File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes HTTP basic authentication in Web Applications Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "HTTP basic authentication in Web Applications" Watch "HTTP basic authentication in Web Applications" New topic

HTTP basic authentication in Web Applications

mini mehta
Ranch Hand

Joined: Oct 22, 2000
Posts: 120
What is the HTTP basic authentication in Web Applications? How does this works and how is it administered?
James Swan
Ranch Hand

Joined: Jun 26, 2001
Posts: 403
Basic Authentication is a process where the HTTP response sent back to the http user agent contains the following info:
WWW-Authenticate BASIC realm="myRealm"
When the user agent (your browser) receives this it pops up a dialog box prompting for a username and password for "myRealm"
The user agent sends back the request with a header that looks like this:
Authorization BASIC Base64Encoded(username :password)
So long as the username and password is fine the user is allowed through to the protected resource.
How Basic Authentication is set up really depends on which HTTP server you are running.
Some HTTP servers have a file called .htaccess in the directory which you want to protect, containing the list of authorized users.
Basic Authentication is good in that it is relatively easy to setup, and you just let the browser and HTTP server handle the authentication, but a major problem is there is no "logout" functionality.
The only way to logout is for the user to close their browser.
Anyway, here is some code to simulate Basic Authentication, and will let you see what is going on, you can added code to print out the headers and see what is being sent back and forth between the client and server.

Also check out the manuals for your HTTP serverm I am sure they will have extensive detail on how to setup Basic Authentication.

[This message has been edited by james swan (edited August 23, 2001).]
I agree. Here's the link:
subject: HTTP basic authentication in Web Applications
It's not a secret anymore!