Implementing Authentication for a WebDAV Servlet

Question

I am currently using this WebDAV Java Servlet Implementation, it's as far as I know the smallest and the easiest to use WebDAV java solution that doesn't depend on Tomcat ( Using WebLogic ).

So I would like to extend this to use my underlying security layer which somewhat uses a database connection to authenticate users.

My question is if this is possible? Does the HttpServletRequest even get the Authentication?

Consider the following method header:

protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { }

Now I would like to use req.getPrincipal to get the User Principal containing the Username and Password. However, my getPrincipal always returns null even if I set my WebDAV client to Windows Authentication or anything else for that matter.

Answer 1

If you are using your own authentication layer, you need to inject your authentication information to the ServletRequest. This is normally done through a filter and wrapped HttpServletRequest.

You can find a good example in CAS,

http://www.jasig.org/cas

Download the source and look at this class,

org.jasig.cas.client.web.filter.HttpServletRequestWrapperFilter

Answer 2

Here's an open source servlet filter, http://spnego.sourceforge.net, that will get you the user principal.