Can I change authorization parameters in code?
I found this:
"1. Check whether there is an Authorization header. If there is
no such header, go to Step 2. If there is, skip over the word
"basic" and reverse the base64 encoding of the remaining part.
This results in a string of the form username:password. Check
the username and password against some stored set. If it
matches, return the page. If not, go to Step 2.
2. Return a 401 (Unauthorized) response code and a header of
the following form:
WWW-Authenticate: BASIC realm="some-name"
This response instructs the browser to pop up a dialog box telling
the user to enter a name and password for some-name, then
to reconnect with that username and password embedded in a
single base64 string inside the Authorization header."
Also if <auth-method>BASIC</auth-method> then
request.getHeader("Authorization"); return something like this "Basic
YWRtaW46YWRtaW4=" (this is for admin:admin ), but if
<auth-method>FORM</auth-method> then request.getHeader("Authorization");
return null.
Where is it? In session?
I use this for decoding:
String authorization = request.getHeader("Authorization");
String userInfo = authorization.substring(6).trim();
BASE64Decoder decoder = new BASE64Decoder();
String nameAndPassword =
new String(decoder.decodeBuffer(userInfo));
int index = nameAndPassword.indexOf(":");
String user = nameAndPassword.substring(0, index);
String password = nameAndPassword.substring(index+1);
I try with admin:admin and with sun.misc.BASE64Encoder make encode, and with
response.setHeader("Authorization", "Basic YWRtaW46YWRtaW4="), but nothing
happen and I can't get secure pages?
So, can I /addchange authorization parameters in code or server can only do
this?