W3C home > Mailing lists > Public > www-jigsaw@w3.org > March to April 1998

Re: Authorization - requesting username & password in a filter

From: Yves Lafon <ylafon@w3.org>
Date: Wed, 18 Mar 1998 18:12:57 +0100 (MET)
To: Paul Pazandak <pazandak@OBJS.com>
cc: Jigsaw Email List <www-jigsaw@w3.org>
Message-ID: <Pine.GSO.3.96.980318174217.24749B-100000@tarantula.inria.fr>
On Wed, 18 Mar 1998, Paul Pazandak wrote:

> Is it possible to generate a username & password dialog (on the client) within a filter as
> part of an auxiliary authorization mechanism (the same dialog that appears when logging
> into the Admin pages on the server)? I would like to be able to do this independent of
> any Jigsaw authorization mechanisms -- e.g. ask a client for a username/password before
> letting them see a document.

The best way should be to use the Proxy Authentication. It then allow
users to browse pages with "normal" authentication
From the server...
If the Proxy-Authorization field is not present and do not contain the
right values, it should return a HTTP.PROXY_AUTH_REQUIRED (407).
And a Proxy-Authenticate header, (same as WWW-Authenticate field in an
"unauthorized" answer, see GenericAuthFilter).

> Second, IF the user already provided a username/password (for site access let's say, using
> Jigsaw auth mechanisms), is there a way for the filter to access this information?

Yes, the Proxy-Authorization field will be there (requested by the
filter). We use a trick to check the user taken from an AuthFilter in
w3c.jigsaw.filters.PutListResource (org.w3c.filters.PutListFrame).

      /\          - Yves Lafon - World Wide Web Consortium - 
  /\ /  \                Architecture Domain - Jigsaw
 /  \    \/\    
/    \   /  \   http://www.w3.org/People/Lafon - ylafon@w3.org    
Received on Wednesday, 18 March 1998 12:13:55 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:25:32 UTC