Professional Documents
Culture Documents
Ethan Cerami
New York University
GET / HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows
NT; DigExt)
Host: www.yahoo.com
Connection: Keep-AliveTip: Check out:
Cookie: B=2td79o0sjlf5r&b=2
http://www.web-sniffer.net
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.util.*;
/** Let the same servlet handle both GET and POST. */
res.sendRedirect( “http://www.yahoo.com”);
port java.io.*;
port javax.servlet.*;
port javax.servlet.http.*;
#Passwords
#Sat Aug 26 11:15:42 EDT 2000
nathan=nathanpw
marty=martypw
lindsay=lindsaypw
bj=bjpw
10/17/08 Browser/Servlet Communication II 42
java.util.Properties
You can easily and automatically load
the password file and parse its
contents:
passwordFile = "passwords.properties";
passwords = new Properties();
passwords.load(new
FileInputStream(passwordFile));
Then, you can extract the password for
a specific user name:
String password = properties.getProperty
("marty“);
10/17/08 Browser/Servlet Communication II 43
ProtectedPage.java
Here’s how the Servlet Works:
1) Initialization: Read in a Password file of valid
user names and passwords.
2) Check for the HTTP Authorization Header.
3) Decode the Authorization Header using Base 64
to obtain user name and password.
4) Check the User Name and Password against the
valid names list.
If valid, show protected page.
Else, issue another authentication challenge.