- From: Anselm Baird_Smith <abaird@www43.inria.fr>
- Date: Wed, 4 Dec 1996 15:08:41 +0100 (MET)
- To: Noone <none@bellcore.com>
- Cc: www-jigsaw@w3.org
none@bellcore.com writes: > I would like to prompt a user for a user name and password (similar > as is being done in GenericAuthFilter), but I need to be able to > pass the returned values to a Java resource "page". I have looked > through the code for the GenericAuthFilter, HttpChallenge, HttpFactory, > Request, Reply, and others, but have been unable to find the code > fragment that sends the HTTP UNAUTHORIZED message to the client > browser and gets back the response. Any clearer suggestions on > where to look or, preferably, an example "Java page" that does > this? This is done in the genericAuthFilter super-class, w3c.jigsaw.auth.AuthFilter, whose purpose is to provide the common code for authentication, with as less assumptions as possible on the auth method used. The path is the following: a) You issue a GET to foo b) The foo resource is looked up c) Filters on foo are invoked, in particular GenericAuthFilter d) ingoingFilter of GenericAuthFilter is inherited from AuthFilter e) AuthFilter:ingoingFilter calls authenticate f) GenericAuthFilter:authenticate is the one that throws the appropriate exception, eg: [w3c.jigsaw.auth.GenericAuthFilter] public void authenticate (Request request) throws HTTPException { ... // Check authentication according to auth method: if ((request.hasAuthorization() && ! request.isProxy()) || (request.isProxy() && request.hasProxyAuthorization())) { .... // Is that user allowed ? if ( ctxt != null ) { user = checkBasicAuth(ctxt) ; if ((user != null) && checkUser(user)) { // Authentication succceeded, normal return: ... return ; } } } } // Every possible scheme has failed for this request, emit an error // There you are: here is the UNAUTHORISED status Reply e = null; if ( request.isProxy() ) { e = request.makeReply(HTTP.PROXY_AUTH_REQUIRED); e.setProxyAuthenticate(challenge); } else { e = request.makeReply(HTTP.UNAUTHORISED); e.setWWWAuthenticate (challenge); } HtmlGenerator g = new HtmlGenerator("Unauthorised"); g.append ("<h1>Unauthorised access</h1>" + "<p>You are denied access to this resource."); e.setStream(g); throw new HTTPException (e); } Hope this helps, Anselm.
Received on Wednesday, 4 December 1996 09:09:06 UTC