Auth (digest) request from Servlet

Question

Hi guys, I'm creating a small servlet. It's hosted at root, "/", and whatever comes after "/" is a resource, like "/myanim.swf". Most of the files are public, but some are private. For public files, they are just served, but for private files, I wish the browser to present an authentication box and have a Digest authentication sent back to the servlet, that can then verify it and serve the content. How should I implement the

if(!file.isPublic())

part? Since I want the browser to do the authentication, I don't want to use j_security_check mechanism

Cheers

Nik

Answer 1

Servlet spec supports this out of the box. "j_security_check mechanism" as you refer to it is only used during form-based authentication method whereas you will be using digest.

Here's a corresponding chapter from J2EE tutorial and here's an example of how to configure basic authentication for a servlet (replacing it with a digest-based method is straightforward).