File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Passwords Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Passwords" Watch "Passwords" New topic


Bob Moranski
Ranch Hand

Joined: Nov 22, 2000
Posts: 177
Hi, I have this following code I don't quite understand.
1). Is the user info contained all within the first 6 letters of the Authorization header?
2). I can not find documentation to BASE64Decoder. What is it? And what does its decodeBuffer(String) do?

String authorization = request.getHeader("Authorization");
if (authorization == null) {
} else {
String userInfo = authorization.substring(6).trim();
BASE64Decoder decoder = new BASE64Decoder();
String nameAndPassword =
new String(decoder.decodeBuffer(userInfo));
Thanks in advance!
Carl Trusiak

Joined: Jun 13, 2000
Posts: 3340
I believe your confusion here is caused by you only looking at one side of the picture. What this code is doing is checking to see if this person has accessed a page on your site and logged in yet. If not, it makes them login. When they do, that login will place in the header of the first response the information contained in Authorization including what the first 6 characters are and use Base64Encoder for the remainder. As a guess, the programmers encode this information to make it dificult for anyone snooping the traffic from obtaining someones password. To understand this fuller look at the login class that sets the Authorization information in the header.
BTW Base64Encoder and Base64Decoder are in a sun specific package sun.misc and I don't know if they have released any documentation on it.
Hope this helps
[This message has been edited by Carl Trusiak (edited December 01, 2000).]

I Hope This Helps
Carl Trusiak, SCJP2, SCWCD
Bob Moranski
Ranch Hand

Joined: Nov 22, 2000
Posts: 177
Thank you so much Carl.
I agree. Here's the link:
subject: Passwords
It's not a secret anymore!