File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes User authentication before parsing XML Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "User authentication before parsing XML " Watch "User authentication before parsing XML " New topic
Author

User authentication before parsing XML

Jeppe Sommer
Ranch Hand

Joined: Jan 07, 2004
Posts: 270
How can I do user authentication before I let the user access to parse a XML document?

I expect something like that the user receive an login URL including password, which call a login servlet (Lets call that 'L'). If the user is authenticated this login servlet will automatically redirects to the XML document handler servlet (Lets call that X), which produce the XML document.

But how can the user get the URL of the XML document handler servlet (X), after the user passed the login authentification?

I expect that the user just need a java class to parse the XML document, like the below:



[ February 15, 2006: Message edited by: Jeppe Fjord ]
[ February 15, 2006: Message edited by: Ulf Dittmer ]
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41863
    
  63
I'm not quite sure what you're asking. Why does the user need the URL of the XML-parsing servlet? That would be a config item for the login servelet, which would automatically forward to it once authentication was passed.

And why does the user need a Java class? Isn't the parsing done on the server, with the results being shown to the user? I'm obviously missing something.


Ping & DNS - my free Android networking tools app
Jeppe Sommer
Ranch Hand

Joined: Jan 07, 2004
Posts: 270

Why does the user need the URL of the XML-parsing servlet? That would be a config item for the login servelet, which would automatically forward to it once authentication was passed.

The user is the one who wants to parse this XML document automatically from his program on his server. I do only want to let the user access data from the database through this XML document. In the XML parser class (P) the user need this URL, right?

org.jdom.Document doc = parser.build( XMLdocument_URL );


And why does the user need a Java class? Isn't the parsing done on the server, with the results being shown to the user? I'm obviously missing something

Yes you are correct. The user in my terminology is the users server. His server is automatically doing the parsing work within a java class.

But I just want to ensure that the user (the users server) is authenticated before they can go on to parse the XML document. If I just give the user (the users server) a Login URL to the login servlet, which do redirects to X, then how do it gets the URL of the XML document?

The user need a URL to the XML document in the java parsing class:

org.jdom.Document doc = parser.build( XMLdocument_URL );
[ February 15, 2006: Message edited by: Jeppe Fjord ]
Gerardo Tasistro
Ranch Hand

Joined: Feb 08, 2005
Posts: 362
I understand you want to get a document from a remote location. That is get the XML file from another server. But you want that server's servlet to authenticate first. Right?

If so I would suggest you use the URL tools in Java. I'm doing a similar thing, but with the usage of XStream. Basically I request an XML document from a server through HTTP. The returned page gets sent to the XML parser (XStream) and converted to a bean. You can use the Authenticator class to authenticate your request to the servlet and setup a BASIC authentication in the web.xml for that servlet.

Does that help?
Jeppe Sommer
Ranch Hand

Joined: Jan 07, 2004
Posts: 270

I understand you want to get a document from a remote location. That is get the XML file from another server. But you want that server's servlet to authenticate first. Right?

Yes that is correct.


If so I would suggest you use the URL tools in Java.

To do the user authentification before I parse the file, I have tried to open a connection to the login servlet, just before I want to parse the XML document:

//Call the login servlet
java.net.URLConnection launch = new java.net.URL ( loginUrl ).openConnection();
launch.connect();
...
//Then parse the XML document
org.jdom.Document doc = parser.build( XMLdocument_URL );
...

- but the authentication session values (i.e. userID) is not found (not being kept in memory) when accessing the XML handler class?!


You can use the Authenticator class to authenticate your request to the servlet and setup a BASIC authentication in the web.xml for that servlet.

Yes but I wish do use my own login servlet, which automatically do the redirect to the correct XML handler class, depending on the username and password being stored in the database?
[ February 15, 2006: Message edited by: Jeppe Fjord ]
Gerardo Tasistro
Ranch Hand

Joined: Feb 08, 2005
Posts: 362
Originally posted by Jeppe Fjord:

Yes but I wish do use my own login servlet, which automatically do the redirect to the correct XML handler class, depending on the username and password being stored in the database?

[ February 15, 2006: Message edited by: Jeppe Fjord ]


In that case I can recommend you the usage of
request.isUserInRole("rolehere");
request.getRemoteUser();
request.getUserPrincipal();

Once you authenticate with the container you can use request.getRemoteUser(); to get the username and then based on that redirect to the correct XML handler class.

You might want to read into
More Servlets and JavaServer Pages´┐Ż
By Marty Hall
...............................................
Publisher: Prentice Hall
Pub Date: December 26, 2001
Print ISBN-10: 0-13-067614-4
Print ISBN-13: 978-0-13-067614-6
Pages: 752

Has two good chapters on security and login both declarative and programmatic security.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: User authentication before parsing XML