Using Authenticate/Challenge to get User Name and Password from Anselm Baird_Smith on 1996-12-04 (www-jigsaw@w3.org from November to December 1996)

From: Anselm Baird_Smith <abaird@www43.inria.fr>
Date: Wed, 4 Dec 1996 15:08:41 +0100 (MET)
To: Noone <none@bellcore.com>
Cc: www-jigsaw@w3.org
Message-Id: <199612041408.PAA27778@www43.inria.fr>

none@bellcore.com writes:
 > I would like to prompt a user for a user name and password (similar
 > as is being done in GenericAuthFilter), but I need to be able to
 > pass the returned values to a Java resource "page".  I have looked
 > through the code for the GenericAuthFilter, HttpChallenge, HttpFactory,
 > Request, Reply, and others, but have been unable to find the code
 > fragment that sends the HTTP UNAUTHORIZED message to the client
 > browser and gets back the response.  Any clearer suggestions on
 > where to look or, preferably, an example "Java page" that does
 > this?

This is done in the genericAuthFilter super-class,
w3c.jigsaw.auth.AuthFilter, whose purpose is to provide the common
code for authentication, with as less assumptions as possible on the
auth method used.

The path is the following:

a) You issue a GET to foo
b) The foo resource is looked up
c) Filters on foo are invoked, in particular GenericAuthFilter
d) ingoingFilter of GenericAuthFilter is inherited from AuthFilter
e) AuthFilter:ingoingFilter calls authenticate
f) GenericAuthFilter:authenticate is the one that throws the
   appropriate exception, eg:   

[w3c.jigsaw.auth.GenericAuthFilter]
public void authenticate (Request request) 
	throws HTTPException
    {
        ...
	// Check authentication according to auth method:
	if ((request.hasAuthorization() && ! request.isProxy())
	    || (request.isProxy() && request.hasProxyAuthorization())) {
            ....
	    // Is that user allowed ?
	    if ( ctxt != null ) {
		user = checkBasicAuth(ctxt) ;
		if ((user != null) && checkUser(user)) {
                        // Authentication succceeded, normal return:
                        ...
			return ;
		    }
		}
	    }
	}		
	// Every possible scheme has failed for this request, emit an error
// There you are: here is the UNAUTHORISED status
	Reply e = null;
	if ( request.isProxy() ) {
	    e = request.makeReply(HTTP.PROXY_AUTH_REQUIRED);
	    e.setProxyAuthenticate(challenge);
	} else {
	    e = request.makeReply(HTTP.UNAUTHORISED);
	    e.setWWWAuthenticate (challenge);
	}
	HtmlGenerator g = new HtmlGenerator("Unauthorised");
	g.append ("<h1>Unauthorised access</h1>"
		  + "<p>You are denied access to this resource.");
	e.setStream(g);
	throw new HTTPException (e);
    }
    
Hope this helps,
Anselm.

Received on Wednesday, 4 December 1996 09:09:06 UTC