Link to home
Start Free TrialLog in
Avatar of ViceroyFizzlebottom
ViceroyFizzlebottomFlag for United States of America

asked on

Basic Authentication using Filter, Java2EE

Hello and thanks in advance for any assitance.

I will state to begin with that this is in fact for help with my Enterprise Java Dev course. I have written a microblog application using servlets, jsp and the like. Part of that website is an administrator section 'Admin.jsp' which allows me to Add/Edit/Delete blog entries.

I need to restrict access to that JSP page by way of an HttpServletFilter which manually enforces Basic Authentication. Originally this was setup to use Tomcat's integrated Basic Authentication which worked fine, but this is just an evolution.

I know that inside the filter's doFilter method, I need to somehow create a Principal object, verify the user's supplied username/password using Base64 decoding, but from there I'm lost.

I have everything up to that point working, the whole site is good, I have the filter wired up and working correctly, but I'm simply doing nothing in the doFilter method and letting everyone in.

Finally, to the point. I'm looking specifically for just some suggestions or links on how exactly I get the browser to prompt for user/pass and how I get to those values from inside my doFilter method. I think once I have that figured out, the rest will probably be self-evident.
Avatar of mrcoffee365
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of ViceroyFizzlebottom


Hmm, interesting... actually code the interaction myself. What a novel idea :) I'm so used to always looking for a library or utility that someone else has wrote.

I'm sure this is what the goal of the assignment is as well, I just couldn't see the forest through the trees.

I think writing your own Basic Authentication to work the same as Tomcat's is more difficult than normal form authentication -- just make sure that your assignment is to really do your own version of that kind of authentication.  Are you certain they don't mean you to configure Tomcat to use Basic Authentication?  Then you would have a Principal object in Tomcat to check in your filter.
Ya, I confirmed that the goal (well one of them anyway) was to bake our own version using RequestWrappers, Filters and whatever else it's going to take.

In fact the first version of this project did use Tomcat's Basic Authentication, but for this iteration, using the Container's built-in functionality is forbidden.

Thanks again.
Great -- have fun!