Java Demo sample for HTTP Basic authentication (Basic authentication)

Source: Internet
Author: User
Tags base64

When you log in to the site. Most of the time, you submit your login information through a form.
However, sometimes the browser will pop up a login Verification dialog box. For example, this is the use of HTTP Basic authentication.

Take a look at this certified work process:
The first step: The client sends an HTTP request to Server,server to verify that the user has logged in and verified that, if not,
The server returns a 401 unauthozied to the client and adds information to the response header "Www-authenticate".


For example with.



The second step: after receiving the 401 unauthozied, the browser will pop up the Login Verification dialog box. After the user enters username and password,
After the browser is encoded with BASE64. Sent to the server in the authorization header. For example, with:

The third step: the server will authorization header in the Usernamepassword out, to verify, assuming that the validation passed, the resource will be sent according to the request to the client.



Here is a sample Java demo code:

Import Java.io.ioexception;import Java.io.printwriter;import Javax.servlet.http.httpservlet;import Javax.servlet.http.httpservletrequest;import Javax.servlet.http.httpservletresponse;import Sun.misc.base64decoder;public class Httpauthservlet extends HttpServlet {public void doget (HttpServletRequest request, HttpServletResponse response) throws IOException {string sessionauth = (string) request.getsession (). getattribute (" Auth "), if (Sessionauth! = null) {SYSTEM.OUT.PRINTLN (" This is Next step "), NextStep (request, response);} else {if (! Checkheaderauth (Request, Response)) {Response.setstatus (401); Response.setheader ("Cache-control", "No-store"); Response.setdateheader ("Expires", 0); Response.setheader ("Www-authenticate", "Basic realm=\" test\ "");}} Private Boolean Checkheaderauth (HttpServletRequest request, httpservletresponse response) throws IOException {String Auth = Request.getheader ("Authorization"); SYSTEM.OUT.PRINTLN ("Auth encoded in base64 is" + getFromBASE64 (auth)); if (auth! = null) && (Auth.length () > 6)) {auth = auth.substring (6, Auth.length ()); String Decodedauth = getFromBASE64 (auth); System.out.println ("Auth Decoded from Base64 is" + Decodedauth); Request.getsession () SetAttribute ("Auth", Decodedauth ); return true;} Else{return false;}} private String getFromBASE64 (string s) {if (s = = null) return null; Base64decoder decoder = new Base64decoder (); try {byte[] b = Decoder.decodebuffer (s); return new String (b);} catch (Exceptio N e) {return null;}} public void NextStep (HttpServletRequest request, httpservletresponse response) throws IOException {PrintWriter pw = Respo Nse.getwriter ();p w.println ("When the request arrives at the server for the first time. Server does not have authentication information, the server returns a 401 unauthozied to the client.
Certification after the certification information in the session, later in the session period of validity will not be re-certification.

Java Demo sample for HTTP Basic authentication (Basic authentication)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.