SE452: An HTTP Basic Authentiction Example [19/20] Previous pageContentsNext page

/*
 * AuthenticationServlet.java
 *
 */
 
package se452.headers;           

import javax.servlet.*;
import javax.servlet.http.*;
import sun.misc.BASE64Decoder;
import java.util.Map;
import java.util.HashMap;
import java.io.PrintWriter;
import java.util.Date;

/** 
 *
 * @author  Matthew Wright
 * @version 1.0 
 */
public class AuthenticationServlet extends HttpServlet {
    
    protected Map users = new HashMap();
    
    public void init() {
        users.put("mwright", "abc123");
        users.put("default", "tester");
        users.put("joe", "Gr8P@ssWurd");
    }

    /** Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
    * @param request servlet request
    * @param response servlet response
    */
    protected void processRequest(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, java.io.IOException {
        response.setContentType("text/html");
        java.io.PrintWriter out = response.getWriter();

        String authentication = request.getHeader("Authorization");
        if(authentication != null) {
            String credentials = authentication.substring(6).trim();
            BASE64Decoder decoder = new BASE64Decoder();
            String userpass = new String(decoder.decodeBuffer(credentials));
            int i = userpass.indexOf(":");
            if (i > 0) {
                String username = userpass.substring(0,i);
                String password = userpass.substring(i + 1);
                String pw = (String)users.get(username);
                if(pw != null && pw.equals(password)) {
                    authorize(response);
                    return;
                }
            }
        }
        authenticate(response);
        out.close();
    } 
    
    /**
     * Attempts to authenticate the user by setting the
     * correct headers
     */
    void authenticate(HttpServletResponse response) {
       response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
       response.setHeader("WWW-Authenticate", "Basic realm=\"JavaSecrets\"");
    }
    
    /**
     * Sends a response the user that indicates they are authorized
     */
    void authorize(HttpServletResponse response)
        throws java.io.IOException {
        response.setContentType("text/html");
        PrintWriter out = response.getWriter();
        
        out.println("<html><head><title>Protected Page: Java Secrets</title></head>");
        out.println("<body>Access granted. " + new Date() + "</body></html>");
    }
    
    /** Handles the HTTP <code>GET</code> method.
    * @param request servlet request
    * @param response servlet response
    */
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, java.io.IOException {
        processRequest(request, response);
    } 

    /** Handles the HTTP <code>POST</code> method.
    * @param request servlet request
    * @param response servlet response
    */
    protected void doPost(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, java.io.IOException {
        processRequest(request, response);
    }

}

Previous pageContentsNext page