What's New?


Servlet Polls

Mailing Lists

List Archives

Servlet Engines

Servlet ISPs

Servlet Tools


Online Articles

The Soapbox

"Java Servlet
Second Edition"

"Java Enterprise
Best Practices"

Speaking & Slides

About Jason

XQuery Affiliate

Advertising Info

The Book
Chapter 8 Examples from Java Servlet Programming

  • 8-1: Snooping the authorization information
  • 8-2: Security in a servlet
  • 8-3 to 8-5: Form-based custom authorization

Examples from other chapters:

Example 8.1: Snooping the authorization information
This servlet tells the client its name and what kind of authentication has been performed (basic, digest, or some alternative). If you try it for yourself, you'll need to login as "demo" with password "demo".

Example 8.2: Security in a servlet
This servlet performs custom authorization, receiving an Authorization header and sending the SC_UNAUTHORIZED status code and WWW-Authenticate header when necessary. The servlet restricts access to its "top-secret stuff" to those users (and passwords) it recognizes in its user list. For this example, the list is kept in a simple Hashtable and its contents are hard-coded; this would, of course, be replaced with some other mechanism, such as an external relational database, for a production servlet. If you try it yourself, you'll need to examine the source for valid logins.
    • Try it (see source for valid logins, case sensitive)
    • Source

Example 8.3 to 8-5: Form-based custom authorization
These servlets and HTML pages together demonstrate form-based custom authorization. The login page asks the user for their name and password, the LoginHandler servlet checks if the login is valid, and the ProtectedResource servlet verifies that everyone accessing it has first gone through the login process. In this example LoginManager naively trusts any username/password pair.


Home   com.oreilly.servlet   Polls   Lists   Archives
Engines   ISPs   Tools   Docs   Articles   Soapbox   Book

Copyright © 1999-2005 Jason Hunter
Privacy Policy
Last updated: March 1, 2009