9. Implement basic HTTP authorization for SimpleWebServer. Read the HTTP 1.0 specification for more details (www.w3.org/Protocols/rfc2616/rfc2616.html) on how basic HTTP authorization works.

a. Instrument SimpleWebServer to store a username and password as data members. Require that any HTTP request to the web server be authorized by checking for an authorization HTTP header with a base64-encoded username and password. Requests that do not contain an authorization header should receive a WWW-Authentication challenge. Requests that do contain an authorization header should be authenticated against the username and password hard-coded in the SimpleWebServer class. (In Chapter 9, you will learn to build a proper password manager for SimpleWebServer so that the username and password do not need to be hard-coded.)

b. Pretend that you are an attacker who got ahold of the compiled SimpleWebServer. class file. Run the strings utility on the compiled SimpleWebServer.class file to reveal the username and password that your modified web server requires. (If you are running a UNIX-based system, the strings utility is most likely preinstalled on your system. If you are running Windows, you can obtain the strings utility from www.sysinternals.com/Utilities/Strings.html.)

c. Install Ethereal (www.ethereal.com) and a base64 decoder on your system. Make a few HTTP requests to your web server in which you use your username and password to authenticate. Use Ethereal to capture network traffic that is exchanged between your web client and server. Use the base64 decoder to convert the encoded username and password in the Ethereal logs to plain text.