From the source, we can learn that HttpServletRequest is actually not a class, it is just a standard, an interface, its parent class is servletrequest.
Authentication method
Public Interface extends
From the reading source, we can obtain the following authentication information:
/*** String identifier for BASIC authentication. Value "BASIC"*/ Public Static FinalString Basic_Auth = "BASIC"; /*** String identifier for Form authentication. Value "FORM"*/ Public Static FinalString Form_auth = "FORM"; /*** String identifier for Client Certificate authentication. Value "Client_cert"*/ Public Static FinalString Client_cert_auth = "Client_cert"; /*** String identifier for Digest authentication. Value "DIGEST"*/ Public Static FinalString Digest_auth = "DIGEST";
are basic,form,client_cert,digest, so what is the difference between these different certifications?
Here are some introductions:
Basic: In this case, the user name and password are required for authentication, compared with the user name and password entered by the user and the current user's username and password in the data on the server. The specific process is as follows:
- Client requests a protected resource for the server
- The server sends a request to the client to request username and password.
- Client sends user name and password to server
- The server returns the appropriate data to the client
This authentication method is not secure, the client sends the user name and password is Base64 form encrypted text, this situation of the user name and password is exposed, if someone can intercept the user name and password, which is very easy to decode, of course, if the use of Ssl,https and so on Strategy, it will reduce the incidence of this risk.
Resources
- Https://docs.oracle.com/cd/E19575-01/819-3669/bncbn/index.html
Java Source Analysis Series of HttpServletRequest source code analysis