password to encrypt all the other passwords. Be carefull, to change all the passwords, when the user changes his or her own password for your application.


You do not need to reinvente the wheel, moreover cryptography is quite complicated. So you will use a library for cryptography.


You have to give:
  • a small report (max 10 pages) explaining your architecture. You will present the structure of your program, and the interesting points in your work. This report will start from the very general presentation and present more details, it does not need to go deep in details. You have to present your project to the reader.
  • Source code of your project. This code MUST contain comments. The names of variables, classes and methods have to be readable (no l1, l2, a3).
  • The program must be written in JSF
  • You will provide a virtual machine for the test, that the professor will download. The virtual machine could be based on the system you received at the beginning of the JSF course. You will send the Virtual Machine to the professor using the same system he used to send you the example system: SWITCHfilesender
  • You must fill-out the information at the top of the following document (your names, the site URL-address plus the usernames and pwds of two users) and handle the professor together with the report by the day of the deadline.
    Evaluation Form
    In the report, you must indicate how to test your system, and how the database can be consulted (to verify the passwords).
  • You should deliver both the report and the evaluation form per mail at the address of the professor.
  • Deadline: Friday November 18, 2016