Menu
I am attempting to add BASIC authentication to my RESTful web-service. Currently I have BASIC authentication for an Apache Tomcat 6.0 server, but I need to deploy my web-service on a WebSphere application server ver. 6.1 as well and I am having problems getting BASIC authentication running on WebSphere.
Is there a way in Java to check the authentication headers of an HTTP request and if the username/password provided (in Base64 encoding) doesn't match a known account force the user to enter in a new username/password?
I have tried implementing Spring Security, but since my project was made entirely without Spring it has been a huge pain trying to get it to work, and I am attempting to find a simple solution to my rather simple problem.
Technologies that I am currently using include: Java, Jersey/JAX-RS, Eclipse with Maven plugin.
219
In September 2021, we announced that effective October 1, 2022, we will begin disabling Basic authentication for Outlook, EWS, RPS, POP, IMAP, and EAS protocols in Exchange Online. SMTP Auth will also be disabled if it is not being used.
Basic authentication sends user names and passwords over the Internet as text that is Base64 encoded, and the target server is not authenticated. This form of authentication can expose user names and passwords. If someone can intercept the transmission, the user name and password information can easily be decoded.
Basic authentication also has some drawbacks: Information is sent over the network as cleartext. The information is encoded with base64 encoding (see RFC 1521 for more information on base64 encoding), but it is sent in an unencrypted format. Any password sent using basic authentication can easily be decoded.
Basic authentication is easy to define. In the global securityDefinitions section, add an entry with type: basic and an arbitrary name (in this example - basicAuth). Then, apply security to the whole API or specific operations by using the security section.
You should be able to setup a servlet filter which gets executed before your REST handlers, inspects the "Authorization" request header, base 64 decodes it, extracts the username and password, and verifies. Something like this:
public void doFilter(ServletRequest req,
ServletResponse res,
FilterChain chain) {
if (request instanceof HttpServletRequest) {
HttpServletRequest request = (HttpServletRequest) req;
String authHeader = Base64.decode(request.getHeader("Authorization"));
String creds[] = authHeader.split(":");
String username = creds[0], password = creds[1];
// Verify the credentials here...
if (authorized) {
chain.doFilter(req, res, chain);
} else {
// Respond 401 Authorization Required.
}
}
doFilter(req, res, chain);
}
All servlet containers have a standard way to configure filter chains.
185
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
