User authentication before parsing XML

How can I do user authentication before I let the user access to parse a XML document?

I expect something like that the user receive an login URL including password, which call a login servlet (Lets call that 'L'). If the user is authenticated this login servlet will automatically redirects to the XML document handler servlet (Lets call that X), which produce the XML document.

But how can the user get the URL of the XML document handler servlet (X), after the user passed the login authentification?

I expect that the user just need a java class to parse the XML document, like the below:

public class BookValueDayTurnover { public class BookValueDayTurnoverURL { //The Login URL 'L final public String XMLLoginURL = "http://127.0.0.1:8080/myApp/servlet/edi/XMLLogin?username=" +myUsername+"&password="+userPwd; } private Vector vector = new Vector(); public BookValueDayTurnover () throws Exception { try { org.jdom.input.SAXBuilder parser = new org.jdom.input.SAXBuilder(); //The URL to this XML document handler servlet 'X', depends on the choosen redirect after user authentification? org.jdom.Document doc = parser.build( [B]"http://127.0.0.1:8080/myApp/servlet/edi/XMLdocument"[/B] ); :confused: org.jdom.Element e = doc.getRootElement().getChild("turnover"); for ( int i = 0 ; i < e.getChildren().size() ; i++ ){ org.jdom.Element e1 = ( org.jdom.Element ) e.getChildren().get( i ); String companyID = e1.getChild("companyID").getText(); String companyName = e1.getChild("companyName").getText(); vector.add( new Turnover ( Integer.parseInt( companyID ), companyName ) ); } } catch ( Exception ex ){ ex.printStackTrace(); } }

[ February 15, 2006: Message edited by: Jeppe Fjord ]
[ February 15, 2006: Message edited by: Ulf Dittmer ]

I'm not quite sure what you're asking. Why does the user need the URL of the XML-parsing servlet? That would be a config item for the login servelet, which would automatically forward to it once authentication was passed.

And why does the user need a Java class? Isn't the parsing done on the server, with the results being shown to the user? I'm obviously missing something.

Why does the user need the URL of the XML-parsing servlet? That would be a config item for the login servelet, which would automatically forward to it once authentication was passed.

The user is the one who wants to parse this XML document automatically from his program on his server. I do only want to let the user access data from the database through this XML document. In the XML parser class (P) the user need this URL, right?

org.jdom.Document doc = parser.build( XMLdocument_URL );

And why does the user need a Java class? Isn't the parsing done on the server, with the results being shown to the user? I'm obviously missing something

Yes you are correct. The user in my terminology is the users server. His server is automatically doing the parsing work within a java class.

But I just want to ensure that the user (the users server) is authenticated before they can go on to parse the XML document. If I just give the user (the users server) a Login URL to the login servlet, which do redirects to X, then how do it gets the URL of the XML document?

The user need a URL to the XML document in the java parsing class:

org.jdom.Document doc = parser.build( XMLdocument_URL );
[ February 15, 2006: Message edited by: Jeppe Fjord ]

I understand you want to get a document from a remote location. That is get the XML file from another server. But you want that server's servlet to authenticate first. Right?

If so I would suggest you use the URL tools in Java. I'm doing a similar thing, but with the usage of XStream. Basically I request an XML document from a server through HTTP. The returned page gets sent to the XML parser (XStream) and converted to a bean. You can use the Authenticator class to authenticate your request to the servlet and setup a BASIC authentication in the web.xml for that servlet.

Does that help?

I understand you want to get a document from a remote location. That is get the XML file from another server. But you want that server's servlet to authenticate first. Right?

Yes that is correct.

If so I would suggest you use the URL tools in Java.

To do the user authentification before I parse the file, I have tried to open a connection to the login servlet, just before I want to parse the XML document:

//Call the login servlet
java.net.URLConnection launch = new java.net.URL ( loginUrl ).openConnection();
launch.connect();
...
//Then parse the XML document
org.jdom.Document doc = parser.build( XMLdocument_URL );
...

- but the authentication session values (i.e. userID) is not found (not being kept in memory) when accessing the XML handler class?!

You can use the Authenticator class to authenticate your request to the servlet and setup a BASIC authentication in the web.xml for that servlet.

Yes but I wish do use my own login servlet, which automatically do the redirect to the correct XML handler class, depending on the username and password being stored in the database?
[ February 15, 2006: Message edited by: Jeppe Fjord ]

Originally posted by Jeppe Fjord:

Yes but I wish do use my own login servlet, which automatically do the redirect to the correct XML handler class, depending on the username and password being stored in the database?

[ February 15, 2006: Message edited by: Jeppe Fjord ]

In that case I can recommend you the usage of
request.isUserInRole("rolehere");
request.getRemoteUser();
request.getUserPrincipal();

Once you authenticate with the container you can use request.getRemoteUser(); to get the username and then based on that redirect to the correct XML handler class.

You might want to read into
More Servlets and JavaServer Pages�
By Marty Hall
...............................................
Publisher: Prentice Hall
Pub Date: December 26, 2001
Print ISBN-10: 0-13-067614-4
Print ISBN-13: 978-0-13-067614-6
Pages: 752

Has two good chapters on security and login both declarative and programmatic security.