[Android] Implementation of HTTP digest certification on the Android platform

Subject:

Write an Android Application to access an HTTP-based data service system. To improve security, the data service system adopts the HTTP digest authentication system. The reason is that compared with the basic authentication method, digest authentication ensures the transmission security of authentication information (user name and password) and is easier to use than SSL. A user name and password dialog box is displayed when you access the service through a browser. However, if you access the service through a program, you must provide authentication information during the program access process.

 

Requirements:

-- The user name and password can be set in the program

-- Access digest-based authentication and HTTP data service (in JSON format) over the network)

-- Use the basic Android library instead of other extension libraries (based on compatibility considerations)

-- Support for Android and later Systems

-- Simple and clear technical implementation

 

Implementation:

Some solutions provided on the network have some problems, such as the need to use third-party class libraries, create authenticators, and manually set Request Parameters. They are all troublesome and have many problems. After exploration, I implemented the authentication process based on the android standard library in the program. The implementation idea, process, and sample code are as follows:

The basic logic is:

--- Use the httpclient (defaulthttpclient) class to connect to the server and obtain data

Defualthttpclient class: Create a client object

Excuete (httpget) method: Execute connection and get. The parameter is an httpget object.

Httpget class: creates an httpget object based on a URL

Httpresponse class: Return Value of execute

Getentiry (). getcontent () method: Get Data Stream

--- The client needs an authentication method to access the resources to be authenticated, so it needs to set up an authentication provider.

Client's setcredentialsprovider (BCP) method: sets the authentication provider

Basiccredentialsprovider class: creates an authentication provider instance.

Setcredentials method: Set the authscope and usernamepasswordcredentials classes.

Authscope class: authentication scope, built based on host, port, and domain

Usernamepasswordcredentials: based on the user name and password certificate, built based on the user name and password

The implementation code is as follows:

// 1. Get and set the URL address, a string variable, and a URL object

String urlstr = "http: //

URL url = new URL (urlstr );

// 2. Create a password certificate (usernamepasswordcredentials class)

String username = "foo ";

String Password = "bar ";

Usernamepasswordcredentials UPC = new usernamepasswordcredentials (username, password );

// 3. Set the authentication scope (authscore class)

String strrealm = "<mydomain> ";

String strhost = URL. gethost ();

Int iport = URL. getport ();

Authscope as = new authscope (strhost, iport, strrealm );

// 4. Create an authentication provider (basiccredentials class) based on as and UPC

Basiccredentialsprovider BCP = new basiccredentialsprovider ();

BCP. setcredentials (AS, UPC );

// 5. Create an HTTP client (defaulthttpclient class)

Defaulthttpclient client = new defaulthttpclient ();

// 6. Set the authentication provider for this client

Client. setcredentialsprovider (BCP );

// 7. Create a get method (httpget class) based on the accessed URL address

Httpget Hg = new httpget (urlstr );

// 8. Execute the get method and return response

Httpresponse hR = client.exe cute (Hg );

// 9. retrieve data from response and use inputstreamreader to read response entity:

String line = NULL;

Stringbuilder builder = new stringbuilder ();

Bufferedreader reader = new bufferedreader (New inputstreamreader (HR. getentity (). getcontent ()));

While (line = reader. Readline ())! = NULL) builder. append (line );

Strcontent = builder. tostring ();

 

Summary

--- Compared with the implementation in Java, we can see Apache in andriod. there is a big difference between the HTTP Library and the commons-httpclient library in terms of structure and implementation. This causes Java-based implementation to be unable to be directly transplanted to Android.

--- The above implementation is simple, logic clear, and easy to understand. It does not involve more complex technical details of digest authentication, but is encapsulated by credentialsprovider.

--- The preceding implementation does not use the usual connection class, but the client class, which provides richer connection and status control functions. In comparison, connection is simpler.

--- The user name and password are used as parameters in the authentication framework instead of components of the HTTP request, which is more secure.

--- The server implementation is not discussed here. In fact, I use rails to implement HTTP digest. However, theoretically, this authentication method is a standard.

 

 

Author decisive collection of articles, this article is not original, from: http://hi.baidu.com/yan__jh/blog/item/d6a689c17d33502ce4dd3b01.html

Author: yiyaaixuexi published on 20:28:27 Original article link Read: 144 comment: 1 view comment