Here is a sample servlet that calls an authentication class that implements
the basic authentication method. Also, the authentication class.
I have not included the code that gets the user authentication if it's not
in the hashtable. If all requests can be serviced by compiled in users
then the hashtable can be initialized at class instantiation. Otherwise,
you'll have to provide your own code to get the user data.
import Base64;
import java.io.*;
import java.text.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class VoteOnChangeRequests extends HttpServlet
{
public void doGet(HttpServletRequest request,HttpServletResponse response)
throws IOException, ServletException
{
String uname;
AuthenticateUser a = new AuthenticateUser();
if ((uname=a.authenticate(request,response)) == null)
return;
response.setContentType("text/html");
// If you get here the user has been authenticated and uname
// contains the users identifier
}
public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws IOException, ServletException
{
doGet(request, response);
}
}
/*
* @(#)AuthenticateUser.java 1.2 99/12/16
*
* Copyright (c) 2000 by New Mexico Supreme Court - Judicial Information Division.
* All Rights Reserved.
*
* This software is provided "AS IS," without a warranty of any kind. ALL
* EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY
* IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR
* NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE
* LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING
* OR DISTRIBUTING THE SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS
* LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT,
* INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
* CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF THE USE OF
* OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGES.
*
*/
import Base64;
import java.io.*;
import java.text.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class AuthenticateUser
{
static private Hashtable security=new Hashtable();
/** authenticates any request using the internal hashtable security for
usernames/passwords.
* @returns user name if authentication suceeds, null if not.
*/
public String authenticate(HttpServletRequest req,HttpServletResponse resp)
throws IOException, ServletException
{
String encoded=req.getHeader("Authorization");
if (encoded != null) {
String enc=encoded.substring(6);
String usernpass=Base64.decode(enc);
String uname;
String pword;
if (usernpass!=null) {
uname=usernpass.substring(0,usernpass.indexOf(":"));
pword=usernpass.substring(usernpass.indexOf(":")+1);
if (pword.equals(security.get(uname)))
// User already in the hashtable
return uname;
UserListData us = new UserList().GetUser(uname);
if (us.Handle!=null && us.Password!=null) {
security.put(us.Handle,us.Password);
if (pword.equals(us.Password))
return uname;
}
}
}
// Not a valid username and password
// or no Authorization header
// or no username and password are present
// or user is not in EFS database therefore
// send UNAUTHORIZED response
resp.setHeader("WWW-Authenticate","Basic realm=\"EFSChangeRequestVote\"");
resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return null;
}
}
Peace
Marty Halvorson
New Mexico Supreme Court
Administrative Office of the Courts
Judicial Information Division
[EMAIL PROTECTED]
