?
Solved

URL Authentication

Posted on 2005-03-10
10
Medium Priority
?
2,025 Views
Last Modified: 2008-01-09
I have written a very simple servlet that takes the name of an image file in a certain directory, then outputs it to the page.
This directory is password protected using htaccess and the idea is to use an Authenticator to gain access to the files in that directory.

In doing this, I'm receiving an javax.imageio.IIOException
Here is the code I'm using...

public class ImgReader extends HttpServlet
{
      public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException
      {
            process(request, response);
      }
      
      public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException
      {
            process(request, response);
      }
      
      private void process(HttpServletRequest request, HttpServletResponse response) throws IOException
      {
            // Get the image parameter
            String img = request.getParameter("img");
            
            // Check to see if it's empty
            if (img == null || img.equals(""))
            {
                  return;
            }
            
            try
            {
                  Authenticator.setDefault(new DefaultAuthenticator());
            }
            catch (Exception e)
            {
                  e.printStackTrace(response.getWriter());
            }
            
            BufferedImage image = ImageIO.read(new URL("http://www.mydomain.com/images/personal/" + img)); // Exception is thrown here
            
            response.setContentType("image/jpeg");
            ImageIO.write(image, "jpeg", response.getOutputStream());
      }
      
      private class DefaultAuthenticator extends Authenticator
      {
            private final String user = "myusername";
            private final String pass = "mypassword";
            
            protected PasswordAuthentication getPasswordAuthentication()
            {                  
                  return new PasswordAuthentication(user, pass.toCharArray());
            }
      }
}

Here is the stack trace from the servlet when called using http://www.my-domain.com/servlet/com.wim.ImgReader?img=imgName.JPG

500 Servlet Exception

javax.imageio.IIOException: Can't get input stream from URL!
      at javax.imageio.ImageIO.read(ImageIO.java:1345)
      at com.wim.ImgReader.process(ImgReader.java:49)
      at com.wim.ImgReader.doGet(ImgReader.java:21)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:126)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:103)
      at com.caucho.server.http.FilterChainServlet.doFilter(FilterChainServlet.java:96)
      at com.caucho.server.http.Invocation.service(Invocation.java:315)
      at com.caucho.server.http.CacheInvocation.service(CacheInvocation.java:135)
      at com.caucho.server.http.RunnerRequest.handleRequest(RunnerRequest.java:346)
      at com.caucho.server.http.RunnerRequest.handleConnection(RunnerRequest.java:274)
      at com.caucho.server.TcpConnection.run(TcpConnection.java:139)
      at java.lang.Thread.run(Thread.java:534)
Caused by: java.io.IOException: Server returned HTTP response code: 401
for URL: http://www.my-domain.com/images/personal/imgName.JPG
      at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:791)
      at java.net.URL.openStream(URL.java:913)
      at javax.imageio.ImageIO.read(ImageIO.java:1343)
      ... 11 more

I have been using the correct file path and name as well as using the correct username and password for authentication.

Is there something I have done wrong?
Any suggestions would be greatly appreciated. :-)

Cheers

-OBCT
0
Comment
Question by:OBCT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 86

Expert Comment

by:CEHJ
ID: 13512611
Is the authenticator actually being called?
0
 
LVL 9

Author Comment

by:OBCT
ID: 13513330
I am assuming so...
At http://javaalmanac.com/egs/java.net/Auth.html, it says that the getPasswordAuthentication() method is called whenever a password protected URL is accessed.
0
 
LVL 9

Author Comment

by:OBCT
ID: 13513964
By the way, I'm using Resin 2.1.13 if that makes any differenc.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 86

Expert Comment

by:CEHJ
ID: 13515027
>>I am assuming so...

Not a good idea ;-)
0
 
LVL 9

Author Comment

by:OBCT
ID: 13515964
Ahh ok, I took away all exception handling code (asside from that required for compilation) and received the following exception...

java.security.AccessControlException: access denied (java.net.NetPermission
setDefaultAuthenticator)
      at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
      at java.security.AccessController.checkPermission(AccessController.java:401)
      at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
      at java.net.Authenticator.setDefault(Authenticator.java:84)
      at com.wim.ImgReader.process(ImgReader.java:65)
      at com.wim.ImgReader.doGet(ImgReader.java:35)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:126)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:103)
      at com.caucho.server.http.FilterChainServlet.doFilter(FilterChainServlet.java:96)
      at com.caucho.server.http.Invocation.service(Invocation.java:315)
      at com.caucho.server.http.CacheInvocation.service(CacheInvocation.java:135)
      at com.caucho.server.http.RunnerRequest.handleRequest(RunnerRequest.java:346)
      at com.caucho.server.http.RunnerRequest.handleConnection(RunnerRequest.java:274)
      at com.caucho.server.TcpConnection.run(TcpConnection.java:139)
      at java.lang.Thread.run(Thread.java:534)

So basically the exception is being thrown when I attempt call Authenticator.setDefault(new DefaultAuthenticator());
Does this mean I can't set my own Authenticator? If so why not? :-(
0
 
LVL 86

Accepted Solution

by:
CEHJ earned 1000 total points
ID: 13516112
>>Does this mean I can't set my own Authenticator?

Probably means you'll have to do so in a different way

>>If so why not? :-(

Probably because the container considers that a usurpation of its own security functionality, even an attempt to bypass it.

Start by checking out the security policy of the container
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 13533702
:-)
0
 
LVL 9

Author Comment

by:OBCT
ID: 13533732
Forgot to say thank you :-)
Thanks.
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 13533746
No problem ;-) If you can get around to it, it would be very useful for future viewers of this q. to provide a short summary of how you implemented the solution
0
 
LVL 9

Author Comment

by:OBCT
ID: 13533799
I usually do, I just got lazy this time :-p

Due to the fact I was testing this servlet on a shared server, I couldnt gain access to the security policy file to adjust the permissions.
So I'm considering getting a dedicated server but until then, I'll look into realms using JNDI as another possible option.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will learn how to make Android Gesture Tutorial and give different functionality whenever a user Touch or Scroll android screen.
Basic understanding on "OO- Object Orientation" is needed for designing a logical solution to solve a problem. Basic OOAD is a prerequisite for a coder to ensure that they follow the basic design of OO. This would help developers to understand the b…
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
This tutorial will introduce the viewer to VisualVM for the Java platform application. This video explains an example program and covers the Overview, Monitor, and Heap Dump tabs.
Suggested Courses
Course of the Month8 days, 5 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question