最近研究了jsp中作http认证的问题,它的工作方式如下 1、server发送一个要求认证代码401和一个头信息www-authenticate,激发browser弹出一个认证窗口 2、server取得browser送来的认证头"authorization",它是加密的了,要用base64方法解密,取得明文的用户名和密码
3、检查用户名和密码,根据结果传送不同的页面
以下是jsp的片断,你也可以把它做成include文件。和base64的加解密的class源码。
如有兴趣可与我联系:unixboy@yeah.net
<jsp:usebean id="base64"scope="page"class="base64"/>
<%
if(request.getheader("authorization")==null){
response.setstatus(401);
response.setheader("www-authenticate","basic realm=\"unixboy.com\"");
}else{
string encoded=(request.getheader("authorization"));
string tmp=encoded.substring(6);
string up=base64.decode(tmp);
string user="";
string password="";
if(up!=null){
user=up.substring(0,up.indexof(":"));
password=up.substring(up.indexof(":")+1);
}
if(user.equals("unixboy")&&password.equals("123456")){
//认证成功
}else{
//认证失败
}
}
%>
//消息加解密class
public class base64
{
/** decode a base 64 encoded string.
*<p><h4>string to byte conversion</h4>
* this method uses a naive string to byte interpretation, it simply gets each
* char of the string and calls it a byte.</p>
*<p>since we should be dealing with base64 encoded strings that is a reasonable
* assumption.</p>
*<p><h4>end of data</h4>
* we don''t try to stop the converion when we find the"="end of data padding char.
* we simply add zero bytes to the unencode buffer.</p>
*/
public static string decode(string encoded)
{
stringbuffer sb=new stringbuffer();
int maxturns;
//work out how long to loop for.
if(encoded.length()%3==0)
maxturns=encoded.length();
else
maxturns=encoded.length()+(3-(encoded.length()%3));
//tells us whether to include the char in the unencode
boolean skip;
//the unencode buffer
byte[] unenc=new byte[4];
byte b;
for(int i=0,j=0;i<maxturns;i++)
{
skip=false;
//get the byte to convert or 0
if(i<encoded.length())
b=(byte)encoded.charat(i);
else
b=0;
//test and convert first capital letters, lowercase, digits then ''+'' and ''/''
if(b>=65&&b<91)
unenc[j]=(byte)(b-65);
else if(b>=97&&b<123)
unenc[j]=(byte)(b-71);
else if(b>=48&&b<58)
unenc[j]=(byte)(b+4);
else if(b==''+'')
unenc[j]=62;
else if(b==''/'')
unenc[j]=63;
//if we find"="then data has finished, we''re not really dealing with this now
else if(b==''='')
unenc[j]=0;
else
{
char c=(char)b;
if(c==''\n'' c==''\r'' c=='' '' c==''\t'')
skip=true;
else
//could throw an exception here? it''s input we don''t understand.
;
}
//once the array has boiled convert the bytes back into chars
if(!skip&&++j==4)
{
//shift the 6 bit bytes into a single 4 octet word
int res=(unenc[0]<<18)+(unenc[1]<<12)+(unenc[2]<<6)+unenc[3];
byte c;
int k=16;
//shift each octet down to read it as char and add to stringbuffer
while(k>=0)
{
c=(byte)(res>>k);
if ( c>0 )
sb.append((char)c);
k-=8;
}
//reset j and the unencode buffer
j=0;
unenc[0]=0;unenc[1]=0;unenc[2]=0;unenc[3]=0;
}
}
return sb.tostring();
}
/** encode plaintext data to a base 64 string
* @param plain the text to convert. if plain is longer than 76 characters this method
* returns null (see rfc2045).
* @return the encoded text (or null if string was longer than 76 chars).
*/
public static string encode(string plain)
{
if(plain.length()>76)
return null;
int maxturns;
stringbuffer sb=new stringbuffer();
//the encode buffer
byte[] enc=new byte[3];
boolean end=false;
for(int i=0,j=0;!end;i++)
{
char _ch=plain.charat(i);
if(i==plain.length()-1)
end=true;
enc[j++]=(byte)plain.charat(i);
if(j==3 end)
{
int res;
//this is a bit inefficient at the end point
//worth it for the small decrease in code size?
res=(enc[0]<<16)+(enc[1]<<8)+enc[2];
int b;
int lowestbit=18-(j*6);
for(int toshift=18;toshift>=lowestbit;toshift-=6)
{
b=res>>>toshift;
b&=63;
if(b>=0&&b<26)
sb.append((char)(b+65));
if(b>=26&&b<52)
sb.append((char)(b+71));
if(b>=52&&b<62)
sb.append((char)(b-4));
if(b==62)
sb.append(''+'');
if(b==63)
sb.append(''/'');
if(sb.length()%76==0)
sb.append(''\n'');
}
//now set the end chars to be pad character if there
//was less than integral input (ie: less than 24 bits)
if(end)
{
if(j==1)
sb.append("==");
if(j==2)
sb.append(''='');
}
enc[0]=0;enc[1]=0;enc[2]=0;
j=0;
}
}
return sb.tostring();
}
}
Java Asp PHP .Net XML C/C++ CGI VB Jsp J2ee J2se J2me EJB Servlet Tomcat Resin Struts Weblogic Eclipse ANT GUI JMS Web servise IDEA Webphere Hibernate Spring Jboss Applet Swing Socket Javamail Perl Ajax P2P 安全 模式 框架 测试 开源 游戏
Windows XP Windows 2000 Windows 2003 Windows Me Windows 9.x Linux UNIX 注册表 操作系统 服务器 应用服务器
