The protected resource:
http://localhost/fishsticks/hello.html
Apache Version:
Apache 2.0 on Fedora 8
Setting up Apache for .htaccess
Configure the httpd.conf file to allow .htaccess by editing the section that looks like:
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
Change the AllowOverride directive to be
AllowOverride AuthConfig
And then restart the Apache httpd (the web server). The httpd.conf on Fedora is located in /etc/httpd/conf directory and on windows it is generally on C:\Program Files\Apache Group\Apache\conf (or something close to that).
Next go to the content directory of the web server and add the .htaccess file. In my example, Apache serves files from /var/www/html directory. Therefore, I create the fishsticks directory, create a simple hello.html file that says "fishsticks". Make sure you can view this page in the browser. Simple go to http://localhost/fishsticks/hello.html. You should see the word "fishsticks" in your browser.
Creating the .htaccess File
The .htaccess file goes in the fishsticks directory that Apache serves content from (/var/www/html/fishsticks).
The .htaccess file needs to contain:
AuthType Digest
AuthName "realm"
AuthUserFile /usr/local/apache/passwd/digest
Require user corbin
The password file also needs to be created. This is done using the htpasswd utility, for example:
htpasswd -c /usr/local/apache/passwd/digest realm corbin
You will be requested to type and re-type the new password.
Adding password for corbin in realm realm.
New password:
Re-type new password:
Now you will have the file /usr/local/apache/passwd/digest which contains the following line:
corbin:realm:a8f9dac51f13bb1a0eb9ffe3aea281d6
Restart the Apache httpd and try to hit the url http://localhost/fishsticks/hello.html and you should be presented with an authorization dialog from your browser. This a controlled by the browser so there is not much you may do to make it pretty.
If you authenticate using username "corbin" and password "dallas" you should see the fishsticks page. If you fail authentication you will get a http 401 status page.
The code for the test client is:
package com.mindlinc.rx.integration.agent;
import java.io.IOException;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.httpclient.auth.AuthScope;
import org.apache.commons.httpclient.methods.GetMethod;
public class TestAuthentication {
/**
* @param args
*/
public static void main(String[] args) {
HttpClient client = new HttpClient();
UsernamePasswordCredentials upc = new UsernamePasswordCredentials("corbin", "dallas");
AuthScope as = new AuthScope("localhost", 80, "realm");
client.getState().setCredentials(as, upc);
try {
GetMethod gm = new GetMethod("http://localhost/fishsticks/hello.html");
int status = client.executeMethod(gm);
System.out.println("Response Status: "+ status);
String result = gm.getResponseBodyAsString();
System.out.println(result);
} catch (IOException e) {
e.printStackTrace();
}
}
}
If you change the username or password the returned status will be 401 instead of 200 when you successfully authenticate.
