- From: Anselm Baird-Smith <abaird@w3.org>
- Date: Tue, 23 Jul 1996 08:39:05 +0500
- To: Marko.Palola@vtt.fi
- Cc: www-jigsaw@w3.org
Marko Palola writes: > Greetings, > > I would like to know that how I can set up user and password > authentication directly from Java code for a specific directory? > > The most help would be a sample class that just needs user name, > password and path to directory which needs to be protected. Ok, I will try to sketch the code, I haven't think of this before although I would like it to be possible too. Basically here is how it would go: I am assuming that you have created a realm with a given name (could be 'users'. The following code will: a) Create a new user record in this realm to protect a specific directory. b) Setup an authentication filter on the given directory, and set it to use Basic auth (note that it should be easily tuned to more speicifc needs) class SetProtection { public void setProtection(httpd server // server in which to act , String url // url to protect , String realm // In what realm , String uname // User name for protection , String upwd) // User password { // First stage: lookup target resource: LookupState state = new LookupState(url); FilteredResource r = null; try { r = (FilteredResource) server.getRoot().lookup(state); } catch (Exception ex) { // Resource not found return; } // Second stage, lookup the realm: AuthRealm ar = server.getRealmsCatalog().loadRealm(realm); if ( ar == null ) // Realms doesn't exist, error return; // Create the user: Hashtable defs = new Hashtable(11); defs.put("identifier", uname); defs.put("password", upwd); AuthUser user = new AuthUser(); user.initialize(defs); // Register it within the realm: realm.registerUser(user); // Ok, now setup the AuthFilter on target resource: String userlist[] = new String[1]; userlist[0] = uname; defs.clear(); defs.put("realm", realm); defs.put("users", userlist); defs.put("target", r); r.registerFilter(new GenericAuthFilter(), defs); } } I haven't test this, but at least it should point you to the direction to go. You will probably want to have the above method in a subclass of PostableResource to get the parameters from a form. If this is the case, the 'server' parameter value can be obtained through the getServer() method of the PostableResource, the 'realm' parameter would probaly be hard-coded (at least to start with). Of course, the PostableResource would have it's own protectoin scheme, aloowingg only some 'admin' user to run the code. The above code misses a couple of check (eg was the target resource already protected, etc). If ever you try this piece of code, let me know how it goes. As far as I can see, nothing should prevent it to run... Anselm.
Received on Tuesday, 23 July 1996 08:39:14 UTC