Hi Andras,
thanks for the java code which checks for the authentication.
Where can I get some info or whitepapers or articles on this
encoding and decoding protocol. Looks great.
Rgds,
Raj.
On Thu, 6 May 1999, Balogh Andras wrote:
|Hi !!
|
|I have tried this and it works fine.
|Here is a pice of code:
|
|
| public void doGet(HttpServletRequest req, HttpServletResponse res) throws
|ServletException, IOException
|
| {
| try{
|
| if( ! authenticated(req,res) )
|
| {
| res.setHeader("WWW-Authenticate","Basic realm=\"Welcome to
|this page\" ");
| res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
| }
| else
|
|
| //do something if authentication succedeed
|
| ....
| }
|
| }
|
|
|
| private boolean authenticated(HttpServletRequest req,HttpServletResponse
|resp) throws ServletException,IOException
|
|
|
|
| String header=req.getHeader("Authorization");
| if (header==null) return false;
| String enc=header.substring(6);
| String user=new String();
| String passwd=new String();
| sun.misc.BASE64Decoder b64d=new sun.misc.BASE64Decoder();
|
| String decodedstring=new String( b64d.decodeBuffer(enc) );
|
|
| if(decodedstring == null ) return false;
| if(decodedstring.indexOf(":") == -1 ) return false;
| user=decodedstring.substring(0,decodedstring.indexOf(":"));
| passwd=decodedstring.substring(decodedstring.indexOf(":")+1);
|
| //check user and passwd if valid return true;
|
| else retrurn false;
|
| }
|
|Thats all. About server interference i have a JavaWebServer and no problem
|encountered.
|
|
|p.s. If something goes wrong please let me know.
|
|Best wishes,
| Andras.
|
|-----Original Message-----
|From: Oliver Springauf <[EMAIL PROTECTED]>
|To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
|Date: Thursday, May 06, 1999 1:49 PM
|Subject: HTTP authentication in a servlet?
|
|
|>Hi,
|>
|>assume I want a basic user authentication for my servlet application
|>and I already have the allowed users with their privileges in the
|>underlying database. Now, instead of synchonizing the web server's
|>access control list with these user lists, couldn't I just let my
|>servlet do the authentication? I'm thinking about the basic HTTP
|>method, with "401" response and challenge ..., via
|>HttpServletResponse.setHeader().
|>
|>Will my web server interfere with this? Has anyone tried this?
|>Thanks,
|>
|>--
|>Oliver Springauf
|>
|
|___________________________________________________________________________
|To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
|of the message "signoff SERVLET-INTEREST".
|
|Archives: http://archives.java.sun.com/archives/servlet-interest.html
|Resources: http://java.sun.com/products/servlet/external-resources.html
|LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
|
_ +=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+ _
/ )| Rajalingam R.A. | Email: |( \
/ / | Software Engineer,| [EMAIL PROTECTED] | \ \
_( (_ | _Wipro Global R&D | [EMAIL PROTECTED] | _) )_
(((\ \>|-/()----------------+----------------------()\-|</ /)))
(\\\\ \|/ / Hello:- 91-80-2241730 Extn: 3323 \ \|/ ////)
\ ^ /=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\ ^ /
\ _/ \_ /
/ / \ \
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
