1 - read out the request headers, you get the username and password
(almost) directly
String auth = request.getHeader("authorization"); // as send by
apache
if (auth == null) return true;
try {
auth = new String((new
sun.misc.BASE64Decoder()).decodeBuffer(auth.substring(6)));
}
catch (Exception exc) {
System.out.println(exc.toString());
return true;
}
if (auth == null) return true;
int pos = auth.indexOf(":");
if (pos < 0) {
System.out.println("No user");
return true;
}
String username = auth.substring(0, pos);
System.out.println("Login 401 user " + username);
This snippet is not from me, I found this in an earlier posting, but I
forgot where it was, sorry.
Holger
>
> 1 - Apache authenticates the user whith basic (or other) method, and servlet
> are enabled to know the actual userid
> 2 - Apache delegates the servlet to make the authentication. This would be
> the very best solution, but I suppose it is impossible (could an Apache
> module implement this feature?)
>
> Tnx in advance
> Marco
