CustomAuthpublic class CustomAuth extends HttpServlet
Fields Summary |
---|
Hashtable | users |
Methods Summary |
---|
protected boolean | allowUser(java.lang.String auth)
if (auth == null) return false; // no auth
if (!auth.toUpperCase().startsWith("BASIC "))
return false; // we only do BASIC
// Get encoded user and password, comes after "BASIC "
String userpassEncoded = auth.substring(6);
// Decode it, using any base 64 decoder (we use com.oreilly.servlet)
String userpassDecoded = Base64Decoder.decode(userpassEncoded);
// Check our user list to see if that user and password are "allowed"
if ("allowed".equals(users.get(userpassDecoded)))
return true;
else
return false;
| public void | doGet(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
res.setContentType("text/plain");
PrintWriter out = res.getWriter();
// Get Authorization header
String auth = req.getHeader("Authorization");
// Do we allow that user?
if (!allowUser(auth)) {
// Not allowed, so report he's unauthorized
res.setHeader("WWW-Authenticate", "BASIC realm=\"users\"");
res.sendError(res.SC_UNAUTHORIZED);
// Could offer to add him to the allowed user list
}
else {
// Allowed, so show him the secret stuff
out.println("Top-secret stuff");
}
| public void | init(javax.servlet.ServletConfig config)
super.init(config);
// Names and passwords are case sensitive!
users.put("Wallace:cheese", "allowed");
users.put("Gromit:sheepnapper", "allowed");
users.put("Penguin:evil", "allowed");
|
|