在j中作HTTP认证的方法_JSP技巧_黑客防线网安服务器维护基地--Powered by WWW.RONGSEN.COM.CN

在j中作HTTP认证的方法

作者:黑客防线网安JSP教程基地 来源:黑客防线网安JSP教程基地 浏览次数:0

本篇关键词:方法认证 '
黑客防线网安网讯:      最近研究了jsp中作HTTP认证的问题,它的工作方式如下:   1、server发送一个要求认证代码401和一个头信息WWW-authenticate,激发browser弹出一个认证窗口   2、server取得brows...

      最近研究了jsp中作HTTP认证的问题它的工作方式如下:

  1、server发送一个要求认证代码401和一个头信息WWW-authenticate激发browser弹出一个认证窗口

  2、server取得browser送来的认证头"Authorization",它是加密的了,要用Base64方法解密,取得明文的用户名和密码

  3、检查用户名和密码,根据结果传送不同的页面

  
  以下是jsp的片断,你也可以把它做成include文件和Base64的加解密的class源码
  如有兴趣可与我联系:unixboy@yeah.net

  <jsp:useBean id="base64"scope="page"class="Base64"/>
  <%
  if(request.getHeader("Authorization")==null){
     response.setStatus(401);
     response.setHeader("WWW-authenticate","Basic realm="unixboy.com"");
  }else{
     String encoded=(request.getHeader("Authorization"));
     String tmp=encoded.substring(6);
     String up=Base64.decode(tmp);
     String user="";
     String password="";
     if(up!=null){
          user=up.substring(0,up.indexOf(":"));
      password=up.substring(up.indexOf(":")+1);
     }
     if(user.equals("unixboy")&&password.equals("123456")){
          //认证成功
     }else{
          //认证失败
     }
  }
  %>

  
  //消息加解密class
  public class Base64
  {
          /** decode a Base 64 encoded String.
            *<p><h4>String to byte conversion</h4>
            * This method uses a naive String to byte interpretation, it simply gets each
            * char of the String and calls it a byte.</p>
            *<p>Since we should be dealing with Base64 encoded Strings that is a reasonable
            * assumption.</p>
            *<p><h4>End of data</h4>
            * We don''t try to stop the converion when we find the"="end of data padding char.
            * We simply add zero bytes to the unencode buffer.</p>
          */
          public static String decode(String encoded)
          {
                  StringBuffer sb=new StringBuffer();
                  int maxturns;
                  //work out how long to loop for.
                  if(encoded.length()%3==0)
                  maxturns=encoded.length();
                  else
                  maxturns=encoded.length()+(3-(encoded.length()%3));
                  //tells us whether to include the char in the unencode
                  boolean skip;
                  //the unencode buffer
                  byte[] unenc=new byte[4];
                  byte b;
                  for(int i=0,j=0;i<maxturns;i++)
                  {
                          skip=false;
                          //get the byte to convert or 0
                          if(i<encoded.length())
                          b=(byte)encoded.charAt(i);
                          else
                          b=0;
                          //test and convert first capital letters, lowercase, digits then ''+'' and ''/''
                          if(b>=65&&b<91)
                          unenc[j]=(byte)(b-65);
                          else if(b>=97&&b<123)
                          unenc[j]=(byte)(b-71);
                          else if(b>=48&&b<58)
                          unenc[j]=(byte)(b+4);
                          else if(b==''+'')
                          unenc[j]=62;
                          else if(b==''/'')
                          unenc[j]=63;
                          //if we find"="then data has finished, we''re not really dealing with this now
                          else if(b==''='')
                          unenc[j]=0;
                          else
                          {
                                  char c=(char)b;
                                  if(c=='' '' || c=='' '' || c=='' '' || c=='' '')
                                  skip=true;
                                  else
                                  //could throw an exception here? it''s input we don''t understand.
                                  ;
                          }
                          //once the array has boiled convert the bytes back into chars
                          if(!skip&&++j==4)
                          {
                                  //shift the 6 bit bytes into a single 4 octet word
                                  int res=(unenc[0]<<18)+(unenc[1]<<12)+(unenc[2]<<6)+unenc[3];
                                  byte c;
                                  int k=16;
                                  //shift each octet down to read it as char and add to StringBuffer
                                  while(k>=0)
                                  {
                                          c=(byte)(res>>k);
                                          if ( c>0 )
                                          sb.append((char)c);
                                          k-=8;
                                  }
                                  //reset j and the unencode buffer
                                  j=0;
                                  unenc[0]=0;unenc[1]=0;unenc[2]=0;unenc[3]=0;
                          }
                  }
                  return sb.toString();
          }
          
          /** encode plaintext data to a base 64 string
            * @param plain the text to convert. If plain is longer than 76 characters this method
            *             returns null (see RFC2045).
            * @return the encoded text (or null if string was longer than 76 chars).
          */
          public static String encode(String plain)
          {
                  if(plain.length()>76)
                  return null;
                  int maxturns;
                  StringBuffer sb=new StringBuffer();
                  //the encode buffer
                  byte[] enc=new byte[3];
                  boolean end=false;
                  for(int i=0,j=0;!end;i++)
                  {
                          char _ch=plain.charAt(i);
                          if(i==plain.length()-1)
                          end=true;
                          enc[j++]=(byte)plain.charAt(i);
                          if(j==3 || end)
                          {
                                  int res;
                                  //this is a bit inefficient at the end point
                                  //worth it for the small decrease in code size?
                                  res=(enc[0]<<16)+(enc[1]<<8)+enc[2];
                                  int b;
                                  int lowestbit=18-(j*6);
                                  for(int toshift=18;toshift>=lowestbit;toshift-=6)
                                  {
                                          b=res>>>toshift;
                                          b&=63;
                                          if(b>=0&&b<26)
                                          sb.append((char)(b+65));
                                          if(b>=26&&b<52)
                                          sb.append((char)(b+71));
                                          if(b>=52&&b<62)
                                          sb.append((char)(b-4));
                                          if(b==62)
                                          sb.append(''+'');
                                          if(b==63)
                                          sb.append(''/'');
                                          if(sb.length()%76==0)
                                          sb.append('' '');
                                  }
                                  //now set the end chars to be pad character if there
                                  //was less than integral input (ie: less than 24 bits)
                                  if(end)
                                  {
                                          if(j==1)
                                          sb.append("==");
                                          if(j==2)
                                          sb.append(''='');
                                  }
                                  enc[0]=0;enc[1]=0;enc[2]=0;
                                  j=0;
                          }
                  }
                  return sb.toString();
          }
  }
  

    黑客防线网安服务器维护方案本篇连接:http://www.rongsen.com.cn/show-16445-1.html
网站维护教程更新时间:2012-04-07 00:21:34  【打印此页】  【关闭
我要申请本站N点 | 黑客防线官网 |  
专业服务器维护及网站维护手工安全搭建环境,网站安全加固服务。黑客防线网安服务器维护基地招商进行中!QQ:29769479

footer  footer  footer  footer