About Question enthuware.ocejws.v6.2.228 :

Moderators: Site Manager, fjwalraven

Post Reply
himaiMinh
Posts: 358
Joined: Fri Nov 29, 2013 8:26 pm
Contact:

About Question enthuware.ocejws.v6.2.228 :

Post by himaiMinh »

How about this solution as the third example in the explanation?

Code: Select all

 @GET
 @Path("/usenamepwd")
 @Consumes("application/x-www-form-urlencoded")
  public String getUsernamePassword(@FormParam ("username") String username, @FormParam("password") String password) {
        String username = Base64.base64Decode(username);
        String password = Base64.base64Decode(password);
return username + ":"+password;
 }
The user can input the credentials using an HTML form on the browser.

fjwalraven
Posts: 429
Joined: Tue Jul 24, 2012 2:43 am
Contact:

Re: About Question enthuware.ocejws.v6.2.228 :

Post by fjwalraven »

It is a nice possibility but the question is talking about Basic Authentication and where the credentials end up and how you can get to them.

Authentication is all about the web service or web application asking a user to authenticate.

Regards,
Frits

himaiMinh
Posts: 358
Joined: Fri Nov 29, 2013 8:26 pm
Contact:

Re: About Question enthuware.ocejws.v6.2.228 :

Post by himaiMinh »

Hi,
In option 3, it says "The username and password are not encrypted."
I think the client application can encrypt the credentials, and then encode them and send them over SSL.
The JAX-RS service can decode them and decrypt them.

fjwalraven
Posts: 429
Joined: Tue Jul 24, 2012 2:43 am
Contact:

Re: About Question enthuware.ocejws.v6.2.228 :

Post by fjwalraven »

The question states: "The client is requested to authenticate by the browser (using Basic Authentication). "

There is, by default, no encryption taking place in the client when Basic Authentication is taking place. Therefore option 3 is not correct.

Regards,
Frits

Post Reply

Who is online

Users browsing this forum: No registered users and 18 guests