Hmm.
Well, did not really see what you spoke about, but I've found a method
for what I wished.
I use HttpHeaders from what I get the header Authorization if present,
if not, the request is sent to client for authenticate with a Response
object, if yes verification of login/password is made and if there are
correct, user is authorized to access requested data. Look at following
example code :
@GET
@Path("/auth")
public Response authentication(@Context HttpHeaders headers) throws
Base64Exception, IOException {
String login = "";
String password = "";
if (!headers.getRequestHeader("Authorization").isEmpty()) {
String headerAuth =
headers.getRequestHeader("Authorization").get(0).toString();
String headerStrimmed = headerAuth.substring(6); //BASIC method
String decedodHeader = new
String(Base64Utility.decode(headerStrimmed));
login = decedodHeader.substring(0,decedodHeader.indexOf(":"));
password =
decedodHeader.substring(decedodHeader.indexOf(":")+1);
}
if ("johnsmith".equals(login) &&
"1234-OhBadPassword".equals(password)) {
System.out.println("\n\nAuthentification OK\n\n");
return Response.ok("Authentication
Valid!").status(HttpStatus.SC_OK).build();
}
return
Response.ok().status(HttpStatus.SC_UNAUTHORIZED).header("WWW-authenticate",
"BASIC realm=\"Authentication required\"").build();
}
Login & password MUST not contain any ":" in this case, but I'll find a
better method verification for them.
Thanks!
--
Raphael F.
