HTTP Basic Authentication认证

http://smalltalllong.iteye.com/blog/912046

*********************************************

    什么是HTTP Basic Authentication？直接看http://en.wikipedia.org/wiki/Basic_authentication_scheme吧。      在你访问一个需要HTTP Basic Authentication的URL的时候，如果你没有提供用户名和密码，服务器就会返回401，如果你直接在浏览器中打开，    浏览器会提示你输入用户名和密码(google浏览器不会，bug？)。你可以尝试点击这个url看看效果：    http://api.minicloud.com.cn/statuses/friends_timeline.xml      要在发送请求的时候添加HTTP Basic Authentication认证信息到请求中，有两种方法：      一是在请求头中添加Authorization：      Authorization: "Basic 用户名和密码的base64加密字符串"      二是在url中添加用户名和密码：      http://userName:password@api.minicloud.com.cn/statuses/friends_timeline.xml            //需要Base64见：http://www.webtoolkit.info/javascript-base64.html      function make_base_auth(user, password) {        var tok = user + ':' + pass;        var hash = Base64.encode(tok);        return "Basic " + hash;      }             var auth = make_basic_auth('QLeelulu','mypassword');      var url = 'http://example.com';             // 原始JavaScript      xml = new XMLHttpRequest();      xml.setRequestHeader('Authorization', auth);      xml.open('GET',url)             // ExtJS      Ext.Ajax.request({          url : url,          method : 'GET',          headers : { Authorization : auth }      });             // jQuery      $.ajax({          url : url,          method : 'GET',          beforeSend : function(req) {              req.setRequestHeader('Authorization', auth);          }      });  

1. 以下是一段Jsp鉴权操作   
2. 1、server发送一个要求认证代码401和一个头信息WWW-authenticate，激发browser弹出一个认证窗口  
3.  2、server取得browser送来的认证头"Authorization",它是加密的了，要用Base64方法解密，取得明文的用户名和密码  
4.     
5. 3、检查用户名和密码，根据结果传送不同的页面</pre> 
   

    <jsp:useBean id="base64" scope="page" class="Base64"/>        <%         if(request.getHeader("Authorization")==null){         response.setStatus(401);         response.setHeader("WWW-authenticate", "Basic realm="unixboy.com"");         }else{         String encoded=(request.getHeader("Authorization"));         String tmp=encoded.substring(6);         String up=Base64.decode(tmp);         String user="";         String password="";         if(up!=null){         user=up.substring(0,up.indexOf(":"));         password=up.substring(up.indexOf(":")+1);         }         if(user.equals("unixboy")&&password.equals("123456")){         //认证成功         }else{         //认证失败         }         }         %>             =======Java段代码==================            //消息加解密class         public class Base64         {         /** decode a Base 64 encoded String.        * <p><h4>String to byte conversion</h4>       * This method uses a naive String to byte interpretation, it simply gets each        * char of the String and calls it a byte.</p>       * <p>Since we should be dealing with Base64 encoded Strings that is a reasonable        * assumption.</p>       * <p><h4>End of data</h4>       * We don′t try to stop the converion when we find the "=" end of data padding char.        * We simply add zero bytes to the unencode buffer.</p>       */         public static String decode(String encoded)         {         StringBuffer sb=new StringBuffer();         int maxturns;         //work out how long to loop for.         if(encoded.length()%3==0)         maxturns=encoded.length();         else         maxturns=encoded.length()+(3-(encoded.length()%3));         //tells us whether to include the char in the unencode         boolean skip;         //the unencode buffer         byte[] unenc=new byte[4];         byte b;         for(int i=0,j=0; i<maxturns; i++)         {         skip=false;         //get the byte to convert or 0         if(i<encoded.length())         b=(byte)encoded.charAt(i);         else         b=0;         //test and convert first capital letters, lowercase, digits then ′+′ and ′/′         if(b>=65 && b<91)         unenc[j]=(byte)(b-65);         else if(b>=97 && b<123)         unenc[j]=(byte)(b-71);         else if(b>=48 && b<58)         unenc[j]=(byte)(b+4);         else if(b==′+′)         unenc[j]=62;         else if(b==′/′)         unenc[j]=63;         //if we find "=" then data has finished, we′re not really dealing with this now         else if(b==′=′)         unenc[j]=0;         else         {         char c=(char)b;         if(c==′ ′ || c==′ ′ || c==′ ′ || c==′ ′)         skip=true;         else         //could throw an exception here? it′s input we don′t understand.         ;         }         //once the array has boiled convert the bytes back into chars         if(!skip && ++j==4)         {         //shift the 6 bit bytes into a single 4 octet word         int res=(unenc[0] << 18)+(unenc[1] << 12)+(unenc[2] << 6)+unenc[3];         byte c;         int k=16;         //shift each octet down to read it as char and add to StringBuffer         while(k>=0)         {         c=(byte)(res >> k);         if ( c > 0 )         sb.append((char)c);         k-=8;         }         //reset j and the unencode buffer         j=0;         unenc[0]=0;unenc[1]=0;unenc[2]=0;unenc[3]=0;         }         }         return sb.toString();         }                 /** encode plaintext data to a base 64 string        * @param plain the text to convert. If plain is longer than 76 characters this method        * returns null (see RFC2045).        * @return the encoded text (or null if string was longer than 76 chars).        */         public static String encode(String plain)         {         if(plain.length()>76)         return null;         int maxturns;         StringBuffer sb=new StringBuffer();         //the encode buffer         byte[] enc=new byte[3];         boolean end=false;         for(int i=0,j=0; !end; i++)         {         char _ch=plain.charAt(i);         if(i==plain.length()-1)         end=true;         enc[j++]=(byte)plain.charAt(i);         if(j==3 || end)         {         int res;         //this is a bit inefficient at the end point         //worth it for the small decrease in code size?         res=(enc[0] << 16)+(enc[1] << 8)+enc[2];         int b;         int lowestbit=18-(j*6);         for(int toshift=18; toshift>=lowestbit; toshift-=6)         {         b=res >>> toshift;         b&=63;         if(b>=0 && b<26)         sb.append((char)(b+65));         if(b>=26 && b<52)         sb.append((char)(b+71));         if(b>=52 && b<62)         sb.append((char)(b-4));         if(b==62)         sb.append(′+′);         if(b==63)         sb.append(′/′);         if(sb.length()%76==0)         sb.append(′ ′);         }         //now set the end chars to be pad character if there          //was less than integral input (ie: less than 24 bits)         if(end)         {         if(j==1)         sb.append("==");         if(j==2)         sb.append(′=′);         }         enc[0]=0; enc[1]=0; enc[2]=0;         j=0;         }         }         return sb.toString();         }         }