When you log in to the site. Most of the time, you submit your login information through a form.
However, sometimes the browser will pop up a login Verification dialog box. For example, this is the use of HTTP Basic authentication.
Take a look at this certified work process:
The first step: The client sends an HTTP request to Server,server to verify that the user has logged in and verified that, if not,
The server returns a 401 unauthozied to the client and adds information to the response header "Www-authenticate".
For example with.
The second step: after receiving the 401 unauthozied, the browser will pop up the Login Verification dialog box. After the user enters username and password,
After the browser is encoded with BASE64. Sent to the server in the authorization header. For example, with:
The third step: the server will authorization header in the Usernamepassword out, to verify, assuming that the validation passed, the resource will be sent according to the request to the client.
Here is a sample Java demo code:
Import Java.io.ioexception;import Java.io.printwriter;import Javax.servlet.http.httpservlet;import Javax.servlet.http.httpservletrequest;import Javax.servlet.http.httpservletresponse;import Sun.misc.base64decoder;public class Httpauthservlet extends HttpServlet {public void doget (HttpServletRequest request, HttpServletResponse response) throws IOException {string sessionauth = (string) request.getsession (). getattribute (" Auth "), if (Sessionauth! = null) {SYSTEM.OUT.PRINTLN (" This is Next step "), NextStep (request, response);} else {if (! Checkheaderauth (Request, Response)) {Response.setstatus (401); Response.setheader ("Cache-control", "No-store"); Response.setdateheader ("Expires", 0); Response.setheader ("Www-authenticate", "Basic realm=\" test\ "");}} Private Boolean Checkheaderauth (HttpServletRequest request, httpservletresponse response) throws IOException {String Auth = Request.getheader ("Authorization"); SYSTEM.OUT.PRINTLN ("Auth encoded in base64 is" + getFromBASE64 (auth)); if (auth! = null) && (Auth.length () > 6)) {auth = auth.substring (6, Auth.length ()); String Decodedauth = getFromBASE64 (auth); System.out.println ("Auth Decoded from Base64 is" + Decodedauth); Request.getsession () SetAttribute ("Auth", Decodedauth ); return true;} Else{return false;}} private String getFromBASE64 (string s) {if (s = = null) return null; Base64decoder decoder = new Base64decoder (); try {byte[] b = Decoder.decodebuffer (s); return new String (b);} catch (Exceptio N e) {return null;}} public void NextStep (HttpServletRequest request, httpservletresponse response) throws IOException {PrintWriter pw = Respo Nse.getwriter ();p w.println ("When the request arrives at the server for the first time. Server does not have authentication information, the server returns a 401 unauthozied to the client.
Certification after the certification information in the session, later in the session period of validity will not be re-certification.Java Demo sample for HTTP Basic authentication (Basic authentication)