basic-authentication

Lately I've been working on implementing security for my web application, running on a Glassfish v3. I successfully managed to secure some resources by setting a basic authentication up like following: <login-config> <auth-method>BASIC</auth-method> <realm-name>vcards-admin</realm-name> </login-config> Now I was wondering how to get the user name introduced on the login prompt to fecth the actual data of the user. I thought there could be a session attribute to get that piece of data, but I don't know which one it is. Am I wrong about the session attribute? Is there any other way to access

Thanks to this thread How to download and save a file from Internet using Java? I know how to download a file, now my problem is that I need to authenticate on the sever from which I'm dowloading. It's an http interface to a subversion server. Which field do I need to look up into ? Using the code posted in the last comment, I get this exception: java.io.IOException: Server returned HTTP response code: 401 for URL: http://myserver/systemc-2.0.1.tgz at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1305) at java.net.URL.openStream(URL.java:1009) at mypackage

I'm trying to understand how authentication and authorization work in DropWizard . I've read their auth guide as well as the dropwizard-security project on GitHub, but feel like I'm still missing a few important concepts. public class SimpleCredential { private String password; public SimpleCredential(String password) { super(); this.password = password; } } public class SimplePrincipal { pivate String username; public SimplePrincipal(String username) { super(); this.username = username; } } public class SimpleAuthenticator implements Authenticator<SimpleCredential, SimplePrincipal> {

When using http basic authentication, the username can be passed in the URL, e.g. http://david@foo.com/path/ But now suppose the username is an email address, e.g. david@company.com. Doing this is clearly ambiguous: http://david@company.com@foo.com/path/ Is there a way to escape the @ character in the username? I tried standard URL encoding: http://david%40company.com@foo.com/path/ But that didn't do it. According to RFC 3986 , section 3.2.1, it needs to be percent encoded: userinfo = *( unreserved / pct-encoded / sub-delims / ":" ) So it looks like http://david%40company.com@foo.com/path/ Is

I have spring web application with Spring security configured using java config approach. I want to exclude some URL patterns from authentication(eg: static resources etc..). I have done this earlier with spring security xml config but couldn't figure out with java config as adding antmatchers doesn't help. Following is my code added in security config class extending WebSecurityConfigurerAdapter @Override public void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/authFailure") .permitAll() .anyRequest() .authenticated() .and() .httpBasic() .and()

I created RESTful webservice (WCF) where I check credentials on each request. One of my clients is Android app and everything seems to be great on server side. I get request and if it's got proper header - I process it, etc.. Now I created client app that uses this service. This is how I do GET: // Create the web request var request = WebRequest.Create(Context.ServiceURL + uri) as HttpWebRequest; if (request != null) { request.ContentType = "application/json"; // Add authentication to request request.Credentials = new NetworkCredential(Context.UserName, Context.Password); // Get response using