Prompting for Authentication

This code snippet describes how to prompt for HTTP Basic Authentication using a Java Servlet.

The extension sends back a '401 Authenticate' response to the client if the client has not provided authentication credentials, or if the client's credentials are not valid. This response will generally cause a client's browser to display a dialog box requesting a user's credentials:

The code

public void doGet( HttpServletRequest req, HttpServletResponse res )
    throws ServletException, IOException
{
    try {
        ZXTMHttpServletRequest zreq = (ZXTMHttpServletRequest)req;
 
        String[] userPass = zreq.getRemoteUserAndPassword();
        if( userPass == null ) throw new Exception( "No Authentication details" );
 
        // Username is userPass[0], password is userPass[1]
 
        // Put your test here...
        if( <Credentials do not match> )
            throw new Exception( "Credentials do not match" );
 
        // No exceptions thrown... must have been successful ;-)
        return;
    } catch( Exception e ) {
        res.setHeader( "WWW-Authenticate", "Basic realm=\"Intranet - please log in\"" );
        res.setHeader( "Content-Type", "text/html" );
        res.setStatus( 401 );
 
        String message =
            "<html>" +
            "<head><title>Unauthorized</title></head>" +
            "<body>" +
            "<h2>Unauthorized - please log in</h2>" +
            "<p>Please log in with your system username and password</p>" +
            "<p>Error: " + e.toString() + "</p>" +
            "</body>" +
            "</html>";
 
        PrintWriter out = res.getWriter();
        out.println( message );
    }
}

You would call this Java Extension from a request rule:

java.run( "CheckAuth" );

If the authentication was not successful, the call to java.run() would not return because the Java Extension would write the response to the client.

If the authentication was successful, the java.run() function would return and the request rule would continue to be processed.

Running the code

See the Overview article, which describes how to create a Java source file from this code snippet.

The Watermarking article describes how to compile and deploy an extension using an IDE like Eclipse, and the Java Develoment Guide contains a complete reference.

The Active Directory article uses this code as the basis for authenticating users against an Active Directory server. It also describes how to cache authentication results in TrafficScript to improve performance and reduce the load on the authentication server.

Owen Garrett [Zeus Dev Team] 01 July 2008 Bookmark with del.icio.us Post this article to Digg Post this article to reddit Post this article to Facebook Tweet this article 1 comment  

Comments:

This public messageboard is not a forum for technical support. To report technical support problems, please contact our dedicated Support team using the instructions at the bottom of this page.

Comment from: Jeff Jones [Visitor] · http://www.yottaserve.com
I would like to be able to somehow tie this functionality up with a users stored website login credentials.

In the example above on this page (401 Authenticate) - is the username and password hard coded?

If I have an intranet that holds authentication details for each user in a mysql database - would it be possible to tie up the users website login with that of the authentication screen presented by the ZXTM?

If there are any examples of how to do this - I would be very grateful.

Cheers,

Jeff
Permalink 06 March 2009 @ 10:33
Leave a comment ...
Your email address will not be displayed.
Your URL will be displayed.
This public messageboard is not a forum for technical support. To report technical support problems, please contact our dedicated Support team using the instructions at the bottom of this page.
Options:
 
(Line breaks become <br />)
(Set cookies for name, email & url)

Recently...

Other Resources