1.HTTP Basic Certification
In HTTP, Basic authentication is a way to allow a Web browser or other client program to provide credentials in the form of a user name and password upon request. Before sending, the username appends a colon and then the password is strung up. The resulting string is then encoded using the BASE64 algorithm. For example, the user name is Aladdin, the password is open sesame, the result of stitching is aladdin:open sesame, then use Base64 code, get qwxhzgrpbjpvcgvuihnlc2ftzq==. The BASE64 encoded string is sent out and decoded by the receiver, resulting in a string of user names and passwords delimited by a colon.
When you access a URL that requires HTTP Basic authentication, if you do not provide a username and password, the server will return 401, if you open the browser directly, the browser will prompt you to enter a username and password. You can try clicking on this URL to see the effect: Http://api.minicloud.com.cn/statuses/friends_timeline.xml. The user enters the user name and password, and the browser sends the requested packet with authentication. HTTP server after each receive request package, according to the protocol to obtain client additional user information (BASE64 encrypted username and password), unlock the request package, the user name and password to verify, if the user name and password is correct, according to the client request, return the data required by the client; Returns an error code or requests the client to provide a username and password. 1.1 Certification Process
1, the client makes a request such as Http://api.minicloud.com.cn/statuses/friends_timeline.xml.
Get/statuses/friends_timeline.xml http/1.1 Host:api.minicloud.com.cn user-agent:mozilla/5.0 (Windows NT 5.1; rv:2.0.1) gecko/20100101 firefox/4.0.1 accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q= 0.8 accept-language:zh-cn,zh;q=0.5 accept-encoding:gzip, deflate accept-charset:gb2312,utf-8;q=0.7, *;q=0.7 keep-alive:115 connection:keep-alive
2. The server received the request and found that the user was not logged in, responding as follows.
http/1.1 401 Unauthorized Server:nginxDate:Wed, June 06:25:47 GMT Content-type:application/xml ; charse T=utf-8 transfer-encoding:chunked connection:keep-alive www-authenticate:basic Vary: Accept-charset, Accept-encoding, Accept-language, Accept accept-ranges:bytes
3, when a client (such as Ie,firefox) that conforms to the HTTP1.0 or 1.1 specification receives a 401 return value, a login window automatically pops up asking the user to enter a username and password.
4, the user entered the username and password, the user name and password encrypted in BASE64 encryption, and the ciphertext into the previous request information, then the client sent the first request information into the following:
Get/statuses/friends_timeline.xml http/1.1 Host:api.minicloud.com.cn ..... Connection:keep-alive Authorization:basic d2pqojeymzq1ng==
Note: After basic, the user name and password are encrypted.
5, the server received the above request information, the authorization field after the user information out, decryption, the decrypted user name and password and user database to compare the verification, such as the user name and password is correct, the server according to the request, the requested resources sent to the client:
http/1.0 OK content-type:text/html content-length:xxxxIf the username and password are incorrect, go back to step 2nd and resend the user authentication request to the client.
6, in the future of the entire communication session, the client will be included in the request packet encrypted user information. 2. Preemptive Certification
Preemptive certification is directly from the 4th step above, in the request header to add the user name and password information. Request information directly from the server. The previous three-step operation is missing. implementation of 3.HttpClient
HttpClient does not support preemptive authentication out of the box because the misuse or improper use of preemptive authentication can cause serious quality problems, such as sending a user's credentials to an unauthorized third party in clear text. Therefore, users should weigh the potential advantages of preemptive authentication against security risks in their specific application environments.
Nevertheless, we can still configure the preemptive authentication of httpclient through the pre-assembly authentication data cache.
httphost targethost = new Httphost ("api.t.sohu.com", "n", "http"); Defaulthttpclient httpclient = new Defaulthttpclient (); Httpclient.getcredentialsprovider (). SetCredentials (New Authscope (Targethost.gethostname (), TargetHost.getPort ()) , New Usernamepasswordcredentials ("username", "password")); Create Authcache instance Authcache authcache = new Basicauthcache (); Generate BASIC Scheme object and add it to the local auth cache basicscheme BasicAuth = new Basicscheme (); Authcache.put (Targethost, BasicAuth); Add Authcache to the execution context basichttpcontext Localcontext = new Basichttpcontext (); Localcontext.setattribute (Clientcontext.auth_cache, Authcache); String url = "Http://api.t.sohu.com/statuses/update.xml"; HttpPost HttpPost = new httppost (URL); Httppost.setheader ("Content-type", "application/x-www-form-urlencoded"); for (int i = 0; i < 3; i++) {HttpResponse response = Httpclient.execute (Targethost, HttpPost, Localcontext); Httpentity entity = Response.getentity (); Entityutils.consume (entity); }
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
