Prentice Hall and Sun Microsystems. Personal use only; do not redistribute.


108


Chapter 4 Handling the Client Request: HTTP Request Headers


1. Check whether there is an 


Authorization


 header. If there is 


no such header, go to Step 2. If there is, skip over the word 


 basic  and reverse the base64 encoding of the remaining part. 


This results in a string of the form 


username:password


. Check 


the username and password against some stored set. If it 


matches, return the page. If not, go to Step 2.


2. Return a 401 (


Unauthorized


) response code and a header of 


the following form:


WWW Authenticate: BASIC realm="some name"


This response instructs the browser to pop up a dialog box tell 


ing the user to enter a name and password for 


some name


, then 


to reconnect with that username and password embedded in a 


single base64 string inside the 


Authorization


 header.


If you care about the details, base64 encoding is explained in RFC 1521


(remember, to retrieve RFCs, start at 


http://www.rfc editor.org/


 to


get a current list of the RFC archive sites). However, there are probably


only two things you need to know about it. First, it is not intended to pro 


vide security, as the encoding can be easily reversed. So, it does not obviate


the need for SSL to thwart attackers who might be able to snoop on your


network connection (no easy task unless they are on your local subnet).


SSL, or Secure Sockets Layer, is a variation of HTTP where the entire


stream is encrypted. It is supported by many commercial servers and is


generally invoked by using 


https


 in the URL instead of 


http


. Servlets can


run on SSL servers just as easily as on standard servers, and the encryption


and decryption is handled transparently before the servlets are invoked.


The second point you should know about base64 encoding is that Sun pro 


vides the 


sun.misc.BASE64Decoder


 class, distributed with both JDK 1.1


and 1.2, to decode strings that were encoded with base64. Just be aware


that classes in the 


sun


 package hierarchy are not part of the official lan 


guage specification, and thus are not guaranteed to appear in all implemen 


Second edition of this book: www.coreservlets.com; Sequel: www.moreservlets.com.


Servlet and JSP training courses by book's author: courses.coreservlets.com.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      jsp web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Jsp Web Hosting
Cheapest Web Hosting


Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved