检查HTTP 的 Basic认证. since http1.0
代码如下所示:
<%@ page pageEncoding="UTF-8" contentType="text/html;charset=UTF-8" %><%@ page import="sun.misc.BASE64Decoder" %><%@ page import="java.io.IOException" %><%!// 检查HTTP 的 Basic认证. since http1.0public static boolean checkAuth(HttpServletRequest request, String id, String pwd){boolean authOK = false;// 认证后每次HTTP请求都会附带上 Authorization 头信息String Authorization = request.getHeader("Authorization");if(null == Authorization || Authorization.trim().isEmpty()){// 需要认证return authOK;}//String[] basicArray = Authorization.split("\\s+");if(null == basicArray || 2 != basicArray.length){return authOK;}//String basic = basicArray[0];String base64 = basicArray[1];//try {byte[] buf = new BASE64Decoder().decodeBuffer(base64);String idpass = new String(buf, "UTF-8");if(null == idpass || idpass.trim().isEmpty()){// 需要认证return authOK;}//String[] idpassArray = idpass.split(":");if(null == idpassArray || 2 != idpassArray.length){return authOK;}String _id = idpassArray[0];String _pass = idpassArray[1];//if(id.equalsIgnoreCase(_id) && pwd.equalsIgnoreCase(_pass)){authOK = true;// 认证成功}} catch (IOException e) {e.printStackTrace();}//return authOK;}// 不依赖 this 状态的方法,其实都应该设置为 staticpublic static void requireAuth(HttpServletResponse response, String msg){// 发送状态码 401, 不能使用 sendError,坑response.setStatus(401,"Authentication Required");// 发送要求输入认证信息,则浏览器会弹出输入框response.addHeader("WWW-Authenticate","Basic realm="+ msg);return;}%><%//String Authorization = request.getHeader("Authorization");//String userid = "admin";String pwd = "11111111";boolean authOK = checkAuth(request, userid, pwd);//if (!authOK) {// 如果认证失败,则要求认证requireAuth(response, "R U OK,小米");return;}%><html><head><title>R U OK?</title></head><body>R U OK? <%=userid %>. Your Password is <%="********"%></body></html>请参考代码中的注释,具体信息,,还可以参考《图解HTTP》。我看着这本书中的HTTP-Basic认证手痒,就写了这么一个demo代码。
累死累活不说,走马观花反而少了真实体验,
