URL Authentication

I have written a very simple servlet that takes the name of an image file in a certain directory, then outputs it to the page.
This directory is password protected using htaccess and the idea is to use an Authenticator to gain access to the files in that directory.

In doing this, I'm receiving an javax.imageio.IIOException
Here is the code I'm using...

public class ImgReader extends HttpServlet
{
      public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException
      {
            process(request, response);
      }
      
      public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException
      {
            process(request, response);
      }
      
      private void process(HttpServletRequest request, HttpServletResponse response) throws IOException
      {
            // Get the image parameter
            String img = request.getParameter("img");
            
            // Check to see if it's empty
            if (img == null || img.equals(""))
            {
                  return;
            }
            
            try
            {
                  Authenticator.setDefault(new DefaultAuthenticator());
            }
            catch (Exception e)
            {
                  e.printStackTrace(response.getWriter());
            }
            
            BufferedImage image = ImageIO.read(new URL("http://www.mydomain.com/images/personal/" + img)); // Exception is thrown here
            
            response.setContentType("image/jpeg");
            ImageIO.write(image, "jpeg", response.getOutputStream());
      }
      
      private class DefaultAuthenticator extends Authenticator
      {
            private final String user = "myusername";
            private final String pass = "mypassword";
            
            protected PasswordAuthentication getPasswordAuthentication()
            {                  
                  return new PasswordAuthentication(user, pass.toCharArray());
            }
      }
}

Here is the stack trace from the servlet when called using http://www.my-domain.com/servlet/com.wim.ImgReader?img=imgName.JPG

500 Servlet Exception

javax.imageio.IIOException: Can't get input stream from URL!
      at javax.imageio.ImageIO.read(ImageIO.java:1345)
      at com.wim.ImgReader.process(ImgReader.java:49)
      at com.wim.ImgReader.doGet(ImgReader.java:21)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:126)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:103)
      at com.caucho.server.http.FilterChainServlet.doFilter(FilterChainServlet.java:96)
      at com.caucho.server.http.Invocation.service(Invocation.java:315)
      at com.caucho.server.http.CacheInvocation.service(CacheInvocation.java:135)
      at com.caucho.server.http.RunnerRequest.handleRequest(RunnerRequest.java:346)
      at com.caucho.server.http.RunnerRequest.handleConnection(RunnerRequest.java:274)
      at com.caucho.server.TcpConnection.run(TcpConnection.java:139)
      at java.lang.Thread.run(Thread.java:534)
Caused by: java.io.IOException: Server returned HTTP response code: 401
for URL: http://www.my-domain.com/images/personal/imgName.JPG
      at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:791)
      at java.net.URL.openStream(URL.java:913)
      at javax.imageio.ImageIO.read(ImageIO.java:1343)
      ... 11 more

I have been using the correct file path and name as well as using the correct username and password for authentication.

Is there something I have done wrong?
Any suggestions would be greatly appreciated. :-)

Cheers

-OBCT
LVL 9
OBCTAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CEHJCommented:
Is the authenticator actually being called?
0
OBCTAuthor Commented:
I am assuming so...
At http://javaalmanac.com/egs/java.net/Auth.html, it says that the getPasswordAuthentication() method is called whenever a password protected URL is accessed.
0
OBCTAuthor Commented:
By the way, I'm using Resin 2.1.13 if that makes any differenc.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

CEHJCommented:
>>I am assuming so...

Not a good idea ;-)
0
OBCTAuthor Commented:
Ahh ok, I took away all exception handling code (asside from that required for compilation) and received the following exception...

java.security.AccessControlException: access denied (java.net.NetPermission
setDefaultAuthenticator)
      at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
      at java.security.AccessController.checkPermission(AccessController.java:401)
      at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
      at java.net.Authenticator.setDefault(Authenticator.java:84)
      at com.wim.ImgReader.process(ImgReader.java:65)
      at com.wim.ImgReader.doGet(ImgReader.java:35)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:126)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:103)
      at com.caucho.server.http.FilterChainServlet.doFilter(FilterChainServlet.java:96)
      at com.caucho.server.http.Invocation.service(Invocation.java:315)
      at com.caucho.server.http.CacheInvocation.service(CacheInvocation.java:135)
      at com.caucho.server.http.RunnerRequest.handleRequest(RunnerRequest.java:346)
      at com.caucho.server.http.RunnerRequest.handleConnection(RunnerRequest.java:274)
      at com.caucho.server.TcpConnection.run(TcpConnection.java:139)
      at java.lang.Thread.run(Thread.java:534)

So basically the exception is being thrown when I attempt call Authenticator.setDefault(new DefaultAuthenticator());
Does this mean I can't set my own Authenticator? If so why not? :-(
0
CEHJCommented:
>>Does this mean I can't set my own Authenticator?

Probably means you'll have to do so in a different way

>>If so why not? :-(

Probably because the container considers that a usurpation of its own security functionality, even an attempt to bypass it.

Start by checking out the security policy of the container
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CEHJCommented:
:-)
0
OBCTAuthor Commented:
Forgot to say thank you :-)
Thanks.
0
CEHJCommented:
No problem ;-) If you can get around to it, it would be very useful for future viewers of this q. to provide a short summary of how you implemented the solution
0
OBCTAuthor Commented:
I usually do, I just got lazy this time :-p

Due to the fact I was testing this servlet on a shared server, I couldnt gain access to the security policy file to adjust the permissions.
So I'm considering getting a dedicated server but until then, I'll look into realms using JNDI as another possible option.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Java

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.