Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Authenticate  RSS feed

 
Richard West
Ranch Hand
Posts: 127
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi everyone,

I need to ask a fairly general question about the java Authenticator class. Its also rather silly but please bear with me

You see if you need to access a URL
that needs a password you can use the Authenticator class and pass the password if you want to read from the URL.

Now if you want to write to that URL(which most probably requires a password) can you also use the Authenticator class or is the Authenticator class meant for reading from URLs only

I hope someone can clear this confusion up for me

Yours Sincerely

Richard West
 
Rick O'Shay
Ranch Hand
Posts: 531
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Whether you can read or write is an authorization issue and the Authenticator is strictly for authentication. If you can authenticate you're in. If you can open an output stream on the connection you can write but you might get an I/O exception if you do not have permission on the other side.
[ August 25, 2005: Message edited by: Rick O'Shay ]
 
Richard West
Ranch Hand
Posts: 127
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi everyone,

Originally posted by Rick O'Shay:
[QB]If you can open an output stream on the connection you can write but you might get an I/O exception if you do not have permission on the other side.


Rick that's precisely why i want to use the Authenticator class. I may be able to open an ouput stream but like you said i may not have permission to write to it.

So basically my question is can i use the Authenticator class to authenticate myself before writing to that output stream or do i have to do it via some other way

Any help is greatly appreciated

Yours Sincerely

Richard West
 
Rick O'Shay
Ranch Hand
Posts: 531
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If access is protected (through a security constraint) to that URL then, yes, you can authenticate yourself and I suppose it's a combination authorization and authentication insofar as you can apply those constraints to a variety of URLs. Try it!

To be honest it's rarely used because the name/password are part of the header and sent in the clear, even with SSL -- check on that but pretty sure that's the case. Most people use form-based security with SSL and establish a user session where the user has assigned roles in a property file or database or what have you. It's more secure, more flexible, easier to maintain.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!