Check HTTP for Digest authentication code example-jsp

Source: Internet
Author: User

Check HTTP for Digest authentication. Since http1.1

The code looks like this: (This code is not perfect, the RFC2617 algorithm is not implemented).

<%@ page pageencoding= "UTF-8" contenttype= "text/html;charset=utf-8"%><%@ page import= " Sun.misc.BASE64Decoder "%><%@ page import=" java.io.IOException "%><%@ page import=" Java.util.UUID "%>  <%@ page import= "java.util.HashMap"%><%@ page import= "Java.util.Map"%><%! Check HTTP for Basic authentication.  Since http1.0 public static Boolean Checkauth (HttpServletRequest request, String _username, String _password) {Boolean    Authok = false;    Each HTTP request after authentication is accompanied by a Authorization header message String Authorization = Request.getheader ("Authorization"); if (null = = Authorization | |    Authorization.trim (). IsEmpty ()) {//need to certify return Authok; }//Sample data, no line breaks, comma, and space//Digest username= "admin", realm= "Digest Tiemao",//Nonce= "227c89449fd644a3b9df12e7cb8 B0e33 ", uri="/digest.jsp ",//Algorithm=md5, response=" a8bc07c1d6dc38802ce538247e22f773 ",//Qop=auth, nc=00000001,    Cnonce= "F337AC5D88670EF5" string[] Digestarray = Authorization.split ("\\s+"); if (null = = Digestarray | |    Digestarray.length < 2) {return authok;    }//Map<string,string> Authmap = new hashmap<string,string> ();      for (int i = 0; i < digestarray.length; i++) {String paraandvalue = digestarray[i];      string[] Pvarray = paraandvalue.split ("=");      if (null = = Pvarray | | 2! = pvarray.length) {continue;//Do not process 0} String key = Pvarray[0];      String value = pvarray[1];      if (Null==key | | | null = = value) {}//value = Value.replace ("'", "");      Value = Value.replace (",", "");      Value = Value.replace ("\" "," ");      Value = Value.trim ();    Authmap.put (key, value);    }//String username = authmap.get ("username");    String nonce = Authmap.get ("nonce");    String response = Authmap.get ("response"); There should be a RFC2617 algorithm, consistent with the client, that is, calculating the user password if (_username.equalsignorecase (username) && checkauth_rfc2617 (_username, _ Password, response)) {Authok = true;//authentication Successful,}//    return Authok; }//RFC2617 operation, this algorithm is more complex, temporarily not implemented//reference address: http://www.faqs.org/rfcs/rfc2617.html public static Boolean checkauth_rfc2617 (St    Ring _username,string _password, String response) {Boolean Authok = false; if (null! = _username | | null!=_password | | response.equalsignorecase (response)) {Authok = true;//authentication successful,} Retu  RN true;    }//Do not rely on the this state method, in fact should be set to static public static void Requiredigestauth (HttpServletResponse response, String nonce) {    Send status code 401, cannot use Senderror, pit Response.setstatus (401, "Authentication Required");    String Authheader = "Digest realm=\" Digest tiemao\ "";    Authheader + = ", nonce=\" "+ nonce +" \ ";    Authheader + = ", algorithm=md5";    Authheader + = ", qop=\" "+" auth "+" \ "";    Send a request to enter authentication information, the browser will pop up the input box Response.AddHeader ("Www-authenticate", Authheader);  Return  }%><%//String Authorization = Request.getheader ("Authorization");  String _username = "admin";  String pwd = "11111111"; Boolean Authok = CheckaUth (Request, _username, PWD);    if (!authok) {//String nonce = Uuid.randomuuid (). toString (). Replace ("-", "" ");    If the authentication fails, then requires authentication Requiredigestauth (response, nonce);  Return }%>Code, as described above.


Check HTTP for Digest authentication code example-jsp

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.