Servlets.com

Home

What's New?

com.oreilly.servlet

Servlet Polls

Mailing Lists

Servlet Engines

Servlet ISPs

Servlet Tools

Documentation

Online Articles

The Soapbox

"Java Servlet
Programming,
Second Edition"

"Java Enterprise
Best Practices"

Speaking & Slides

About Jason

XQuery Affiliate

Advertising Info

The Book

Chapter 8 Examples from Java Servlet Programming, 2nd Ed

8-1 to 8-3: Are you sure you have permissions to read this example?
8-4: Snooping the authentication information
8-5 to 8-7: Configuring form-based authentication
8-8: Security in a servlet
8-9 to 8-11: Form-based custom authorization
8-13: Examining client certificates

Examples from other chapters:

Example 8.1 to 8.3: Are you sure you have permissions to read this example?: This servlet is protected by BASIC authentication as shown in web.xml and tomcat-users.xml. To see the salary information you'll need to login as a "manager" using names and passwords in tomcat-users.xml.

Try it (see below for login credentials)
Source
web.xml
tomcat-users.xml

Example 8.4: Snooping the authentication information: This servlet tells the client its name, its principal, the kind of authentication performed (BASIC, DIGEST, FORM, CLIENT-CERT), and whether the user is a manager. You'll need to login, but you probably did that above.

Example 8.5 to 8.7: Configuring form-based authentication: This servlet is protected by form-based authentication as shown in web.xml and tomcat-users.xml. To see the salary information you'll need to login again as a "manager" (since it's a different method of authentication).

Try it (see below for login credentials)
Source
web.xml
loginpage.html
errorpage.html
tomcat-users.xml

Example 8.8: Security in a servlet: This servlet performs custom authorization, receiving an Authorization header and sending the SC_UNAUTHORIZED status code and WWW-Authenticate header when necessary. The servlet restricts access to its “top-secret stuff” to those users (and passwords) it recognizes in its user list.

Try it (see the source for credentials)
Source

Example 8.9 to 8.11: Form-based custom authorization: These servlets and HTML pages together demonstrate form-based custom authorization. The login page asks the user for their name and password, the LoginHandler servlet checks if the login is valid, and the ProtectedResource servlet verifies that everyone accessing it has first gone through the login process. In this example LoginManager naively trusts any username/password pair.

Example 8.13: Examining client certificates: This servlet prints the client’X.509 certificate chain, if available. In this example, since we're not using SSL, it won't be available.

Home com.oreilly.servlet Polls Lists
Engines ISPs Tools Docs Articles Soapbox Book

Copyright © 1999-2005 Jason Hunter
Privacy Policy

webmaster@servlets.com
Last updated: March 1, 2009