初见 http 401------谈谈401和403的区别
来源:互联网 发布:软件算命吧 编辑:程序博客网 时间:2024/06/15 00:25
最近, 去访问某一资源, 提示http 401, 颇为纳闷, 从未见过啊, 孤陋寡闻。
于是, 上网查找了一下, 是鉴权错误, 仔细check了一下自己的代码, 发现代码果然有问题, 配置出错了, 而且还多了一个空格, 导致http req中的authentication信息不对, 从而导致http rsp中的status code为 401. 修改代码后, 就OK了。
之前, 我们还说过http 403, 那http 401和 http 403有什么区别呢? 我来引用网上的一段话来说明:
There's a problem with 401 Unauthorized, the HTTP status code for authentication errors. And that’s just it: it’s for authentication, not authorization. Receiving a 401 response is the server telling you, “you aren’t authenticated–either not authenticated at all or authenticated incorrectly–but please reauthenticate and try again.” To help you out, it will always include a WWW-Authenticate header that describes how to authenticate.
This is a response generally returned by your web server, not your web application.
It’s also something very temporary; the server is asking you to try again.
So, for authorization I use the 403 Forbidden response. It’s permanent, it’s tied to my application logic, and it’s a more concrete response than a 401.
Receiving a 403 response is the server telling you, “I’m sorry. I know who you are–I believe who you say you are–but you just don’t have permission to access this resource. Maybe if you ask the system administrator nicely, you’ll get permission. But please don’t bother me again until your predicament changes.”
In summary, a 401 Unauthorized response should be used for missing or bad authentication, and a 403 Forbidden response should be used afterwards, when the user is authenticated but isn’t authorized to perform the requested operation on the given resource.
- 初见 http 401------谈谈401和403的区别
- strerror和errno的初见
- 谈谈GetSafeHwnd()和GetSafeHandle()的主要区别
- 谈谈GetSafeHwnd()和GetSafeHandle()的主要区别
- 谈谈 C++ 和 Java 的区别
- 谈谈 c# folderbrowserdialog 和 openFileDialog的区别
- 谈谈Dojo define 和declare的区别
- 谈谈String 和StringBuffer的区别
- 谈谈GetSafeHwnd()和GetSafeHandle()的主要区别
- 谈谈产品和项目的区别
- 谈谈innodb和myisam的区别
- 谈谈GetSafeHwnd()和GetSafeHandle()的主要区别
- 简要谈谈堆和栈的区别
- 谈谈GetSafeHwnd()和GetSafeHandle()的主要区别
- 也谈谈 Redis 和 Memcached 的区别
- 也谈谈 Redis 和 Memcached 的区别
- 谈谈innerHTML和createTextNode的区别
- 谈谈HTTP的流程
- sso-shiro-cas
- log1p
- 组函数(聚合函数),分组函数
- 2017/12/11
- CList原理与CPlex内存管理技术
- 初见 http 401------谈谈401和403的区别
- 节点机架移动(五)
- Python基础-装饰器-Decorator
- Scala闭包
- error LNK 2019:VS+MFC+双摄像头的打开
- 算法(7)最大值和最小值
- 2017年冬季浙大PAT真题(附本人代码)
- 解决Python3.6,发送POST请求错误提示:POST data should be bytes, an iterable of bytes, or a file object. It canno
- 动态内存函数:malloc(n字节),calloc(),realloc()