Figure
4??“4 shows the result of a failed authorization attempt. Figure 4??“5 shows the
result of successful authorization. Listing 4.5 shows the complete web.xml file used
to deploy the servlet.
Listing 4.4 StockTip.java
package stocks;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import sun.misc.BASE64Decoder;
/** Servlet that gives very hot stock tips. So hot that
* only authorized users (presumably ones who have paid
* the steep financial advisory fee) can access the servlet.
*/
public class StockTip extends HttpServlet {
/** Denies access to all users except those who know
* the secret username/password combination.
*/
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
String authorization = request.getHeader("Authorization");
if (authorization == null) {
askForPassword(response);
} else {
// Authorization headers looks like "Basic blahblah",
// where blahblah is the base64 encoded username and
// password. We want the part after "Basic ".
String userInfo = authorization.substring(6).trim();
BASE64Decoder decoder = new BASE64Decoder();
String nameAndPassword =
new String(decoder.decodeBuffer(userInfo));
// Decoded part looks like "username:password".
int index = nameAndPassword.indexOf(":");
String user = nameAndPassword.substring(0, index);
String password = nameAndPassword.
Pages:
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241