Hello and thanks in advance for any assitance.
I will state to begin with that this is in fact for help with my Enterprise Java Dev course. I have written a microblog application using servlets, jsp and the like. Part of that website is an administrator section 'Admin.jsp' which allows me to Add/Edit/Delete blog entries.
I need to restrict access to that JSP page by way of an HttpServletFilter which manually enforces Basic Authentication. Originally this was setup to use Tomcat's integrated Basic Authentication which worked fine, but this is just an evolution.
I know that inside the filter's doFilter method, I need to somehow create a Principal object, verify the user's supplied username/password using Base64 decoding, but from there I'm lost.
I have everything up to that point working, the whole site is good, I have the filter wired up and working correctly, but I'm simply doing nothing in the doFilter method and letting everyone in.
Finally, to the point. I'm looking specifically for just some suggestions or links on how exactly I get the browser to prompt for user/pass and how I get to those values from inside my doFilter method. I think once I have that figured out, the rest will probably be self-evident.