tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodrigo Ruiz <>
Subject OT: Using authenticated URLs
Date Wed, 26 Nov 2003 16:15:37 GMT
Hi all,

I am trying to implement a downloading web service that will act as an
internet front-end for an intranet server. I want my service to return a
file as an attachment. For this, I have a method like this (simplified 

  public DataHandler download(String path) throws AxisFault {
    String authInfo = getUserName() + ":" + getPassword();

    String sUrl = "http://" + authInfo + "@" + getServerHost() + ":"
                + getServerPort() + "/files/" + path;
    try {
      URL url = new URL(sUrl);
      return new DataHandler(url);
    catch (MalformedURLException e) {
      throw new AxisFault("Invalid path", e);

In order for Axis to send the URL contents as an attachment, I need to 
return a javax.activation.DataHandler instance. This object does not 
have any method to set authentication info.

The intranet server requires Basic authentication credentials, that is
why I add user / password to the URL. The problem is that it does not
work. The code fails with: Server returned HTTP response code: 401 for URL: ...

I have made some tests, and finally, I have found that when I try to use
url.openStream() for a URL with user / password data, no Authentication
header is sent to the server. Surfing the JDK source code, I can see
there are BasicAuthentication and DigestAuthentication classes in the package. I guess they should do what I need,
but I am trying to figure out how to "activate" their functionality.

Currently, I am creating a custom
subclass that extracts the getUserInfo() data from the URL and adds the
Basic Authentication header to the created URLConnection. It works, but
I do not like to have Sun classes dependencies in my code, and it will
fail if I try to connect to a server requiring Digest authentication.

Does anybody have some experience in this subject?
I wonder if there is something missing in my code. Perhaps a call
to activate the authentication mechanism, or something similar?

Thanks in advance,
Rodrigo Ruiz

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message