• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

password-protected servlet

 
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Dear friends,
I have been unable to get the password-protected servlet from Marty Hall's Core Servlets and JSPs to work. I think my trouble is I don't know how to pass the passwords.Properties file to the servlet.
My problem is: the password does not give me access to the servlet.It appears I have not been successful in passing the
user/password values to the servlet even though I tried.
Please help, you may not have to look at the long code. Thanks!
I have a file named: passwords.Properties which contains a few
username/password pairS and it is located in a local folder
(C:\LocalFolder\passwords.Properties) and looks like this:
(Note it is built with a java class and opened with TextPad)
-----------------------------
#Passwords
#Sun Mar 04 15:36:25 EST 2001
nathan=nathanpw
marty=martypw
lindsay=lindsaypw
bj=bjpw
----------------------------------
Now,in my XML file I set servlet init parameter passwordFile as follows:
-------------------------------------------------------
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
<web-app>
<servlet>

<servlet-name>
SecretServlet
</servlet-name>

<servlet-class>
coreservlets.ProtectedPage
</servlet-class>

<init-param> //HERE THE passwordFile init parameter
<param-name>
passwordFile
</param-name>
<param-value>
"C:\\LocalFoldr\\passwords.properties"
</param-value>
</init-param>

<init-param>
<param-name>
repeats
</param-name>
<param-value>
10
</param-value>
</init-param>
</servlet>

<taglib>
<taglib-uri>
/tags
</taglib-uri>
<taglib-location>
/WEB-INF/tags/HelloTagLib.tld
</taglib-location>
</taglib>
</web-app>
------------------------------------------------------------
Code for ProtectedPage.java (M Hall's code, not mine)
-------------------------------------------------------------
package coreservlets;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.util.Properties;
import sun.misc.BASE64Decoder;
/** Example of password-protected pages handled directly
* by servlets.
* <P>
* Taken from Core Servlets and JavaServer Pages
* from Prentice Hall and Sun Microsystems Press,
* http://www.coreservlets.com/.
* © 2000 Marty Hall; may be freely used or adapted.
*/
public class ProtectedPage extends HttpServlet {
private Properties passwords;
private String passwordFile;
/** Read the password file from the location specified
* by the passwordFile initialization parameter.
*/

public void init(ServletConfig config)
throws ServletException {
super.init(config);
//I Think THE FOLLOWING CODE DEALS WITH THE passwordFile
try {
passwordFile = config.getInitParameter("passwordFile");
passwords = new Properties();
passwords.load(new FileInputStream(passwordFile));
} catch(IOException ioe) {}
}


public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String authorization = request.getHeader("Authorization");
if (authorization == null) {
askForPassword(response);
} else {
String userInfo = authorization.substring(6).trim();
BASE64Decoder decoder = new BASE64Decoder();
String nameAndPassword =
new String(decoder.decodeBuffer(userInfo));
int index = nameAndPassword.indexOf(":");
String user = nameAndPassword.substring(0, index);
String password = nameAndPassword.substring(index+1);
String realPassword = passwords.getProperty(user);
if ((realPassword != null) &&
(realPassword.equals(password))) {
String title = "Welcome to the Protected Page";
out.println(ServletUtilities.headWithTitle(title) +
"<BODY BGCOLOR=\"#FDF5E6\">\n" +
"<H1 ALIGN=CENTER>" + title + "</H1>\n" +
"Congratulations. You have accessed a\n" +
"highly proprietary company document.\n" +
"Shred or eat all hardcopies before\n" +
"going to bed tonight.\n" +
"</BODY></HTML>");
} else {
askForPassword(response);
}
}
}
// If no Authorization header was supplied in the request.

private void askForPassword(HttpServletResponse response) {
response.setStatus(response.SC_UNAUTHORIZED); // Ie 401
response.setHeader("WWW-Authenticate",
"BASIC realm=\"privileged-few\"");
}
/** Handle GET and POST identically. */

public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}


 
Xinbo Cheng
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks to those who looked at this message. I have figured out
my problem so don't look at those ugly code again!
XC
 
Ranch Hand
Posts: 4716
9
Scala Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you use UBB code tag, your code will display much more readably. You can learn about UBB tags here http://www.javaranch.com/ubb/ubbcode.html
 
Gravity is a harsh mistress. But this tiny ad is pretty easy to deal with:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic