检查HTTP 的 Basic认证代码示例-JSP

时间:2022-11-03 14:26:54

检查HTTP 的 Basic认证. since http1.0

代码如下所示:

<%@ page pageEncoding="UTF-8" contentType="text/html;charset=UTF-8" %>
<%@ page import="sun.misc.BASE64Decoder" %>
<%@ page import="java.io.IOException" %>
<%!
    // 检查HTTP 的 Basic认证. since http1.0
    public static boolean checkAuth(HttpServletRequest request, String id, String pwd){
        boolean authOK = false;
        // 认证后每次HTTP请求都会附带上 Authorization 头信息
        String Authorization = request.getHeader("Authorization");
        if(null == Authorization || Authorization.trim().isEmpty()){
            // 需要认证
            return authOK;
        }
        //
        String[] basicArray = Authorization.split("\\s+");
        if(null == basicArray || 2 != basicArray.length){
            return authOK;
        }
        //
        String basic = basicArray[0];
        String base64 = basicArray[1];
        //
        try {
            byte[] buf = new BASE64Decoder().decodeBuffer(base64);
            String idpass = new String(buf, "UTF-8");
            if(null == idpass || idpass.trim().isEmpty()){
                // 需要认证
                return authOK;
            }
            //
            String[] idpassArray = idpass.split(":");
            if(null == idpassArray || 2 != idpassArray.length){
                return authOK;
            }
            String _id = idpassArray[0];
            String _pass = idpassArray[1];
            //
            if(id.equalsIgnoreCase(_id) && pwd.equalsIgnoreCase(_pass)){
                authOK = true;// 认证成功
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
        //
        return authOK;
    }

    // 不依赖 this 状态的方法,其实都应该设置为 static
    public static void requireAuth(HttpServletResponse response, String msg){
        // 发送状态码 401, 不能使用 sendError,坑
        response.setStatus(401,"Authentication Required");
        // 发送要求输入认证信息,则浏览器会弹出输入框
        response.addHeader("WWW-Authenticate","Basic realm="+ msg);
        return;
    }
%>
<%
    //
    String Authorization = request.getHeader("Authorization");
    //
    String userid = "admin";
    String pwd = "11111111";
    boolean authOK = checkAuth(request, userid, pwd);
    //
    if (!authOK) {
		// 如果认证失败,则要求认证
        requireAuth(response, "R U OK,小米");
        return;
    }
%>
<html>
<head>
    <title>R U OK?</title>
</head>
<body>
    R U OK? <%=userid %>. Your Password is <%="********"%>
</body>
</html>

请参考代码中的注释,具体信息,还可以参考《图解HTTP》。我看着这本书中的HTTP-Basic认证手痒,就写了这么一个demo代码。