This will get the browser to put up it's authentication panel (pretty low
grade as it's just a base64 encode)
<snip>
// The user is unauthorized to access this page.
// Setting this status code will cause the browser
// to prompt for a login
resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
// Set the authentication realm
resp.setHeader("WWW-Authenticate",
"BASIC realm=\"" + _Realm + "\"");
</snip>
This will get the return and decode it. There are lots of examples of this
in the archives of this discussion group.
<snip>
// Get the authorization header
String encodedAuth = req.getHeader("Authorization");
// The only authentication type we understand is BASIC
if (!encodedAuth.toUpperCase().startsWith("BASIC")) {
return null;
}
// Decode the rest of the string which will be the
// username and password
String decoded = Decoder.base64(encodedAuth.substring(6));
// We should now have a string with the username and
// password separated by a colon
int idx = decoded.indexOf(":");
if (idx < 0) {
return null;
}
String user = decoded.substring(0, idx);
String password = decoded.substring(idx + 1);
</snip>
A quick search of Archives:
http://archives.java.sun.com/archives/servlet-interest.html
should show you similar results.
Thor HW
----- Original Message -----
From: Marty Halvorson <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, January 13, 2000 12:47 PM
Subject: Using HTTP user authentication
> Maybe I'm just dense, but, having read the appropriate RFC's for HTTP and
> HTTP Authentication, having searched and been unable to find anything that
> explained how to use the built in HTTP Authentication, I still don't
> understand it.
>
> Can anybody help? A bit of sample code would be an added bonus.
>
> The part I really don't understand is how to tell the browser that a user
> name and password are necessary to get to this resource. But, the rest is
> pretty vague also.
>
>
> Remember: Being Young Takes Years of Practice
>
> Peace
>
> Marty Halvorson
> New Mexico Supreme Court
> Administrative Office of the Courts
> Judicial Information Division
> [EMAIL PROTECTED]
>
>
___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
