Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

servlet to bypass basic authentication

 
Lee Fei Tye
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,

I've been struggling for days on this matter and would appreciate any advice in resolving this issue.

My servlet was able to access resources in a web directory until
i set up memory realm password protection on the web folder.

The question is
How do i bypass authentication with my servlet to access files in a password protected web folder.


I've set user and roles in tomcat-users.xml

in my web.xml

<!-- Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>resource directory</web-resource-name>
<url-pattern>/resource/PDF/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>

<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Application</realm-name>
</login-config>

<!-- Security roles referenced by this web application -->
<security-role>
<description>
The role that is required to log in to the Manager Application
</description>
<role-name>user</role-name>
</security-role>

in my servlet class

try {
this.getServletResponse().setContentType( "application/pdf" );

String fileURL = getPrefix(this.getServletRequest().getRequestURL().toString())
+ "resource/PDF/" + test.pdf";

this.getServletResponse().setHeader("Content-disposition", "attachment; filename=" + "sample.pdf" );

BufferedInputStream bis = null;
BufferedOutputStream bos = null;
try {
HttpURLConnection url = (HttpsURLConnection)(new URL(fileURL)).openConnection();
// Use Buffered Stream for reading/writing.
bis = new BufferedInputStream(url.getInputStream());
bos = new BufferedOutputStream(this.getServletResponse().getOutputStream ());
byte[] buff = new byte[2048];
int bytesRead;
// Simple read/write loop.
while(-1 != (bytesRead = bis.read(buff, 0, buff.length))) {
bos.write(buff, 0, bytesRead);
}
} catch(final MalformedURLException e) {
System.out.println ( "MalformedURLException." );
throw e;
} catch(final IOException e) {
System.out.println ( "IOException." );
throw e;
} finally {
if (bis != null)
bis.close();
if (bos != null)
bos.close();
}
} catch (Exception e) {
return ERROR;
}

Thanks in advance
~Nick.
 
Duc Vo
Ranch Hand
Posts: 254
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can use context.getRealPath() method to get the real file path, then use the normal java.io API to read the file. It should work.
 
Lee Fei Tye
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Works like a charm.

Thanks so much.

~Nick
 
Amol Nayak
Ranch Hand
Posts: 218
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I feel that ServletContext's getRealPath should be avoided and getResourceAsStream should be preferred.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic