Basic Authentication using Filter, Java2EE
Hello and thanks in advance for any assitance.
I will state to begin with that this is in fact for help with my Enterprise Java Dev course. I have written a microblog application using servlets, jsp and the like. Part of that website is an administrator section 'Admin.jsp' which allows me to Add/Edit/Delete blog entries.
I need to restrict access to that JSP page by way of an HttpServletFilter which manually enforces Basic Authentication. Originally this was setup to use Tomcat's integrated Basic Authentication which worked fine, but this is just an evolution.
I know that inside the filter's doFilter method, I need to somehow create a Principal object, verify the user's supplied username/password using Base64 decoding, but from there I'm lost.
I have everything up to that point working, the whole site is good, I have the filter wired up and working correctly, but I'm simply doing nothing in the doFilter method and letting everyone in.
Finally, to the point. I'm looking specifically for just some suggestions or links on how exactly I get the browser to prompt for user/pass and how I get to those values from inside my doFilter method. I think once I have that figured out, the rest will probably be self-evident.
I will state to begin with that this is in fact for help with my Enterprise Java Dev course. I have written a microblog application using servlets, jsp and the like. Part of that website is an administrator section 'Admin.jsp' which allows me to Add/Edit/Delete blog entries.
I need to restrict access to that JSP page by way of an HttpServletFilter which manually enforces Basic Authentication. Originally this was setup to use Tomcat's integrated Basic Authentication which worked fine, but this is just an evolution.
I know that inside the filter's doFilter method, I need to somehow create a Principal object, verify the user's supplied username/password using Base64 decoding, but from there I'm lost.
I have everything up to that point working, the whole site is good, I have the filter wired up and working correctly, but I'm simply doing nothing in the doFilter method and letting everyone in.
Finally, to the point. I'm looking specifically for just some suggestions or links on how exactly I get the browser to prompt for user/pass and how I get to those values from inside my doFilter method. I think once I have that figured out, the rest will probably be self-evident.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I think writing your own Basic Authentication to work the same as Tomcat's is more difficult than normal form authentication -- just make sure that your assignment is to really do your own version of that kind of authentication. Are you certain they don't mean you to configure Tomcat to use Basic Authentication? Then you would have a Principal object in Tomcat to check in your filter.
ASKER
Ya, I confirmed that the goal (well one of them anyway) was to bake our own version using RequestWrappers, Filters and whatever else it's going to take.
In fact the first version of this project did use Tomcat's Basic Authentication, but for this iteration, using the Container's built-in functionality is forbidden.
Thanks again.
In fact the first version of this project did use Tomcat's Basic Authentication, but for this iteration, using the Container's built-in functionality is forbidden.
Thanks again.
Great -- have fun!
ASKER
I'm sure this is what the goal of the assignment is as well, I just couldn't see the forest through the trees.
Thanks