Welcome to the Java Programming Forums


The professional, friendly Java community. 21,500 members and growing!


The Java Programming Forums are a community of Java programmers from all around the World. Our members have a wide range of skills and they all have one thing in common: A passion to learn and code Java. We invite beginner Java programmers right through to Java professionals to post here and share your knowledge. Become a part of the community, help others, expand your knowledge of Java and enjoy talking with like minded people. Registration is quick and best of all free. We look forward to meeting you.


>> REGISTER NOW TO START POSTING


Members have full access to the forums. Advertisements are removed for registered users.

Results 1 to 4 of 4

Thread: Authentication problem in a servlet

  1. #1
    Member
    Join Date
    Jun 2010
    Posts
    48
    Thanks
    12
    Thanked 2 Times in 2 Posts

    Default Authentication problem in a servlet

    Hello,
    I am trying to make a servlet which would have a security. When you try to access to it, the box pops up with login and password boxes. The thing is, that it doesn't appears to me. When I am trying to access the page, I get an error like this:


    The way I am trying to do it:

    The servlet:
    import java.io.*;
    import java.util.*;
    import javax.servlet.*;
    import javax.servlet.http.*;
     
    public class ProtectedPage extends HttpServlet {
    	Hashtable<String, String> users = new Hashtable<String, String>();
     
    	public void init(ServletConfig config) throws ServletException {
    		super.init(config);
    		// Remember that names and password are case sensitive !
    		users.put("MyName:MyPassword", "allowed");
    	}
     
    	public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
    		doGet(request, response);
    	}
     
    	public void doGet(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException {
    		res.setContentType("text/plain");
    		PrintWriter out = res.getWriter();
     
    		// Show client data
    		String auth = req.getHeader("Authorization");
    		if(checkUser(auth)) {
    			out.write("\n Authorization Header = " + auth);
    			out.write("\n Authorization Type = " + req.getAuthType());
    			out.write("\n User Principal = " + req.getUserPrincipal());
    			out.write("\n Remote User = " + req.getRemoteUser());
    			out.write("\n isSecure = " + req.isSecure());
    			out.write("\n Scheme = " + req.getScheme());
    		}
    		else {
    			res.setHeader("WWW-Authenticate", "FORM realm=\"Customer\"");
    			res.sendError(res.SC_UNAUTHORIZED);
    		}
    	}
     
    	/** This method checks the user Authorization information comparing
    	*	that with data in users Hashtable.
    	*	@param auth is a String, representing user Authorization data
    	*	@return boolean true, if it is allowed to show this page to user.
    	*/
    	protected boolean checkUser(String auth) throws IOException {
    		if(auth == null)
    			return false;
    		String authType = "BASIC ";
    		if(!auth.toUpperCase().startsWith(authType))
    			return false;
     
    		//Get encoded user and password, comes after authType.
    		String userpassEncoded = auth.substring(authType.length());
     
    		//Decode userpassEncoded, using base 64 decoder
    		String userpassDecoded = new String(Base64.decode(userpassEncoded));
    		System.out.println("userpassDecoded == " + userpassDecoded);
    		//Check our user list to see if that user and password are "allowed".
    		if("allowed".equals(users.get(userpassDecoded)))
    			return true;
    		else
    			return false;
    	}
    }
    web.xml:
    ...
    <servlet>
    	<servlet-name>Protected Page</servlet-name>
    	<servlet-class>ProtectedPage</servlet-class>
      </servlet>
    <servlet-mapping>
    	<servlet-name>Protected Page</servlet-name>
    	<url-pattern>/ProtectedPage</url-pattern>
      </servlet-mapping> 
     
    <security-constraint>
    	<web-resource-collection>
    		<web-resource-name>Protected Page</web-resource-name>
    		<url-pattern>/ProtectedPade</url-pattern>
    	</web-resource-collection>
     
    	<auth-constraint>
    		<security-role>
    			<role-name>Customer</role-name>
    		</security-role>
    	</auth-constraint>
      </security-constraint>
     
      <login-config>
    	<auth-method>BASIC</auth-method>
      </login-config>
    ...
    tomcat-users.xml:
    <tomcat-users>
    	<role rolename="Customer"/>
    	<user username="MyName" password="MyPassword" roles="Customer"/>
    </tomcat-users>

    I would really appreciate if anyone could tell me what I am doing wrong. In the google I can't find anything very useful. I am trying to access the page with Chrome/IE8 browsers. Examples on the website works without problem.


  2. #2
    Member
    Join Date
    Jun 2010
    Posts
    48
    Thanks
    12
    Thanked 2 Times in 2 Posts

    Default Re: Authentication problem in a servlet

    I was trying to solve it since yesterday and just now when checking the code I wrote here noticed the mistake in web.xml file. ProtectedPade instead of ProtectedPage. That's embarrassing.
    Last edited by Asido; September 9th, 2010 at 11:55 AM.

  3. #3
    Super Moderator Json's Avatar
    Join Date
    Jul 2009
    Location
    Warrington, United Kingdom
    Posts
    1,274
    My Mood
    Happy
    Thanks
    70
    Thanked 156 Times in 152 Posts

    Default Re: Authentication problem in a servlet

    Ah, so is this resolved now then?

    // Json

  4. #4
    Member
    Join Date
    Jun 2010
    Posts
    48
    Thanks
    12
    Thanked 2 Times in 2 Posts

    Default Re: Authentication problem in a servlet

    Yeh, solved.

Similar Threads

  1. What are the requirements to develop Servlet Application?
    By yousef atya in forum Java Servlet
    Replies: 2
    Last Post: July 28th, 2011, 07:20 PM
  2. Problem with the servlet and jdbc
    By manjukdvg in forum Java Servlet
    Replies: 3
    Last Post: September 8th, 2010, 09:44 AM
  3. Convert a project into JSP-Servlet
    By ali_hadian in forum JavaServer Pages: JSP & JSTL
    Replies: 0
    Last Post: June 25th, 2010, 09:54 AM
  4. servlet and socket plz HELP
    By Mokhtar in forum What's Wrong With My Code?
    Replies: 0
    Last Post: January 8th, 2010, 09:21 AM
  5. Replies: 1
    Last Post: July 28th, 2009, 03:15 AM