Servlets.com

Home

What's New?

com.oreilly.servlet

Servlet Polls

Mailing Lists

List Archives

Servlet Engines

Servlet ISPs

Servlet Tools

Documentation

Online Articles

The Soapbox

"Java Servlet
Programming,
Second Edition"

"Java Enterprise
Best Practices"

Speaking & Slides

About Jason

XQuery Affiliate

Advertising Info

The Book
Chapter 8 Examples from Java Servlet Programming, 2nd Ed

  • 8-1 to 8-3: Are you sure you have permissions to read this example?
  • 8-4: Snooping the authentication information
  • 8-5 to 8-7: Configuring form-based authentication
  • 8-8: Security in a servlet
  • 8-9 to 8-11: Form-based custom authorization
  • 8-13: Examining client certificates

Examples from other chapters:

Example 8.1 to 8.3: Are you sure you have permissions to read this example?
This servlet is protected by BASIC authentication as shown in web.xml and tomcat-users.xml. To see the salary information you'll need to login as a "manager" using names and passwords in tomcat-users.xml.

Example 8.4: Snooping the authentication information
This servlet tells the client its name, its principal, the kind of authentication performed (BASIC, DIGEST, FORM, CLIENT-CERT), and whether the user is a manager. You'll need to login, but you probably did that above.

Example 8.5 to 8.7: Configuring form-based authentication
This servlet is protected by form-based authentication as shown in web.xml and tomcat-users.xml. To see the salary information you'll need to login again as a "manager" (since it's a different method of authentication).

Example 8.8: Security in a servlet
This servlet performs custom authorization, receiving an Authorization header and sending the SC_UNAUTHORIZED status code and WWW-Authenticate header when necessary. The servlet restricts access to its “top-secret stuff” to those users (and passwords) it recognizes in its user list.

Example 8.9 to 8.11: Form-based custom authorization
These servlets and HTML pages together demonstrate form-based custom authorization. The login page asks the user for their name and password, the LoginHandler servlet checks if the login is valid, and the ProtectedResource servlet verifies that everyone accessing it has first gone through the login process. In this example LoginManager naively trusts any username/password pair.

Example 8.13: Examining client certificates
This servlet prints the client’X.509 certificate chain, if available. In this example, since we're not using SSL, it won't be available.

 


Home   com.oreilly.servlet   Polls   Lists   Archives
Engines   ISPs   Tools   Docs   Articles   Soapbox   Book

Copyright © 1999-2005 Jason Hunter
Privacy Policy

webmaster@servlets.com
Last updated: March 1, 2009