File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes password-protected servlet Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of The Mikado Method this week in the Agile and other Processes forum!
JavaRanch » Java Forums » Java » Servlets
Reply Bookmark "password-protected servlet" Watch "password-protected servlet" New topic
Author

password-protected servlet

Xinbo Cheng
Greenhorn

Joined: Jan 05, 2001
Posts: 15
posted
0
Quote
Dear friends,
I have been unable to get the password-protected servlet from Marty Hall's Core Servlets and JSPs to work. I think my trouble is I don't know how to pass the passwords.Properties file to the servlet.
My problem is: the password does not give me access to the servlet.It appears I have not been successful in passing the
user/password values to the servlet even though I tried.
Please help, you may not have to look at the long code. Thanks!
I have a file named: passwords.Properties which contains a few
username/password pairS and it is located in a local folder
(C:\LocalFolder\passwords.Properties) and looks like this:
(Note it is built with a java class and opened with TextPad)
-----------------------------
#Passwords
#Sun Mar 04 15:36:25 EST 2001
nathan=nathanpw
marty=martypw
lindsay=lindsaypw
bj=bjpw
----------------------------------
Now,in my XML file I set servlet init parameter passwordFile as follows:
-------------------------------------------------------
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
<web-app>
<servlet>

<servlet-name>
SecretServlet
</servlet-name>

<servlet-class>
coreservlets.ProtectedPage
</servlet-class>

<init-param> //HERE THE passwordFile init parameter
<param-name>
passwordFile
</param-name>
<param-value>
"C:\\LocalFoldr\\passwords.properties"
</param-value>
</init-param>

<init-param>
<param-name>
repeats
</param-name>
<param-value>
10
</param-value>
</init-param>
</servlet>

<taglib>
<taglib-uri>
/tags
</taglib-uri>
<taglib-location>
/WEB-INF/tags/HelloTagLib.tld
</taglib-location>
</taglib>
</web-app>
------------------------------------------------------------
Code for ProtectedPage.java (M Hall's code, not mine)
-------------------------------------------------------------
package coreservlets;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.util.Properties;
import sun.misc.BASE64Decoder;
/** Example of password-protected pages handled directly
* by servlets.
* <P>
* Taken from Core Servlets and JavaServer Pages
* from Prentice Hall and Sun Microsystems Press,
* http://www.coreservlets.com/.
* © 2000 Marty Hall; may be freely used or adapted.
*/
public class ProtectedPage extends HttpServlet {
private Properties passwords;
private String passwordFile;
/** Read the password file from the location specified
* by the passwordFile initialization parameter.
*/

public void init(ServletConfig config)
throws ServletException {
super.init(config);
//I Think THE FOLLOWING CODE DEALS WITH THE passwordFile
try {
passwordFile = config.getInitParameter("passwordFile");
passwords = new Properties();
passwords.load(new FileInputStream(passwordFile));
} catch(IOException ioe) {}
}


public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String authorization = request.getHeader("Authorization");
if (authorization == null) {
askForPassword(response);
} else {
String userInfo = authorization.substring(6).trim();
BASE64Decoder decoder = new BASE64Decoder();
String nameAndPassword =
new String(decoder.decodeBuffer(userInfo));
int index = nameAndPassword.indexOf(":");
String user = nameAndPassword.substring(0, index);
String password = nameAndPassword.substring(index+1);
String realPassword = passwords.getProperty(user);
if ((realPassword != null) &&
(realPassword.equals(password))) {
String title = "Welcome to the Protected Page";
out.println(ServletUtilities.headWithTitle(title) +
"<BODY BGCOLOR=\"#FDF5E6\">\n" +
"<H1 ALIGN=CENTER>" + title + "</H1>\n" +
"Congratulations. You have accessed a\n" +
"highly proprietary company document.\n" +
"Shred or eat all hardcopies before\n" +
"going to bed tonight.\n" +
"</BODY></HTML>");
} else {
askForPassword(response);
}
}
}
// If no Authorization header was supplied in the request.

private void askForPassword(HttpServletResponse response) {
response.setStatus(response.SC_UNAUTHORIZED); // Ie 401
response.setHeader("WWW-Authenticate",
"BASIC realm=\"privileged-few\"");
}
/** Handle GET and POST identically. */

public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
Xinbo Cheng
Greenhorn

Joined: Jan 05, 2001
Posts: 15
posted
0
Quote
Thanks to those who looked at this message. I have figured out
my problem so don't look at those ugly code again!
XC
Randall Twede
Ranch Hand

Joined: Oct 21, 2000
Posts: 4092
    
    1
posted private message
0
Quote
If you use UBB code tag, your code will display much more readably. You can learn about UBB tags here http://www.javaranch.com/ubb/ubbcode.html

SCJP
 
I agree. Here's the link: http://zeroturnaround.com/jrebel - it saves me about five hours per week
 
subject: password-protected servlet
 
Similar Threads
Initparameter not working
Specifying file location in web.xml
Servlet question
urgent-problem in accessing initialisation parameters
Protected Page problem