The document describes a Java application focusing on file writing, email sending, and a login interface, authored by Eric and Jim. It outlines implementing security controls based on NIST guidelines, including unsuccessful login attempts, notifications, and multi-factor authentication. The requirement is to enhance the login application with specified security features, provide documentation, and demonstrate successful execution through code screenshots.

1. FileWrite.javaFileWrite.java/*
* To change this license header, choose License Headers in Pro
ject Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package filewrite;
import java.io.BufferedWriter;
import java.io.FileWriter;
import java.io.IOException;
/**
* @description This program will write text to a file and save t
he file in the
* project's root directory.
* @author Eric
*/
publicclassFileWrite{
/**
* @param args the command line arguments
*/
publicstaticvoid main(String[] args){
// declaring variables of text and initializing the buffered writer
String txt ="Hello World.";
BufferedWriter writer =null;
// write the text variable using the bufferedwriter to testing.txt
try{
writer =newBufferedWriter(newFileWriter("testing.txt")
);
writer.write(txt);

2. }
// print error message if there is one
catch(IOException io){
System.out.println("File IO Exception"+ io.getMessage());
}
//close the file
finally{
try{
if(writer !=null){
writer.close();
}
}
//print error message if there is one
catch(IOException io){
System.out.println("Issue closing the File."+ io.getMessage());
}
}
}
}
JavaMail.javaJavaMail.java/*
* To change this license header, choose License Headers in Pro
ject Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package javamail;
import java.util.Properties;
import javax.mail.Message;
import javax.mail.MessagingException;
import javax.mail.PasswordAuthentication;
import javax.mail.Session;
import javax.mail.Transport;

3. import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;
/**
* @description This program uses Java to send emails over the
SSL protocol.
* @author Eric
*/
publicclassJavaMail{
/**
* @param args the command line arguments
*/
publicstaticvoid main(String[] args){
Properties props =newProperties();
props.put("mail.smtp.host","smtp.gmail.com");
props.put("mail.smtp.socketFactory.port","465");
props.put("mail.smtp.socketFactory.class",
"javax.net.ssl.SSLSocketFactory");
props.put("mail.smtp.auth","true");
props.put("mail.smtp.port","465");
Session session =Session.getDefaultInstance(props,
new javax.mail.Authenticator(){
protectedPasswordAuthentication getPasswordAuthentication(){
returnnewPasswordAuthentication("username","password");
}
});
try{
Message message =newMimeMessage(session);
message.setFrom(newInternetAddress("[email protected
]"));
message.setRecipients(Message.RecipientType.
TO,

4. InternetAddress.parse("[email protected]"));
message.setSubject("Testing Subject");
message.setText("Dear Mail Crawler,"+
"nn No spam to my email, please!");
Transport.send(message);
System.out.println("Done");
}catch(MessagingException e){
thrownewRuntimeException(e);
}
}
}
loginApp.javaloginApp.java/*
* To change this license header, choose License Headers in Pro
ject Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package loginApp;
import javafx.application.Application;
import javafx.event.ActionEvent;
import javafx.event.EventHandler;
import javafx.geometry.Pos;
import javafx.scene.Scene;
import javafx.scene.control.Button;
import javafx.scene.control.Label;
import javafx.scene.control.PasswordField;
import javafx.scene.control.TextField;
import javafx.scene.layout.GridPane;
import javafx.scene.paint.Color;
import javafx.scene.text.Text;

5. import javafx.stage.Stage;
/**
*
* @author jim Adopted from Oracle's Login Tutorial Applicati
on
* https://docs.oracle.com/javafx/2/get_started/form.htm
*/
publicclass loginApp extendsApplication{
@Override
publicvoid start(Stage primaryStage){
primaryStage.setTitle("My Login App");
// Grid Pane divides your window into grids
GridPane grid =newGridPane();
// Align to Center
// Note Position is geometric object for alignment
grid.setAlignment(Pos.CENTER);
// Set gap between the components
// Larger numbers mean bigger spaces
grid.setHgap(10);
grid.setVgap(10);
// Create some text to place in the scene
Text scenetitle =newText("Welcome. Login to continue.");
// Add text to grid 0,0 span 2 columns, 1 row
grid.add(scenetitle,0,0,2,1);
// Create Label
Label userName =newLabel("User Name:");
// Add label to grid 0,1
grid.add(userName,0,1);
// Create Textfield
TextField userTextField =newTextField();

6. // Add textfield to grid 1,1
grid.add(userTextField,1,1);
// Create Label
Label pw =newLabel("Password:");
// Add label to grid 0,2
grid.add(pw,0,2);
// Create Passwordfield
PasswordField pwBox =newPasswordField();
// Add Password field to grid 1,2
grid.add(pwBox,1,2);
// Create Login Button
Button btn =newButton("Login");
// Add button to grid 1,4
grid.add(btn,1,4);
finalText actiontarget =newText();
grid.add(actiontarget,1,6);
// Set the Action when button is clicked
btn.setOnAction(newEventHandler<ActionEvent>(){
@Override
publicvoid handle(ActionEvent e){
// Authenticate the user
boolean isValid = authenticate(userTextField.getText(), pwBox.
getText());
// If valid clear the grid and Welcome the user
if(isValid){
grid.setVisible(false);
GridPane grid2 =newGridPane();
// Align to Center
// Note Position is geometric object for alignment
grid2.setAlignment(Pos.CENTER);

7. // Set gap between the components
// Larger numbers mean bigger spaces
grid2.setHgap(10);
grid2.setVgap(10);
Text scenetitle =newText("Welcome "+ userTextField.getText()
+"!");
// Add text to grid 0,0 span 2 columns, 1 row
grid2.add(scenetitle,0,0,2,1);
Scene scene =newScene(grid2,500,400);
primaryStage.setScene(scene);
primaryStage.show();
// If Invalid Ask user to try again
}else{
finalText actiontarget =newText();
grid.add(actiontarget,1,6);
actiontarget.setFill(Color.FIREBRICK);
actiontarget.setText("Please try again.");
}
}
});
// Set the size of Scene
Scene scene =newScene(grid,500,400);
primaryStage.setScene(scene);
primaryStage.show();
}
/**
* @param args the command line arguments
*/
publicstaticvoid main(String[] args){
launch(args);
}
/**
* @param user the username entered

8. * @param pword the password entered
* @return isValid true for authenticated
*/
publicboolean authenticate(String user,String pword){
boolean isValid =false;
if(user.equalsIgnoreCase("servadmin")
&& pword.equals("foxtrot_1980")){
isValid =true;
}
return isValid;
}
}
Use the attached file for this assignment!
The following security controls need to be applied to the
application (check the NIST Security Controls Database for
details, description and guidance for each control:
• AC-7 - UNSUCCESSFUL LOGON ATTEMPTS
• AC-8 - SYSTEM USE NOTIFICATION
• AU-3 - CONTENT OF AUDIT RECORDS
• AU-8 - TIME STAMPS
• IA-2(1) IDENTIFICATION AND AUTHENTICATION
(ORGANIZATIONAL USERS) | NETWORK ACCESS TO
PRIVILEGED ACCOUNTS (Note this is an enhancement of an
existing low-impact security control)
• Select one additional low-impact security control and
implement it. This can be an enhancement or a required low-
impact security control. Selecting a control that provides
documentation as opposed to code changes is also acceptable
and encouraged.

9. Pointers:
a. Start with the baseline Login Application and add methods
(or additional classes) as needed to comply with each of the
security controls.
b. You will need to make some decisions for your
implementation for the security audit/log files format.
c. For the multi-factor authentication, keep it simple. One
approach is to send an email to the user with a security code.
Then, have them check their email and enter the code. If the
code matches, they are properly authenticated.
d. There are examples for using JavaMail and writing to files in
the materials for this week. Be sure to use those as needed.
e. Pay attention to the details of the NIST database description
and make sure all of the selected security controls for this
project are fully implemented.
Deliverables:
Provide your security fixed Java source code along with a PDF
document describing how you addressed each security control.
For example, you should list the security control and the
descriptions and show and describe the code that addresses the
security control. You should also provide screen shots and
descriptions of the successful executing the code and the
resultant output as applied to each security control. Be sure to
submit all of your Java source code if you used multiple classes.
Your code should be well-documented with comments, include
header comments, use proper variable and naming conventions
and properly formatte