Home
What's
New?
com.oreilly.servlet
Servlet
Polls
Mailing
Lists
Servlet
Engines
Servlet
ISPs
Servlet
Tools
Documentation
Online
Articles
The
Soapbox
"Java
Servlet
Programming,
Second Edition"
"Java
Enterprise
Best Practices"
Speaking
& Slides
About
Jason
XQuery
Affiliate
Advertising
Info
|
Chapter 8 Examples from Java Servlet
Programming
- 8-1: Snooping the authorization information
- 8-2: Security in a servlet
- 8-3 to 8-5: Form-based custom authorization
Examples from other chapters:
- Example 8.1: Snooping the authorization information
- This servlet tells the client its name and what kind of
authentication has been performed (basic, digest, or some
alternative). If you try it for yourself, you'll need to
login as "demo" with password "demo".
- Example 8.2: Security in a servlet
- This servlet performs custom authorization, receiving an
Authorization header and sending the SC_UNAUTHORIZED status
code and WWW-Authenticate header when necessary. The servlet
restricts access to its "top-secret stuff" to those users
(and passwords) it recognizes in its user list. For this
example, the list is kept in a simple Hashtable and its
contents are hard-coded; this would, of course, be replaced
with some other mechanism, such as an external relational
database, for a production servlet. If you try it yourself,
you'll need to examine the source for valid logins.
- Example 8.3 to 8-5: Form-based custom authorization
- These servlets and HTML pages together demonstrate
form-based custom authorization. The login page asks the
user for their name and password, the LoginHandler servlet
checks if the login is valid, and the ProtectedResource
servlet verifies that everyone accessing it has first gone
through the login process. In this example LoginManager
naively trusts any username/password pair.
|