HTTP Security Authentication

Source: Internet
Author: User
Tags base64 http authentication http digest authentication


HTTP Security Authentication



HTTP security authentication is an essential part of the communication based on HTTP protocol.
First, the basic certification
Basic authentication It provides a way to solve this problem, authenticator app although it is not very secure. Basic authentication, each request of the client sends BASE64 encoded credentials, using the http[authorization header. This means that each request is independent of other requests and the server may/does not maintain the client, which is very good for scalability.



The sample code to prepare the header is shown below.
String plainclientcredentials= "Myusername:mypassword"; google authenticator
String base64clientcredentials = new String (Base64.encodebase64 (Plainclientcredentials.getbytes ()));



    Httpheaders headers = getheaders ();
    Headers.add ("Authorization", "Basic" + base64clientcredentials); 


Basic Authentication and Spring security
With two steps, authentic mexican food near me you can enable Basic authentication in the spring security configuration.
1. Configure Httpbasic: Configure HTTP Basic authentication. The [HTTP based XML] configuration has a Basicauthenticationentryyiibai authentication entry point: This pointcut will be triggered if validation fails [invalid/missing credentials]. This is very important because we do not want to redirect to the authentication failed login page [The default behavior of Spring security] because we don't have a login page here.



Second, what is the basic certification,microsoft authenticator, authenticator
1. Concept: Basic authentication is a form of logon authentication that allows a Web browser or other client program to provide credentials in the form of a user name and password upon request.
The "username + colon + password" string, encrypted with the BASE64 algorithm, is sent to the server in the header authorization in HTTP request, which is called HTTP Basic authentication (Basic authentication)
2. Advantages and Disadvantages:
Advantages of HTTP Basic authentication
HTTP Basic authentication, simple and clear. The Rest API is often used for basic authentication.
Every time you have to authenticate
The HTTP protocol is stateless, and the same client requires authentication for each request to the server.
HTTP Basic Authentication and HTTPS
The "username + colon + password" with the BASE64 encrypted string, although with the naked eye can not see, but with the program is easy to decrypt, the above image to see Fiddler directly to the decryption. So HTTP request on the network, if the use of HTTP transmission is very unsafe. Generally, HTTPS is used for transmission, and HTTPS is encrypted, so it is more secure.



Third, HTTP authentication method



1. Basic Certification
2. Summary certification: Digest
3.Form form: Ajax interactive authentication.
4.SSL
HTTP base authentication (HTTP Basic authentication) and HTTP Digest authentication (HTTP Digest authentication).
Also commonly used are NTLM, Spnego (HTTP negotiation authentication, HTTP Negotiate authentication, is one of them) and Kerberos authentication Way



Public final class Authpolicy {
public static final String NTLM = "NTLM";
public static final String DIGEST = "DIGEST";
public static final String basic = "basic";
public static final String Spnego = "Negotiate";
public static final String Kerberos = "Kerberos";



Private Authpolicy () {
}


}



Iv. implementation in spring



Configure filters in 1.web.xml




Springsecurityfilterchain
Org.springframework.web.filter.DelegatingFilterProxy



<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    < Url-pattern>/*</url-pattern>
</filter-mapping>


2. Configure Spring-security.xml file: Configure volley URL and authenticated user and password (encrypted or not configured)



Reference documentation
http://dreamzhong.iteye.com/blog/1134374


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.