W3C home > Mailing lists > Public > www-jigsaw@w3.org > July to August 1996

Question about protecting directories

From: Anselm Baird-Smith <abaird@w3.org>
Date: Tue, 23 Jul 1996 08:39:05 +0500
Message-Id: <9607231239.AA11006@www18.w3.org>
To: Marko.Palola@vtt.fi
Cc: www-jigsaw@w3.org
Marko Palola writes:
 > Greetings,
 > I would like to know that how I can set up user and password
 > authentication directly from Java code for a specific directory?
 > The most help would be a sample class that just needs user name,
 > password and path to directory which needs to be protected.

Ok, I will try to sketch the code, I haven't think of this before
although I would like it to be possible too. Basically here is how it
would go:

I am assuming that you have created a realm with a given name (could
be 'users'. The following code will:
a) Create a new user record in this realm  to protect a specific
b) Setup an authentication filter on the given directory, and set it
   to use Basic auth (note that it should be easily tuned to more
   speicifc needs)

class SetProtection {

    public void setProtection(httpd server      // server in which to act
                              , String url	// url to protect
                              , String realm    // In what realm
                              , String uname    // User name for protection
                              , String upwd)    // User password
        // First stage: lookup target resource:
        LookupState state = new LookupState(url);
        FilteredResource r = null;
        try {
            r = (FilteredResource) server.getRoot().lookup(state);
        } catch (Exception ex) {
            // Resource not found
        // Second stage, lookup the realm:
        AuthRealm ar = server.getRealmsCatalog().loadRealm(realm);
        if ( ar == null )
            // Realms doesn't exist, error
        // Create the user:
        Hashtable defs = new Hashtable(11);
        defs.put("identifier", uname);
        defs.put("password", upwd);
        AuthUser user = new AuthUser();
        // Register it within the realm:
        // Ok, now setup the AuthFilter on target resource:
        String userlist[] = new String[1];
        userlist[0] = uname;
        defs.put("realm", realm);
        defs.put("users", userlist);
        defs.put("target", r);
        r.registerFilter(new GenericAuthFilter(), defs);


I haven't test this, but at least it should point you to the direction
to go. You will probably want to have the above method in a subclass
of PostableResource to get the parameters from a form. If this is the
case, the 'server' parameter value can be obtained through the
getServer() method of the PostableResource, the 'realm' parameter
would probaly be hard-coded (at least to start with). 

Of course, the PostableResource would have it's own protectoin scheme,
aloowingg only some 'admin' user to run the code. 

The above code misses a couple of check (eg was the target resource
already protected, etc).

If ever you try this piece of code, let me know how it goes. As far as
I can see, nothing should prevent it to run...

Received on Tuesday, 23 July 1996 08:39:14 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:25:29 UTC