Avatar of ViceroyFizzlebottom
ViceroyFizzlebottom
Flag for United States of America asked on

Basic Authentication using Filter, Java2EE

Hello and thanks in advance for any assitance.

I will state to begin with that this is in fact for help with my Enterprise Java Dev course. I have written a microblog application using servlets, jsp and the like. Part of that website is an administrator section 'Admin.jsp' which allows me to Add/Edit/Delete blog entries.

I need to restrict access to that JSP page by way of an HttpServletFilter which manually enforces Basic Authentication. Originally this was setup to use Tomcat's integrated Basic Authentication which worked fine, but this is just an evolution.

I know that inside the filter's doFilter method, I need to somehow create a Principal object, verify the user's supplied username/password using Base64 decoding, but from there I'm lost.

I have everything up to that point working, the whole site is good, I have the filter wired up and working correctly, but I'm simply doing nothing in the doFilter method and letting everyone in.

Finally, to the point. I'm looking specifically for just some suggestions or links on how exactly I get the browser to prompt for user/pass and how I get to those values from inside my doFilter method. I think once I have that figured out, the rest will probably be self-evident.
Java EEJSP

Avatar of undefined
Last Comment
mrcoffee365

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
mrcoffee365

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
ViceroyFizzlebottom

ASKER
Hmm, interesting... actually code the interaction myself. What a novel idea :) I'm so used to always looking for a library or utility that someone else has wrote.

I'm sure this is what the goal of the assignment is as well, I just couldn't see the forest through the trees.

Thanks
mrcoffee365

I think writing your own Basic Authentication to work the same as Tomcat's is more difficult than normal form authentication -- just make sure that your assignment is to really do your own version of that kind of authentication.  Are you certain they don't mean you to configure Tomcat to use Basic Authentication?  Then you would have a Principal object in Tomcat to check in your filter.
ViceroyFizzlebottom

ASKER
Ya, I confirmed that the goal (well one of them anyway) was to bake our own version using RequestWrappers, Filters and whatever else it's going to take.

In fact the first version of this project did use Tomcat's Basic Authentication, but for this iteration, using the Container's built-in functionality is forbidden.


Thanks again.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
mrcoffee365

Great -- have fun!