HTTP Security Authentication

HTTP Security Authentication

HTTP security authentication is an essential part of the communication based on HTTP protocol.
First, the basic certification
Basic authentication It provides a way to solve this problem, authenticator app although it is not very secure. Basic authentication, each request of the client sends BASE64 encoded credentials, using the http[authorization header. This means that each request is independent of other requests and the server may/does not maintain the client, which is very good for scalability.

The sample code to prepare the header is shown below.
String plainclientcredentials= "Myusername:mypassword"; google authenticator
String base64clientcredentials = new String (Base64.encodebase64 (Plainclientcredentials.getbytes ()));

    Httpheaders headers = getheaders ();
    Headers.add ("Authorization", "Basic" + base64clientcredentials); 

Basic Authentication and Spring security
With two steps, authentic mexican food near me you can enable Basic authentication in the spring security configuration.
1. Configure Httpbasic: Configure HTTP Basic authentication. The [HTTP based XML] configuration has a Basicauthenticationentryyiibai authentication entry point: This pointcut will be triggered if validation fails [invalid/missing credentials]. This is very important because we do not want to redirect to the authentication failed login page [The default behavior of Spring security] because we don't have a login page here.

Second, what is the basic certification,microsoft authenticator, authenticator
1. Concept: Basic authentication is a form of logon authentication that allows a Web browser or other client program to provide credentials in the form of a user name and password upon request.
The "username + colon + password" string, encrypted with the BASE64 algorithm, is sent to the server in the header authorization in HTTP request, which is called HTTP Basic authentication (Basic authentication)
2. Advantages and Disadvantages:
Advantages of HTTP Basic authentication
HTTP Basic authentication, simple and clear. The Rest API is often used for basic authentication.
Every time you have to authenticate
The HTTP protocol is stateless, and the same client requires authentication for each request to the server.
HTTP Basic Authentication and HTTPS
The "username + colon + password" with the BASE64 encrypted string, although with the naked eye can not see, but with the program is easy to decrypt, the above image to see Fiddler directly to the decryption. So HTTP request on the network, if the use of HTTP transmission is very unsafe. Generally, HTTPS is used for transmission, and HTTPS is encrypted, so it is more secure.

Third, HTTP authentication method

1. Basic Certification
2. Summary certification: Digest
3.Form form: Ajax interactive authentication.
4.SSL
HTTP base authentication (HTTP Basic authentication) and HTTP Digest authentication (HTTP Digest authentication).
Also commonly used are NTLM, Spnego (HTTP negotiation authentication, HTTP Negotiate authentication, is one of them) and Kerberos authentication Way

Public final class Authpolicy {
public static final String NTLM = "NTLM";
public static final String DIGEST = "DIGEST";
public static final String basic = "basic";
public static final String Spnego = "Negotiate";
public static final String Kerberos = "Kerberos";

Private Authpolicy () {
}

}

Iv. implementation in spring

Configure filters in 1.web.xml

Springsecurityfilterchain
Org.springframework.web.filter.DelegatingFilterProxy

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    < Url-pattern>/*</url-pattern>
</filter-mapping>

2. Configure Spring-security.xml file: Configure volley URL and authenticated user and password (encrypted or not configured)

Reference documentation
http://dreamzhong.iteye.com/blog/1134374