When you log in to the website, most of the time, you submit your login information through a form.
But sometimes a login verification dialog box pops up by the browser, as shown in the figure below, which is the basic authentication using HTTP.
Let’s take a look at the process of this certification:
Step 1: The client sends http request to the server, and the server verifies whether the user has logged in and verified. If not,
The server will return a 401 Unauthozied to the client and add information in the header "WWW-Authenticate" of the Response.
As shown in the figure below.
Step 3: The server takes out the username and password in the Authorization header and performs verification. If the verification is passed, the resource will be sent to the client according to the request.
Here is a sample code for JAVA
import java.io.IOException;import java.io.PrintWriter;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import sun.misc.BASE64Decoder;public class HTTPAuthServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { String sessionAuth = (String) request.getSession().getAttribute("auth"); if (sessionAuth != null) { System.out.println("this is next step"); nextStep(request, response); } else { if(!checkHeaderAuth(request, response)){ response.setStatus(401); response.setHeader("Cache-Control", "no-store"); response.setDateHeader("Expires", 0); response.setHeader("WWW-authenticate", "Basic Realm=/"test/""); } } } private boolean checkHeaderAuth(HttpServletRequest request, HttpServletResponse response) throws IOException { String auth = request.getHeader("Authorization"); System.out.println("auth encoded in base64 is " + getFromBASE64(auth)); if ((auth != null) && (auth.length() > 6)) { auth = auth.substring(6, auth.length()); String decodedAuth = getFromBASE64(auth); System.out.println("auth decoded from base64 is " + decodedAuth); request.getSession().setAttribute("auth", decodedAuth); return true; }else{ return false; } } private String getFromBASE64(String s) { if (s == null) return null; BASE64Decoder decoder = new BASE64Decoder(); try { byte[] b = decoder.decodeBuffer(s); return new String(b); } catch (Exception e) { return null; } } public void nextStep(HttpServletRequest request, HttpServletResponse response) throws IOException { PrintWriter pw = response.getWriter(); pw.println("<html> next step, authentication is : " + request.getSession().getAttribute("auth") + "<br>"); pw.println("<br></html>"); } public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException { doGet(request, response); }}When the request first arrives at the server, the server does not have authentication information, and the server will return a 401 Unauthozied to the client.
After authentication, place the authentication information in the session, and there is no need to authenticate during the session validity period in the future.
The above is the full content of the JAVA instance code for Basic Authentication brought to you by the editor. I hope everyone will support Wulin.com more~