tags:

views:

192

answers:

2
+1  Q: 

In a Java-webapp (war), how can I use HTTP-auth for static content?

I have a Java-webapp. The webapp is packaged as a war-file. These war-file allow static content, that is directly delivered via HTTP. For servlets in this war I can make a HTTP-authentication (implement it with the servlet itself). But I also want HTTP-auth for the static content. How can I realize this?

+2  A: 

Create a class that implements javax.servlet.Filter. See The Essentials of Filters

The main method is doFilter that is passed the ServletRequest, ServletResponse and FilterChain objects. That's where you enforce authentication.

Then declare your filter in web.xml and a filter mapping as following (maps to every request)

    <filter>
            <filter-name>Authentication Filter</filter-name>
            <filter-class>
                    com.nfsdsystems.security.filters.AuthenticationFilter</filter-class>
    </filter>
    <filter-mapping>
            <filter-name>Authentication Filter</filter-name>
            <url-pattern>/*</url-pattern>
    </filter-mapping>
Nathan  2009-05-05 15:18:40
That works great for me. I've written my own filter.
Mnementh  2009-05-06 14:18:41
+3  A: 

Put your static html files in a direcotry and define your security constraints in your web.xml. Map the constraints to the appropriate role.

<security-constraint>
     <display-name>securedResources</display-name>
     <web-resource-collection>
      <web-resource-name>securedRes</web-resource-name>
      <url-pattern>/secured/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>PUT</http-method>
      <http-method>HEAD</http-method>
      <http-method>TRACE</http-method>
      <http-method>POST</http-method>
      <http-method>DELETE</http-method>
      <http-method>OPTIONS</http-method>
     </web-resource-collection>
     <auth-constraint>
      <description>
      authenticatedUser_securedRes</description>
      <role-name>authenticatedUsed</role-name>
     </auth-constraint>
    </security-constraint>
svachon  2009-05-05 16:04:30
That would indeed be the prefered way to do it using realms.
Nathan  2009-05-05 19:20:43
How I can define the usernames/passwords this way?
Mnementh  2009-05-06 10:04:39
It depends of the app server you are using. For Tomcat, google "jdbc realm configuration". For websphere, the prefered way would be ldap.
svachon  2009-05-06 11:23:11
As I want to only deploy a war with my application and no further configuration needed, I prefer the Filter-solution, sorry. But your answer is also good, upvote.
Mnementh  2009-05-06 14:17:53

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java