We only handle HTTP Basic authentication
Php4
function authenticate() {
Header( "WWW-authenticate: basic realm='Test Authentication System'");
Header( "HTTP/1.0 401 Unauthorized");
echo "You must enter a valid login ID and password to access this resource\n";
exit;
}
// if(!isset($PHP_AUTH_USER) || ($SeenBefore == 1 && !strcmp($OldAuth, $PHP_AUTH_USER)) ) {
// authenticate();
// }
// else {
// echo "Welcome: $PHP_AUTH_USER<BR>";
// echo "Old: $OldAuth";
// echo "<FORM ACTION=\"$PHP_SELF\" METHOD=POST>\n";
// echo "<INPUT TYPE=HIDDEN NAME=\"SeenBefore\" VALUE=\"1\">\n";
// echo "<INPUT TYPE=HIDDEN NAME=\"OldAuth\" VALUE=\"$PHP_AUTH_USER\">\n";
// echo "<INPUT TYPE=Submit VALUE=\"Re Authenticate\">\n";
// echo "</FORM>\n";
// }
if (!isset($_SERVER['PHP_AUTH_USER']) || ($_SERVER['PHP_AUTH_USER'] =="")) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
//phpinfo();
?>
JSP
String userID = null;
String password = null;
// Assume not valid until proven otherwise
boolean valid = false;
// Get the Authorization header, if one was supplied
String authHeader = request.getHeader("Authorization");
if (authHeader != null) {
java.util.StringTokenizer st = new java.util.StringTokenizer(authHeader);
if (st.hasMoreTokens()) {
String basic = st.nextToken();
// We only handle HTTP Basic authentication
if (basic.equalsIgnoreCase("Basic")) {
String credentials = st.nextToken();
// This example uses sun.misc.* classes.
// You will need to provide your own
// if you are not comfortable with that.
sun.misc.BASE64Decoder decoder = new sun.misc.BASE64Decoder();
String userPass =
new String(decoder.decodeBuffer(credentials));
// String encoding = new sun.misc.BASE64Encoder().encode (userPassword.getBytes());
// The decoded string is in the form
// "userID:password".
int p = userPass.indexOf(":");
if (p != -1) {
userID = userPass.substring(0, p);
password = userPass.substring(p+1);
// Validate user ID and password
// and set valid true true if valid.
// In this example, we simply check
// that neither field is blank
if ((!userID.trim().equals("")) &&
(!password.trim().equals(""))) {
valid = true;
}
}
}
}
}
// If the user was not validated, fail with a
// 401 status code (UNAUTHORIZED) and
// pass back a WWW-Authenticate header for
// this servlet.
//
// Note that this is the normal situation the
// first time you access the page. The client
// web browser will prompt for userID and password
// and cache them so that it doesn't have to
// prompt you again.
if (!valid) {
String s = "Basic realm=\"Login Test Servlet Users\"";
response.setHeader("WWW-Authenticate", s);
response.setStatus(401);
}
// Otherwise, proceed
else {
response.setContentType("text/html");
out.println("<H3>Hello, " + userID + "</H3>");
out.println("<H3>you passe " + password+ "</H3>");
out.println("You are authorized to proceed.");
}
%>
Servlet
Here is an example of a servlet that implements basic authentication:
import java.io.*;
import java.net.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
import sun.misc.*; // See warning below
/**
* LoginTest
*/
public class LoginTest extends HttpServlet
{
public void doGet(
HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException
{
String userID = null;
String password = null;
// Assume not valid until proven otherwise
boolean valid = false;
// Get the Authorization header, if one was supplied
String authHeader = request.getHeader("Authorization");
if (authHeader != null) {
StringTokenizer st = new StringTokenizer(authHeader);
if (st.hasMoreTokens()) {
String basic = st.nextToken();
// We only handle HTTP Basic authentication
if (basic.equalsIgnoreCase("Basic")) {
String credentials = st.nextToken();
// This example uses sun.misc.* classes.
// You will need to provide your own
// if you are not comfortable with that.
BASE64Decoder decoder = new BASE64Decoder();
String userPass =
new String(decoder.decodeBuffer(credentials));
// The decoded string is in the form
// "userID:password".
int p = userPass.indexOf(":");
if (p != -1) {
userID = userPass.substring(0, p);
password = userPass.substring(p+1);
// Validate user ID and password
// and set valid true true if valid.
// In this example, we simply check
// that neither field is blank
if ((!userID.trim().equals("")) &&
(!password.trim().equals(""))) {
valid = true;
}
}
}
}
}
// If the user was not validated, fail with a
// 401 status code (UNAUTHORIZED) and
// pass back a WWW-Authenticate header for
// this servlet.
//
// Note that this is the normal situation the
// first time you access the page. The client
// web browser will prompt for userID and password
// and cache them so that it doesn't have to
// prompt you again.
if (!valid) {
String s = "Basic realm=\"Login Test Servlet Users\"";
response.setHeader("WWW-Authenticate", s);
response.setStatus(401);
}
// Otherwise, proceed
else {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println("<H3>Hello, " + userID + "</H3>");
out.println("You are authorized to proceed.");
}
}
}
--
Phil Hanna
Open page from Java
/*
* Created on Oct 4, 2004 To change the template for this generated file go to
* Oct 4, 2004 tpassword.java
*/
/**
* @author mgo4943 To change the template for this generated type comment go to
* Window>Preferences>Java>Code Generation>Code and Comments
*/
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.net.URLConnection;
public class tpassword
{
/**
* TODO Method Description
*/
public tpassword()
{
super();
// TODO Auto-generated constructor stub
}
String username = "manager", password="peps2000";
class MyAuthenticator {
String getPasswordAuthentication() {
username = "Vanna";
password="Rector";
return username + ":" + password;
}
}
public void getUrl(String urlString) throws Exception
{
URL url = new URL (urlString);
// Popup Window to request username/password password
MyAuthenticator ma = new MyAuthenticator();
String userPassword = ma.getPasswordAuthentication();
// Encode String
String encoding = new sun.misc.BASE64Encoder().encode (userPassword.getBytes());
URLConnection uc = url.openConnection();
uc.setRequestProperty ("Authorization", "Basic " + encoding);
InputStream content = (InputStream)uc.getInputStream();
BufferedReader in =
new BufferedReader (new InputStreamReader (content));
String line;
while ((line = in.readLine()) != null) {
System.out.println (line);
}
in.close();
}
public static void main(String[] arg) throws Exception
{
System.getProperties().put("proxySet", "true");
System.getProperties().put("proxyHost", "firewall");
System.getProperties().put("proxyPort", "80");
tpassword s = new tpassword();
// s.getUrl(">http://moisey:8080/manager/html>");
s.getUrl("http://www.alemoi.com/www4>");
}
}
JSP tested
String userID = null;
String password = null;
boolean valid = false;
// Assume not valid until proven otherwise
// Get the Authorization header, if one was supplied
String authHeader = request.getHeader("Authorization");
// System.out.println("authHeader:" + authHeader);
if (authHeader != null) {
java.util.StringTokenizer st = new java.util.StringTokenizer(authHeader);
if (st.hasMoreTokens()) {
String basic = st.nextToken();
// We only handle HTTP Basic authentication
if (basic.equalsIgnoreCase("Basic")) {
String credentials = st.nextToken();
// This example uses sun.misc.* classes.
// You will need to provide your own
// if you are not comfortable with that.
sun.misc.BASE64Decoder decoder = new sun.misc.BASE64Decoder();
String userPass =
new String(decoder.decodeBuffer(credentials));
// String encoding = new sun.misc.BASE64Encoder().encode (userPassword.getBytes());
// The decoded string is in the form
// "userID:password".
// System.out.println("userPassword=" + userPass);
int p = userPass.indexOf(":");
if (p != -1) {
userID = userPass.substring(0, p);
password = userPass.substring(p+1);
// Validate user ID and password
// and set valid true true if valid.
// In this example, we simply check
// that neither field is blank
if ((userID.trim().equals("user")) &&
(password.trim().equals("paswd"))) {
valid = true;
}
}
}
}
}
// If the user was not validated, fail with a
// 401 status code (UNAUTHORIZED) and
// pass back a WWW-Authenticate header for
// this servlet.
//
// Note that this is the normal situation the
// first time you access the page. The client
// web browser will prompt for userID and password
// and cache them so that it doesn't have to
// prompt you again.
if (!valid) {
String s = "Basic realm=\"Login RDM\n You must enter valid password to enter this resource\"";
response.setHeader("WWW-Authenticate", s);
response.setStatus(401);
return;
}
// Otherwise, proceed
else {
// response.setContentType("text/html");
// out.println("Hello, " + userID + "
");
// out.println("you passe " + password+ "
");
// out.println("You are authorized to proceed.");
}