Dear friends,
I have been unable to get the password-protected
servlet from Marty Hall's Core Servlets and JSPs to work. I think my trouble is I don't know how to pass the passwords.Properties file to the servlet.
My problem is: the password does not give me access to the servlet.It appears I have not been successful in passing the
user/password values to the servlet even though I tried.
Please help, you may not have to look at the long code. Thanks!
I have a file named: passwords.Properties which contains a few
username/password pairS and it is located in a local folder
(C:\LocalFolder\passwords.Properties) and looks like this:
(Note it is built with a
java class and opened with TextPad)
-----------------------------
#Passwords
#Sun Mar 04 15:36:25 EST 2001
nathan=nathanpw
marty=martypw
lindsay=lindsaypw
bj=bjpw
----------------------------------
Now,in my XML file I set servlet init parameter passwordFile as follows:
-------------------------------------------------------
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
<web-app>
<servlet>
<servlet-name>
SecretServlet
</servlet-name>
<servlet-class>
coreservlets.ProtectedPage
</servlet-class>
<init-param> //HERE THE passwordFile init parameter
<param-name>
passwordFile
</param-name>
<param-value>
"C:\\LocalFoldr\\passwords.properties"
</param-value>
</init-param>
<init-param>
<param-name>
repeats
</param-name>
<param-value>
10
</param-value>
</init-param>
</servlet>
<taglib>
<taglib-uri>
/tags
</taglib-uri>
<taglib-location>
/WEB-INF/tags/HelloTagLib.tld
</taglib-location>
</taglib>
</web-app>
------------------------------------------------------------
Code for ProtectedPage.java (M Hall's code, not mine)
-------------------------------------------------------------
package coreservlets;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.util.Properties;
import sun.misc.BASE64Decoder;
/** Example of password-protected pages handled directly
* by servlets.
* <P>
* Taken from Core Servlets and JavaServer Pages
* from Prentice Hall and Sun Microsystems Press,
*
http://www.coreservlets.com/. * © 2000 Marty Hall; may be freely used or adapted.
*/
public class ProtectedPage extends HttpServlet {
private Properties passwords;
private
String passwordFile;
/** Read the password file from the location specified
* by the passwordFile initialization parameter.
*/
public void init(ServletConfig config)
throws ServletException {
super.init(config);
//I Think THE FOLLOWING CODE DEALS WITH THE passwordFile
try {
passwordFile = config.getInitParameter("passwordFile");
passwords = new Properties();
passwords.load(new FileInputStream(passwordFile));
} catch(IOException ioe) {}
}
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String authorization = request.getHeader("Authorization");
if (authorization == null) {
askForPassword(response);
} else {
String userInfo = authorization.substring(6).trim();
BASE64Decoder decoder = new BASE64Decoder();
String nameAndPassword =
new String(decoder.decodeBuffer(userInfo));
int index = nameAndPassword.indexOf(":");
String user = nameAndPassword.substring(0, index);
String password = nameAndPassword.substring(index+1);
String realPassword = passwords.getProperty(user);
if ((realPassword != null) &&
(realPassword.equals(password))) {
String title = "Welcome to the Protected Page";
out.println(ServletUtilities.headWithTitle(title) +
"<BODY BGCOLOR=\"#FDF5E6\">\n" +
"<H1 ALIGN=CENTER>" + title + "</H1>\n" +
"Congratulations. You have accessed a\n" +
"highly proprietary company document.\n" +
"Shred or eat all hardcopies before\n" +
"going to bed tonight.\n" +
"</BODY></HTML>");
} else {
askForPassword(response);
}
}
}
// If no Authorization header was supplied in the request.
private void askForPassword(HttpServletResponse response) {
response.setStatus(response.SC_UNAUTHORIZED); // Ie 401
response.setHeader("WWW-Authenticate",
"BASIC realm=\"privileged-few\"");
}
/** Handle GET and POST identically. */
public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}