• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

HTTP Basic Authentication

 
Ranch Hand
Posts: 86
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Source: Javaranch Mock Exam

Which of the following statements are true about HTTP Basic Authentication?
a. The Server asks the client for username/password when the client request for a
protected resource.
b. The Browser by identifying the response body can determine whether a request is
protected or not.
c. The HTTP Basic Authentication mechanism is very simple as the username/password
information is encrypted before they are sent.



Answer: A.

I am in agreement. But for option B, I wanted to know how does browser identify whether a request is protected or not (since after all browser log-in screen is used in this case) ??
 
Ranch Hand
Posts: 1936
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
By using header, take a look at http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html - 401 Unauthorized.
 
Ranch Hand
Posts: 63
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A browser sends a request for a protected resource. At this time the browser does not know that the resource is protected, so it sends a normal http request. For example GET/photos/samplePhoto.jpg /HTTP1.1

The server observes that the resource is protected, and so instead of sending the resource, it sends a 401 Unauthorized message back to the client. In the
message, it also includes a header that tells the browser that the Basic authentication is needed to access the resource. The header also specifies the context in
which the authentication would be valid.

Like:
HTTP/1.1 401 Unauthorized
Server: Tomcat 5.0.25
www-Authenticate:Basic realm="privelegeUser"
content-length=1000
content-type=image/jpeg
....
.....
Upon receiving the above response, the browser opens a dialog box prompting for a username and password.
Once the user enters the username and password, the browser resends the request and passes the values in a header named Authorization:

GET/photos/samplePhoto.jpg /HTTP1.1
Authorization: Basic am9objpqamo= (this is Base64 encoded value of the username:password string.)

Hope that clarifies. For more information please refer a book .
 
Kamal Tripathi
Ranch Hand
Posts: 86
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thnx a lot guys .. I think its a lot clearer now ...
 
reply
    Bookmark Topic Watch Topic
  • New Topic