RE: Using Authenticate/Challenge to get User Name and Password from David Pepper on 1996-12-04 (www-jigsaw@w3.org from November to December 1996)

From: David Pepper <dpepper@bellcore.com>
Date: Wed, 4 Dec 1996 10:25:41 -0500 (EST)
To: www-jigsaw@w3.org
Message-Id: <199612041525.KAA19039@gypsy.bellcore.com>

Anselm,
	Thanks for your response.  I had tried something similar to what
you suggested but wasn't able to get the desired results.  What I did
was to use the code fragment from GenericAuthFilter as part of my
"public Reply get" method of my Java resource as follows:

 public Reply get (Request request)
    throws HTTPException
  {
    HtmlGenerator g = new HtmlGenerator ("VVMResource") ;

    // If we can't interact, we can't help:
   
// I thought I needed this here, but I may be wrong...
    if ( ! request.canKeepConnection() ) {
      g.append ("<h1>Sorry Access To The Server</h1>") ;
      g.append ("<h1>Is Not Possible From Your Browser.</h1>") ;
      g.append ("<h1>No User Interaction Allowed.</h1>") ;
    }
    else {
      // Great ! Now we can indeed help:
      // Check authentication according to auth method:

      BasicAuthContext ctxt = null ;
      String error_message = "Undefined Error" ;

 // The following if block seems to be always false in this context!!!
 // even when using a browser that will allow the GenericAuthFilter
 // querry/response to get into the Admin domain...
      // if ((request.hasAuthorization() && ! request.isProxy())
      //    || (request.isProxy() && request.hasProxyAuthorization())) {
          try {
              ctxt = new BasicAuthContext(request);
          } catch (BasicAuthContextException ex) {
              ctxt = null;
              error_message = ex.getMessage () ; // or ex.toString () ?
          }
      // }
      // else {
      //     ctxt = null ;
      //     error_message = "No Authorization Possible" ;
      // }
      if ( ctxt == null ) {
        g.append("<h1>Sorry Access To The Server</h1>") ;
        g.append("<h1>Is Not Possible Without A Subscriber ID and PIN.</h1>") ;
        g.append("<h2>"+error_message+"</h2>") ;
      }
      else {
        // got a response from the BasicAuthContext...
// This is where I want to be able to get to -- or, I could use a Filter
// resource as long as I can querry it for the entered user name / password
        String user     = ctxt.user ;
        String pin      = ctxt.password ;

        g.append ("<h1>Welcome To The Server: ") ;
        g.append (user) ;
        g.append (":") ;
        g.append (pin) ;
        g.append ("</h1>") ;
    }  // end of else block (got a response from BasicAuthContext)
    }  // end of else -- can allow user interaction

    Reply reply = createDefaultReply (request, HTTP.OK) ;
    reply.setStream (g) ;
    return reply ;

  } // end of public Reply get

Unfortunately, ctxt = new BasicAuthContext(request) always seems to
return a null value instead of the desired class.

			Thanks again,
			David Pepper
			dpepper@bellcore.com

Received on Wednesday, 4 December 1996 10:25:31 UTC