Login Authentication using .htpasswd
625 views
Skip to first unread message
TofuCrew
Mar 28, 2008, 1:17:16 PM3/28/08
to Google Web Toolkit
I'm trying to write a web app thats basically a portfolio generator
for engineering students where each student has their own page and can
submit, delete, organize, etc their projects.
Right now I've been stuck trying to get a login page to work. I've
searched endlessly on the topic or working example that will do what I
want, or close, to no avail.
What I have is a .htpasswd file with username:password that is every
student in my school. I did not create this file. I assume that the
school uses one of Tomcat's hashing algorithms.
here is an example of a user/pass: bellinge:BET8MKYMA0QaI:
21292:10080:Sean Paul Bellinger
I'm not sure on the proper way to go about authentication but my
question is how would I either 1) use GWT to hash the password the
same way tomcat would ( I'm not sure if java has the same exact
methods) or 2) somehow send the username/pass up to tomcat and notify
gwt on success?
if anyone could help at all this would be wonderful.
for engineering students where each student has their own page and can
submit, delete, organize, etc their projects.
Right now I've been stuck trying to get a login page to work. I've
searched endlessly on the topic or working example that will do what I
want, or close, to no avail.
What I have is a .htpasswd file with username:password that is every
student in my school. I did not create this file. I assume that the
school uses one of Tomcat's hashing algorithms.
here is an example of a user/pass: bellinge:BET8MKYMA0QaI:
21292:10080:Sean Paul Bellinger
I'm not sure on the proper way to go about authentication but my
question is how would I either 1) use GWT to hash the password the
same way tomcat would ( I'm not sure if java has the same exact
methods) or 2) somehow send the username/pass up to tomcat and notify
gwt on success?
if anyone could help at all this would be wonderful.
Jason Essington
Mar 28, 2008, 4:08:14 PM3/28/08
to Google-We...@googlegroups.com
this sounds like HTTP basic authentication ...
Which means that the password is not hashed at all, it is simply
base64 encoded.
If you are using RequestBuilder, you can simply use setUser and
setPassword to set the values and the appropriate http header will be
constructed prior to sending the request.
if you really want to know the gory details: http://www.ietf.org/rfc/rfc2617
-jason
TofuCrew
Mar 28, 2008, 4:59:06 PM3/28/08
to Google Web Toolkit
Hm...that looks very reasonable.
So would I implement that on the client side?
actually. I'm not quite sure if I understand how it works. I'm looking
over the api. Would I still need the htpasswd and an htaccess file?
The password dialog would still pop up before the gwt was even loaded.
I see that you can insert the user/pass into the header of the
requestbuilder. I guess I'd have to request a page behind the secured
subdirectories...? I might be completely off here.
Sorry if it's a silly question. I'd really appreciate the help
So would I implement that on the client side?
actually. I'm not quite sure if I understand how it works. I'm looking
over the api. Would I still need the htpasswd and an htaccess file?
The password dialog would still pop up before the gwt was even loaded.
I see that you can insert the user/pass into the header of the
requestbuilder. I guess I'd have to request a page behind the secured
subdirectories...? I might be completely off here.
Sorry if it's a silly question. I'd really appreciate the help
TofuCrew
Mar 28, 2008, 5:00:47 PM3/28/08
to Google Web Toolkit
actually, thinking about this. If it is base64 encoded..couldn't I
just encode it, send it to server side, compare strings, then validate
the user?
just encode it, send it to server side, compare strings, then validate
the user?
Manu
Mar 30, 2008, 3:44:10 PM3/30/08
to Google Web Toolkit
It looks like you wanna use Basic authentication on a tomcat.
I'm not quite sure but I think you can not use this file for the
authentication on the tomcat.
.htaccess files are for authentication on apache http server.
But you can do basic authentication on tomcat. You only have to change
the web.xml of the application.
Here is an example
<security-constraint>
<web-resource-collection>
<web-resource-name>Reports Browser</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Protected Area</realm-name>
</login-config>
Put this lines between the webapp tags in the web.xml.
It means that every url pattern in this application is secured with
authentication.
The user also must be admin. But you can define this roles by
yourself.
The users and roles are defined in the {tomcat=home}/conf/tomcat-
users.xml.
example:
<tomcat-users>
<role rolename="admin"/>
<user username="tomcat" password="tomcat" roles="admin"/>
</tomcat-users>
Hope this helps
I'm not quite sure but I think you can not use this file for the
authentication on the tomcat.
.htaccess files are for authentication on apache http server.
But you can do basic authentication on tomcat. You only have to change
the web.xml of the application.
Here is an example
<security-constraint>
<web-resource-collection>
<web-resource-name>Reports Browser</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Protected Area</realm-name>
</login-config>
Put this lines between the webapp tags in the web.xml.
It means that every url pattern in this application is secured with
authentication.
The user also must be admin. But you can define this roles by
yourself.
The users and roles are defined in the {tomcat=home}/conf/tomcat-
users.xml.
example:
<tomcat-users>
<role rolename="admin"/>
<user username="tomcat" password="tomcat" roles="admin"/>
</tomcat-users>
Hope this helps
Reply all
Reply to author
Forward
0 new messages