[JBoss-dev] [Design of JBoss/Tomcat Integration] - tomcat-5.0.27 authentication/authorization

Mon, 24 Jan 2005 08:18:29 -0800 


Can I change authorization parameters in code?

I found this:

"1. Check whether there is an Authorization header. If there is
no such header, go to Step 2. If there is, skip over the word
"basic" and reverse the base64 encoding of the remaining part.
This results in a string of the form username:password. Check
the username and password against some stored set. If it
matches, return the page. If not, go to Step 2.

2. Return a 401 (Unauthorized) response code and a header of
the following form:
WWW-Authenticate: BASIC realm="some-name"
This response instructs the browser to pop up a dialog box telling
the user to enter a name and password for some-name, then
to reconnect with that username and password embedded in a
single base64 string inside the Authorization header."

Also if <auth-method>BASIC</auth-method> then 
request.getHeader("Authorization"); return something like this "Basic 
YWRtaW46YWRtaW4=" (this is for admin:admin ), but if 
<auth-method>FORM</auth-method> then request.getHeader("Authorization"); 
return null.
Where is it? In session?

I use this for decoding:
String authorization = request.getHeader("Authorization");
String userInfo = authorization.substring(6).trim();
BASE64Decoder decoder = new BASE64Decoder();
String nameAndPassword =
  new String(decoder.decodeBuffer(userInfo));
int index = nameAndPassword.indexOf(":");
String user = nameAndPassword.substring(0, index);
String password = nameAndPassword.substring(index+1);

I try with admin:admin and with sun.misc.BASE64Encoder make encode, and with 
response.setHeader("Authorization", "Basic YWRtaW46YWRtaW4="), but nothing 
happen and I can't get secure pages?

So, can I /addchange authorization parameters in code or server can only do 
this? 



View the original post : 
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3863390#3863390

Reply to the post : 
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3863390


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
JBoss-Development mailing list
JBoss-Development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-development

Reply via email to