- 打印本文 关闭窗口
- 在jsp中作HTTP认证的方法
- 作者:采集员 文章来源:来源于网络 点击数: 更新时间:2005/9/10 14:29:25
最近研究了jsp中作HTTP认证的问题,它的工作方式如下:
1、server发送一个要求认证代码401和一个头信息WWW-authenticate,激发browser弹出一个认证窗口
2、server取得browser送来的认证头"Authorization",它是加密的了,要用Base64方法解密,取得明文的用户名和密码
3、检查用户名和密码,根据结果传送不同的页面
以下是jsp的片断,你也可以把它做成include文件。和Base64的加解密的class源码。
如有兴趣可与我联系:unixboy@yeah.net<jsp:useBean id="base64"scope="page"class="Base64"/>
<%
if(request.getHeader("Authorization")==null){
response.setStatus(401);
response.setHeader("WWW-authenticate","Basic realm="unixboy.com"");
}else{
String encoded=(request.getHeader("Authorization"));
String tmp=encoded.substring(6);
String up=Base64.decode(tmp);
String user="";
String password="";
if(up!=null){
user=up.substring(0,up.indexOf(":"));
password=up.substring(up.indexOf(":")+1);
}
if(user.equals("unixboy")&&password.equals("123456")){
//认证成功
}else{
//认证失败
}
}
%>
//消息加解密class
public class Base64
{
/** decode a Base 64 encoded String.
*<p><h4>String to byte conversion</h4>
* This method uses a naive String to byte interpretation, it simply gets each
* char of the String and calls it a byte.</p>
*<p>Since we should be dealing with Base64 encoded Strings that is a reasonable
* assumption.</p>
*<p><h4>End of data</h4>
* We don't try to stop the converion when we find the"="end of data padding char.
* We simply add zero bytes to the unencode buffer.</p>
*/
public static String decode(String encoded)
{
StringBuffer sb=new StringBuffer();
int maxturns;
//work out how long to loop for.
if(encoded.length()%3==0)
maxturns=encoded.length();
else
maxturns=encoded.length()+(3-(encoded.length()%3));
//tells us whether to include the char in the unencode
boolean skip;
//the unencode buffer
byte[] unenc=new byte[4];
byte b;
for(int i=0,j=0;i<maxturns;i++)
{
skip=false;
//get the byte to convert or 0
if(i<encoded.length())
b=(byte)encoded.charAt(i);
else
b=0;
//test and convert first capital letters, lowercase, digits then '+' and '/'
if(b>=65&&b<91)
unenc[j]=(byte)(b-65);
else if(b>=97&&b<123)
unenc[j]=(byte)(b-71);
else if(b>=48&&b<58)
unenc[j]=(byte)(b+4);
else if(b=='+')
unenc[j]=62;
else if(b=='/')
unenc[j]=63;
//if we find"="then data has finished, we're not really dealing with this now
else if(b=='=')
unenc[j]=0;
else
{
char c=(char)b;
if(c==' ' || c==' ' || c==' ' || c==' ')
skip=true;
else
//could throw an exception here? it's input we don't understand.
;
}
//once the array has boiled convert the bytes back into chars
if(!skip&&++j==4)
{
&n- 打印本文 关闭窗口