programming-examples/java/Servlets_Session_Swing_Util/Basic authentication web resource.java
2019-11-15 12:59:38 +01:00

79 lines
2.4 KiB
Java

Basic authentication web resource
package com.ack.web.servlet;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Securing a web application with basic HTTP authentication
* has been reduced to a configuration within web.xml
*
* to test: http://localhost/ack/servlet/protected/footie/get_time
*
<web-app>
<servlet>
<servlet-name>footie_time</servlet-name>
<servlet-class>com.ack.web.servlet.BasicAuthenticationWebResource</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>footie_time</servlet-name>
<url-pattern>/protected/footie/get_time</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>protected_zone</web-resource-name>
<url-pattern>/protected/footie/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>footie</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>pure genius football club</realm-name>
</login-config>
<security-role>
<description>the footie guys</description>
<role-name>footie</role-name>
</security-role>
</web-app>
*
* finally we need to map from the 'footie' role name to the
* security principal with the application server, in weblogic
* we do the following within the supporting weblogic.xml file:
*
*
<weblogic-web-app>
<security-role-assignment>
<role-name>footie</role-name>
<principal-name>cleve</principal-name>
</security-role-assignment>
</weblogic-web-app>
*/
public class BasicAuthenticationWebResource extends HttpServlet {
public void doGet( HttpServletRequest req, HttpServletResponse res )
throws ServletException, IOException {
res.setContentType( "text/html" );
PrintWriter pw = res.getWriter();
pw.println( "<strong>21:00 @ The Wandle Centre, Wandsworth</strong>" );
pw.println( "<br>don't be late!" );
}
}