How to get password from HTTP basic authentication

Jin Kim picture Jin Kim · Apr 14, 2013 · Viewed 69.1k times · Source

I'm using HTTP BASIC Authentication with Java.

My Servlet sends a JMS message but I need to supply the user and password to authenticate myself while creating the connection:

javax.jms.ConnectionFactory.createConnection(String username, String password)

I can retrieve the username from HttpServletRequest.getUserPrincipal(). But there seems to be no way to retrieve the password. How do I solve this?

Answer

Akhilesh Singh picture Akhilesh Singh · Apr 14, 2013

The password you are referring to is most probably different from the one provided by users while login. While the use case is not clear from the question, but it appears you are trying to use the username/password provided by external users to create a connection to JMS Connection Factory. This does not sound architecturally secure to me. You should use only one credential for connecting to ConnectionFactory which needs to be protected( treat it like db connections). Better is to use JNDI to lookup ConnectionFactory and bypass the username/password management stuff.

However, in case you have to use the technique, can use following code block.I am copying it from Gitblit project as it was open in my eclipse

Using Java8 Base64 class:

final String authorization = httpRequest.getHeader("Authorization");
if (authorization != null && authorization.toLowerCase().startsWith("basic")) {
    // Authorization: Basic base64credentials
    String base64Credentials = authorization.substring("Basic".length()).trim();
    byte[] credDecoded = Base64.getDecoder().decode(base64Credentials);
    String credentials = new String(credDecoded, StandardCharsets.UTF_8);
    // credentials = username:password
    final String[] values = credentials.split(":", 2);
}