aspose file tools*
The moose likes Servlets and the fly likes Passwords Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Passwords" Watch "Passwords" New topic
Author

Passwords

Bob Moranski
Ranch Hand

Joined: Nov 22, 2000
Posts: 177
Hi, I have this following code I don't quite understand.
1). Is the user info contained all within the first 6 letters of the Authorization header?
2). I can not find documentation to BASE64Decoder. What is it? And what does its decodeBuffer(String) do?

String authorization = request.getHeader("Authorization");
if (authorization == null) {
askForPassword(response);
} else {
String userInfo = authorization.substring(6).trim();
BASE64Decoder decoder = new BASE64Decoder();
String nameAndPassword =
new String(decoder.decodeBuffer(userInfo));
Thanks in advance!
Carl Trusiak
Sheriff

Joined: Jun 13, 2000
Posts: 3340
I believe your confusion here is caused by you only looking at one side of the picture. What this code is doing is checking to see if this person has accessed a page on your site and logged in yet. If not, it makes them login. When they do, that login will place in the header of the first response the information contained in Authorization including what the first 6 characters are and use Base64Encoder for the remainder. As a guess, the programmers encode this information to make it dificult for anyone snooping the traffic from obtaining someones password. To understand this fuller look at the login class that sets the Authorization information in the header.
BTW Base64Encoder and Base64Decoder are in a sun specific package sun.misc and I don't know if they have released any documentation on it.
Hope this helps
[This message has been edited by Carl Trusiak (edited December 01, 2000).]


I Hope This Helps
Carl Trusiak, SCJP2, SCWCD
Bob Moranski
Ranch Hand

Joined: Nov 22, 2000
Posts: 177
Thank you so much Carl.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Passwords