Re: HTTP authentification with servlets??

Thu, 30 Dec 1999 00:34:22 -0800 

----------------------------------------------------------------
BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
WHEN YOU POST, include all relevant version numbers, log files,
and configuration files.  Don't make us guess your problem!!!
----------------------------------------------------------------


"Voigt, Ulrich" wrote:
> 

> Hello,
> 
> is it possible to use the HTTP authentification with servlets? 

Here's a couple methods from a class I use. You may have to widen
your display to see it. Also check Jason Hunter's book "Java
Servlet Programming", published by O'Reily.

Before you deliver content you can check for the authentication header

/** 
 * Get the encoded username:password string sent by a client's browser
 * and return it.
 * @return the Base64 encoded username:password if possible or null if
not.
 */
public static String getUserpassBasic(HttpServletRequest req) 
    throws ServletException, IOException
{      
    // check for proper Authorization header and return 0 if not found
    String header = req.getHeader("Authorization");
    if(header == null || !header.toUpperCase().startsWith("BASIC"))
        return null;
    
    String userpass = null;
    try {
        userpass = header.substring(6);
    }
    catch(Exception e){
        throw new IOException(req.getRemoteAddr()+" invalid userpass:
"+e.toString());
    }
    return userpass;
}

Then decode it and check the user and password. If it fails call the
method below.

/**
 * Send an msg to the client's browser telling it that it has to
Authenticate
 * itself to access the realm. This will bring up a Dialog box in the
browser
 * containing fields for Username and Password.
 * @param authtype is the Authorization type - usually "BASIC".
 * @param realm is the name of the database table containing the user,
realm info.
 * @param res is used to send the headers and msg back to the cleint's
browser.
 */
public static void sendAuthHeader(String authtype, String realm, 
HttpServletResponse res) throws ServletException, IOException
{
    StringBuffer sb = new StringBuffer(80);
        
    sb.append(authtype);
    sb.append(" realm=\"");
    sb.append(realm);
    sb.append('\"');
       
    res.setHeader("WWW-Authenticate", sb.toString());
    sb = null;
    res.sendError(401);
}

--Mark Ashworth


--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
Archives and Other:  <http://java.apache.org/main/mail.html>
Problems?:           [EMAIL PROTECTED]

Reply via email to