Check the HTTP Digest authentication code example-JSP, digest-jsp

Check the HTTP Digest authentication code example-JSP, digest-jsp

Check HTTP Digest authentication. since http1.1

The Code is as follows: (this code is not complete, and RFC2617 is not implemented ).

<% @ Page pageEncoding = "UTF-8" contentType = "text/html; charset = UTF-8" %> <% @ page import = "sun. misc. BASE64Decoder "%> <% @ page import =" java. io. IOException "%> <% @ page import =" java. util. UUID "%> <% @ page import =" java. util. hashMap "%> <% @ page import =" java. util. map "%> <%! // Check the Basic Authentication of HTTP. since http1.0 public static boolean checkAuth (HttpServletRequest request, String _ username, String _ password) {boolean authOK = false; // after authentication, the Authorization header is attached to each HTTP request. String Authorization = request. getHeader ("Authorization"); if (null = Authorization | Authorization. trim (). isEmpty () {// return authOK to be authenticated;} // sample data, without line breaks, with commas or spaces // Digest username = "admin", realm = "DIG EST tiemao ", // nonce =" 227c89449fd644a3b9df12e7cb8b0e33 ", uri ="/digest. jsp ", // algorithm = MD5, response =" canonical ", // qop = auth, nc = 00000001, cnonce =" f337ac5d88670ef5 "String [] digestArray = Authorization. split ("\ s +"); if (null = digestArray | digestArray. length <2) {return authOK;} // Map <String, String> authMap = new HashMap <String, String> (); for (int I = 0; I <digestA Rray. length; I ++) {String paraAndValue = digestArray [I]; // String [] pvArray = paraAndValue. split ("="); if (null = pvArray | 2! = PvArray. length) {continue; // do not process 0} String key = pvArray [0]; String value = pvArray [1]; // if (null = key | null = value) {} // value = value. replace ("'", ""); value = value. replace (",", ""); value = value. replace ("\" "," "); value = value. trim (); authMap. put (key, value);} // String username = authMap. get ("username"); String nonce = authMap. get ("nonce"); String response = authMap. get ("response ");/ /Here there should be an RFC2617 algorithm, which is consistent with the client, that is, calculating the user password if (_ username. equalsIgnoreCase (username) & checkAuth_RFC2617 (_ username, _ password, response) {authOK = true; // authentication successful,} // return authOK;} // RFC2617 operation, this algorithm is complex, not implemented at the moment // reference address: http://www.faqs.org/rfcs/rfc2617.html public static boolean checkAuth_RFC2617 (String _ username, String _ password, String response) {boolean authOK = false; if (null! = _ Username | null! = _ Password | response. equalsIgnoreCase (response) {authOK = true; // authentication successful,} return true;} // method that does not depend on the this status, in fact, it should be set to static public static void requireDigestAuth (HttpServletResponse response, String nonce) {// The sending Status Code 401, which cannot use sendError or pitfall response. setStatus (401, "Authentication Required"); // String authHeader = "Digest realm = \" DIGEST tiemao \ ""; authHeader + = ", nonce = \ "" + nonce + "\" "; authHeader + = ", Algorithm = MD5"; authHeader + = ", qop = \" "+" auth "+" \ ""; // The sender must enter the authentication information, then the browser will pop up the input box response. addHeader ("WWW-Authenticate", authHeader); return ;}%> <% // String Authorization = request. getHeader ("Authorization"); // String _ username = "admin"; String pwd = "11111111"; boolean authOK = checkAuth (request, _ username, pwd ); // if (! AuthOK) {// String nonce = UUID. randomUUID (). toString (). replace ("-", ""); // If authentication fails, requireDigestAuth (response, nonce); return ;} %> The code is described above ,.