CustomAuthpublic class CustomAuth extends HttpServlet
| Fields Summary |
|---|
| Hashtable | users |
| Methods Summary |
|---|
| protected boolean | allowUser(java.lang.String auth)
if (auth == null) return false; // no auth
if (!auth.toUpperCase().startsWith("BASIC "))
return false; // we only do BASIC
// Get encoded user and password, comes after "BASIC "
String userpassEncoded = auth.substring(6);
// Decode it, using any base 64 decoder
sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder();
String userpassDecoded = new String(dec.decodeBuffer(userpassEncoded));
// Check our user list to see if that user and password are "allowed"
if ("allowed".equals(users.get(userpassDecoded)))
return true;
else
return false;
| | public void | doGet(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
res.setContentType("text/plain");
PrintWriter out = res.getWriter();
// Get Authorization header
String auth = req.getHeader("Authorization");
// Do we allow that user?
if (!allowUser(auth)) {
// Not allowed, so report he's unauthorized
res.setHeader("WWW-Authenticate", "BASIC realm=\"users\"");
res.sendError(res.SC_UNAUTHORIZED);
// Could offer to add him to the allowed user list
}
else {
// Allowed, so show him the secret stuff
out.println("Top-secret stuff");
}
| | public void | init(javax.servlet.ServletConfig config)
super.init(config);
users.put("Wallace:cheese", "allowed");
users.put("Gromit:sheepnapper", "allowed");
users.put("Penguin:evil", "allowed");
|
|
