{"id":1392,"date":"2013-05-16T05:37:49","date_gmt":"2013-05-16T05:37:49","guid":{"rendered":"http:\/\/www.softwareeverydayblog.com\/?p=1392"},"modified":"2018-12-10T18:01:05","modified_gmt":"2018-12-10T18:01:05","slug":"1392","status":"publish","type":"post","link":"https:\/\/www.softwareeverydayblog.com\/?p=1392","title":{"rendered":"Http Basic Authentication"},"content":{"rendered":"

Here’s a brief overview of Http Basic Authentication which is a (trivial) way of providing authentication in your application. Every-time you send a http request to the server, the username and password are sent as part of the HTTP header (in every request). They are encoded using base64, so yes it is NOT a safe way to do things. If you decide to use it, make sure you use SSL over it.<\/p>\n

\"\"<\/a><\/p>\n

    \n
  1. Users sends a request.<\/li>\n
  2. Server sends back response code 401 and Http response header WWW-Authenticate = Basic realm=”MyRealm”. Browser receives this (header and response code) and prompts user to enter username and password.<\/li>\n
  3. Browser sends another GET request but with Http request header Authorization: Basic .<\/li>\n
  4. Server receives this header, authenticates the user and sends back either a Response code 200 (OK) or 401 (Unauthorized).<\/li>\n<\/ol>\n

    If the response is 200 (Ok) browser will cache the username and password so that user doesn’t have to keep reentering it.<\/p>\n

    \r\nimport java.io.IOException;\r\nimport java.io.PrintWriter;\r\nimport javax.servlet.ServletException;\r\nimport javax.servlet.http.HttpServlet;\r\nimport javax.servlet.http.HttpServletRequest;\r\nimport javax.servlet.http.HttpServletResponse;\r\n\r\nimport org.apache.commons.codec.binary.Base64;\r\nimport org.apache.commons.codec.binary.StringUtils;\r\n\r\npublic class AuthenticateServlet extends HttpServlet {\r\n\r\n  private static final long serialVersionUID = 1L;\r\n\r\n  public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {\r\n    \r\n    if ( request.getHeader(\"Authorization\") != null ) {\r\n      String auth = request.getHeader(\"Authorization\");\r\n      String coded_user_password = auth.split(\" \") [1];\r\n      String decoded_user_password = StringUtils.newStringUtf8(Base64.decodeBase64(coded_user_password));\r\n      \r\n      String username = decoded_user_password.split(\":\")[0];\r\n      String password = decoded_user_password.split(\":\")[1];\r\n      \r\n      PrintWriter out = response.getWriter();\r\n      out.println(\"
    Username: \" + username + \"<\/p>
    Password: \" + password + \"<\/p>\");\r\n      \r\n    } else {\r\n      \r\n      response.setHeader(\"WWW-Authenticate\", \"Basic realm=\\\"MyRealm\\\"\");\r\n      response.setStatus(401);\r\n    \r\n    }\r\n  }\r\n}\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
    Here’s a brief overview of Http Basic Authentication which is a (trivial) way of providing authentication in your application. Every-time you send a http request to the server, the username and password are sent as part of the HTTP header (in every request). They are encoded using base64, so yes it is NOT a safe […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1392","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.softwareeverydayblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1392","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.softwareeverydayblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.softwareeverydayblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.softwareeverydayblog.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.softwareeverydayblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1392"}],"version-history":[{"count":11,"href":"https:\/\/www.softwareeverydayblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1392\/revisions"}],"predecessor-version":[{"id":10740,"href":"https:\/\/www.softwareeverydayblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1392\/revisions\/10740"}],"wp:attachment":[{"href":"https:\/\/www.softwareeverydayblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1392"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.softwareeverydayblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1392"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.softwareeverydayblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1392"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}