Check HTTP for Digest authentication. Since http1.1
The code looks like this: (This code is not perfect, the RFC2617 algorithm is not implemented).
<%@ page pageencoding= "UTF-8" contenttype= "text/html;charset=utf-8"%><%@ page import= " Sun.misc.BASE64Decoder "%><%@ page import=" java.io.IOException "%><%@ page import=" Java.util.UUID "%> <%@ page import= "java.util.HashMap"%><%@ page import= "Java.util.Map"%><%! Check HTTP for Basic authentication. Since http1.0 public static Boolean Checkauth (HttpServletRequest request, String _username, String _password) {Boolean Authok = false; Each HTTP request after authentication is accompanied by a Authorization header message String Authorization = Request.getheader ("Authorization"); if (null = = Authorization | | Authorization.trim (). IsEmpty ()) {//need to certify return Authok; }//Sample data, no line breaks, comma, and space//Digest username= "admin", realm= "Digest Tiemao",//Nonce= "227c89449fd644a3b9df12e7cb8 B0e33 ", uri="/digest.jsp ",//Algorithm=md5, response=" a8bc07c1d6dc38802ce538247e22f773 ",//Qop=auth, nc=00000001, Cnonce= "F337AC5D88670EF5" string[] Digestarray = Authorization.split ("\\s+"); if (null = = Digestarray | | Digestarray.length < 2) {return authok; }//Map<string,string> Authmap = new hashmap<string,string> (); for (int i = 0; i < digestarray.length; i++) {String paraandvalue = digestarray[i]; string[] Pvarray = paraandvalue.split ("="); if (null = = Pvarray | | 2! = pvarray.length) {continue;//Do not process 0} String key = Pvarray[0]; String value = pvarray[1]; if (Null==key | | | null = = value) {}//value = Value.replace ("'", ""); Value = Value.replace (",", ""); Value = Value.replace ("\" "," "); Value = Value.trim (); Authmap.put (key, value); }//String username = authmap.get ("username"); String nonce = Authmap.get ("nonce"); String response = Authmap.get ("response"); There should be a RFC2617 algorithm, consistent with the client, that is, calculating the user password if (_username.equalsignorecase (username) && checkauth_rfc2617 (_username, _ Password, response)) {Authok = true;//authentication Successful,}// return Authok; }//RFC2617 operation, this algorithm is more complex, temporarily not implemented//reference address: http://www.faqs.org/rfcs/rfc2617.html public static Boolean checkauth_rfc2617 (St Ring _username,string _password, String response) {Boolean Authok = false; if (null! = _username | | null!=_password | | response.equalsignorecase (response)) {Authok = true;//authentication successful,} Retu RN true; }//Do not rely on the this state method, in fact should be set to static public static void Requiredigestauth (HttpServletResponse response, String nonce) { Send status code 401, cannot use Senderror, pit Response.setstatus (401, "Authentication Required"); String Authheader = "Digest realm=\" Digest tiemao\ ""; Authheader + = ", nonce=\" "+ nonce +" \ "; Authheader + = ", algorithm=md5"; Authheader + = ", qop=\" "+" auth "+" \ ""; Send a request to enter authentication information, the browser will pop up the input box Response.AddHeader ("Www-authenticate", Authheader); Return }%><%//String Authorization = Request.getheader ("Authorization"); String _username = "admin"; String pwd = "11111111"; Boolean Authok = CheckaUth (Request, _username, PWD); if (!authok) {//String nonce = Uuid.randomuuid (). toString (). Replace ("-", "" "); If the authentication fails, then requires authentication Requiredigestauth (response, nonce); Return }%>Code, as described above.
Check HTTP for Digest authentication code example-jsp