Re: HTTP authentication in a servlet?

Thu, 6 May 1999 05:03:59 -0700 

Hi !!

I have tried this and it works fine.
Here is a pice of code:


  public void doGet(HttpServletRequest req, HttpServletResponse res) throws
ServletException, IOException

      {
      try{

          if( ! authenticated(req,res) )

               {
                res.setHeader("WWW-Authenticate","Basic realm=\"Welcome to
this page\" ");
                res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
               }
              else


                   //do something if authentication succedeed

                      ....
                   }

    }



 private boolean authenticated(HttpServletRequest req,HttpServletResponse
resp) throws ServletException,IOException




         String header=req.getHeader("Authorization");
         if (header==null) return false;
         String enc=header.substring(6);
         String user=new String();
         String passwd=new String();
         sun.misc.BASE64Decoder b64d=new sun.misc.BASE64Decoder();

         String decodedstring=new String( b64d.decodeBuffer(enc) );


         if(decodedstring == null ) return false;
         if(decodedstring.indexOf(":") == -1 ) return false;
         user=decodedstring.substring(0,decodedstring.indexOf(":"));
         passwd=decodedstring.substring(decodedstring.indexOf(":")+1);

         //check user and passwd if valid return true;

              else retrurn false;

    }

Thats all. About server interference i have a JavaWebServer and no problem
encountered.


p.s. If something goes wrong please let me know.

Best wishes,
                            Andras.

-----Original Message-----
From: Oliver Springauf <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, May 06, 1999 1:49 PM
Subject: HTTP authentication in a servlet?


>Hi,
>
>assume I want a basic user authentication for my servlet application
>and I already have the allowed users with their privileges in the
>underlying database. Now, instead of synchonizing the web server's
>access control list with these user lists, couldn't I just let my
>servlet do the authentication? I'm thinking about the basic HTTP
>method, with "401" response and challenge ..., via
>HttpServletResponse.setHeader().
>
>Will my web server interfere with this? Has anyone tried this?
>Thanks,
>
>--
>Oliver Springauf
>

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

Reply via email to