Server Side Programming-2 What is BASIC Authentication? Explain with example.

An authentication protocol defined within the HTTP protocol, which allows user to make request, browser sends a dialog box to ask username and password and verified by server. In this, user is not allowed to change the look and fe el of the dialog box. User entries are maintained in web.xml file. Example: When you start Apache Tomcat, it asks for username and password. This server uses HTTP Basic authentication for authenticating users. Following are the steps for implementing HTTP Basic Authentication: 1. Add username and password with their roles in tomcatusers.xml file. This is available in \conf folder of Tomcat installation folder. 2. Create a Servlet class. 3.Deploy this Servlet and provide necessary constraints in Web.xml. for example : \Tomcat 6.0\conf\tomcat-users.xml <?xml version='1.0' encoding='utf-8'?> <tomcat-users> <role rolename="Administrator"/> <role rolename="Guest"/> <user username="Yash" password="MyPune" roles="Administrator, Guest"/> <user username="Sweety" password="IAMSWEETY" roles="Guest"/> </tomcat-users> Create a Servlet class Save following source code in BasicAuthority.java import java.io.*; import javax.servlet.*;

import javax.servlet.http.*; public class BasicAuthority extends HttpServlet { public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { res.setContentType("text/plain"); PrintWriter out = res.getWriter(); out.println("Wel-come ......!"); out.println("You are authorized by server...."); } } Deploying Web Application in Deployment Descriptor (DD) <?xml version="1.0" encoding="ISO-8859-1"?> <Web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/Web-app_2_4.xsd" ersion="2.4"> <servlet> <servlet-name>secret</servlet-name> <servlet-class>BasicAuthority</servlet-class> </servlet> <servlet-mapping> <servlet-name>secret</servlet-name> <url-pattern>/BasicAuthority</url-pattern> </servlet-mapping> <!- - Security Constraints are defined here --> <security-constraint> <Web-resource-collection> name> <Web-resource-name>Basic-Authority</Web-esource-

<url-pattern>/BasicAuthority</url-pattern> <url-pattern>/secret</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </Web-resource-collection> <auth-constraint> <role-name>Administrator</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name> thority http://localhost:8080/Sample/BasicAu

</realm-name> </login-config> <security-role> <role-name>Administrator</role-name> </security-role> </Web-app> When you request for an application, the server finds the role defined in DD and check that with the role defined is tomcat-users.xml. The following <login-config> tag defines which method of authentication is used (BASIC, FORM, DIGEST or CLIENTCERT) <login-config> <auth-method>BASIC</auth-method> <realm-name>

//////////////////////////////////////////////////////// For full Version visit http://smudeassignments.blogspot.com/

This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/ or send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA. ///////////////////////////////////////////////////////