Question about protecting directories

Marko Palola writes:
 > Greetings,
 > 
 > I would like to know that how I can set up user and password
 > authentication directly from Java code for a specific directory?
 > 
 > The most help would be a sample class that just needs user name,
 > password and path to directory which needs to be protected.

Ok, I will try to sketch the code, I haven't think of this before
although I would like it to be possible too. Basically here is how it
would go:

I am assuming that you have created a realm with a given name (could
be 'users'. The following code will:
a) Create a new user record in this realm  to protect a specific
   directory.
b) Setup an authentication filter on the given directory, and set it
   to use Basic auth (note that it should be easily tuned to more
   speicifc needs)

class SetProtection {

    public void setProtection(httpd server      // server in which to act
                              , String url	// url to protect
                              , String realm    // In what realm
                              , String uname    // User name for protection
                              , String upwd)    // User password
    {
        // First stage: lookup target resource:
        LookupState state = new LookupState(url);
        FilteredResource r = null;
        try {
            r = (FilteredResource) server.getRoot().lookup(state);
        } catch (Exception ex) {
            // Resource not found
            return;
        }
        // Second stage, lookup the realm:
        AuthRealm ar = server.getRealmsCatalog().loadRealm(realm);
        if ( ar == null )
            // Realms doesn't exist, error
            return;
        // Create the user:
        Hashtable defs = new Hashtable(11);
        defs.put("identifier", uname);
        defs.put("password", upwd);
        AuthUser user = new AuthUser();
        user.initialize(defs);
        // Register it within the realm:
        realm.registerUser(user);
        // Ok, now setup the AuthFilter on target resource:
        String userlist[] = new String[1];
        userlist[0] = uname;
        defs.clear();
        defs.put("realm", realm);
        defs.put("users", userlist);
        defs.put("target", r);
        r.registerFilter(new GenericAuthFilter(), defs);
    }

}

I haven't test this, but at least it should point you to the direction
to go. You will probably want to have the above method in a subclass
of PostableResource to get the parameters from a form. If this is the
case, the 'server' parameter value can be obtained through the
getServer() method of the PostableResource, the 'realm' parameter
would probaly be hard-coded (at least to start with). 

Of course, the PostableResource would have it's own protectoin scheme,
aloowingg only some 'admin' user to run the code. 

The above code misses a couple of check (eg was the target resource
already protected, etc).

If ever you try this piece of code, let me know how it goes. As far as
I can see, nothing should prevent it to run...

Anselm.

Received on Tuesday, 23 July 1996 08:39:14 UTC