Java Implementation popup authentication input box (popup with a user name and Password Input dialog box)

How Java implements the title effect is as follows:

This effect makes me curious, this effect type and on the FTP server download need to log on the authentication file will pop up this box, in the online access to some information, but the relevant information is really very few, found some key technical point of their own simple implementation of the next, here are some simple introduction, from the http ://www.blogbus.com/gaomed-logs/106179012.html

Tags: tag: User login box is how to do, the user login box of the router is how to do; general user login box; Authenticate authentication; authorization verification

/*****************************************************************************

**

**    Document:www-authenticate certification process Simple Research

**

**    Created: Http://hi.baidu.com/netee

**

**    Date:2009-10-07

**

* * Copyright: Original content, reproduced please specify the source, and retain this statement information

**

******************************************************************************/

First, Www-authenticate Introduction

www-authenticate is an early one simple, effective user authentication technology.

Many web site validations Use this simple authentication method to verify the legitimacy of the data requested by the client. Especially in the field of embedded, this method is used more.

Disadvantage: This authentication method in the transmission process is plaintext transmission, the use of user name password encryption method for BASE-64, the decoding process is very simple, the network is easy to search the source code codec. This kind of authentication method is more secure for ordinary users, but it is very simple to understand the TCP/IP protocol and the HTTP transport protocol and authentication process, and to crack this authentication user name and password. So its authentication technology is not very safe.

Second, Certification Process

The Basic authentication process is as follows (the following example assumes that the www-authenticate authentication function is enabled on the server):

1. first the client (typically the user-operated WEB browser) sends an HTTP request to the server based on the information entered by the user, such as a user accessing the www.baidu.com Web site, Based on this information, the browser sends one (possibly multiple)WEB requests to the server on the site.

2. after the server receives the request, it first resolves whether the data sent contains:

"authorization:basic ywrtaw46ywrtaw4=" data in this format, if there is no such data, the server will send HTTP headers " Www-authenticate:basic realm="." " To the client, ask the client to send a valid user name and password to the server. (This information header is sent with the page tip information displayed when validation fails, such as:

3. when the client (browser) receives a similar "www-authenticate:basic realm="." Message, a dialog box will pop up asking the user to enter the verification information.

4. user Input User name:admin Password:admin , the browser will send data to the server side in this format:

"authorization:basic ywrtaw46ywrtaw4=" (none of the above contain double quotes)Authorization:basic to www-authenticate Certified Standard HTTP header,ywrtaw46ywrtaw4= is a user name and password after BASE-64 encryption, the decrypted format is admin:admin

5. when the server receives data with user authentication information, it parses the data, extracts the user name and password to verify its validity, and, if the user name and password are all legitimate, sends the page data requested by the user to the client and the browser restores the received data to the Web page content. If the user verifies that the information is illegal, an error message is returned.

Third, advantages and disadvantages of using www-authenticate certification

Pros: With www-authenticate authentication, there are fewer things to do on the server, and some validation processing is done on the client's browser. Like whether you need two times to enter user information, pop up what kind of User Information dialog box, these are the browser do things, the server does not need to write user dialog boxes and other things, do not need to determine whether the client IP is the same.

Cons: The verification method is too simple and easy to be cracked.

Tags: tag: User login box is how to do, the user login box of the router is how to do; general user login box; Authenticate authentication; authorization verification

Generally look at the above introduction on the line, this article mainly discusses the use of Java to achieve this effect, first put out the source code, we can copy:

Import Java.io.ioexception;import Javax.servlet.servletexception;import Javax.servlet.http.httpservlet;import Javax.servlet.http.httpservletrequest;import Javax.servlet.http.httpservletresponse;import Sun.misc.base64decoder;public class Demoservlet extends HttpServlet {private static final long Serialversionuid = 8878463 83437110578l;public void doget (HttpServletRequest request, httpservletresponse response) throws Servletexception, IOException {//Gets the content is the result base64 encoded string, so the authentication method is not high security string authvalue = Request.getheader ("Authorization"),// Gets the request header format similar to the Basic mtizojeymw== username = null, PWD = null;if (authvalue! = null) {Base64decoder decoder = new BASE64DE Coder (); String[] values = new String (Decoder.decodebuffer (Authvalue.split ("") [1]). Split (":"); Through the parsed user name and password format such as 123:123if (values.length = = 2) {username = values[0];p WD = Values[1];}} The user name and password are not empty when the validation succeeds if (username! = null && username.length () >0 && username.equals (pwd)) { Response.setcontenttype ("text/html; Charset=uTF-8 "); Response.getwriter (). Print (" You have passed the verification! "); else{//Failed to verify Response.setstatus (401);//set the corresponding status Response.setheader ("Www-authenticate", "Basic realm=\" My Application\ "");//Set the user to cancel the authentication message prompt Response.setcontenttype ("text/html; Charset=utf-8 "); Response.getwriter (). Print (" HTTP STATUS--401! ");} public void DoPost (HttpServletRequest request, httpservletresponse response) throws Servletexception, IOException { Doget (request, Response);}}

First of all, the above technical point, mainly some HTTP requests and responses to some operations, by setting the HTTP status of 401, and set the headerWww-authenticate, to tell the browser, access needs relevant authentication, so the browser pops up a dialog box, let the user enter a user name and password, if the verification exits, the browser will display the content of the request body.

Java Implementation popup authentication input box (popup with a user name and Password Input dialog box)