关闭

Java 6 SE 里的DigestAuthentication[1]

1034人阅读 评论(0) 收藏 举报


Java 6 SE 里的DigestAuthentication[1]

Author:zfive5
Email:zfive5@yahoo.com.cn

两三年前,看过一阵子java,同时也分析过java sdk的源码,当时为什么看jdbc是怎样实现的,今天在csdn看到什么13篇文章,看到java 6 SE支持ntlm

 

同是也看到了Digest,一下子兴趣就来,马上到sun的网站download一个jdk 6 se的代码. java的大部分代码都是java,还有很少一部分是c写的(这部分主要是和平台有关的)

 

命令行下运行:

 

C:/>java -jar C:/jdk-6u2-fcs-src-b05-jrl-22_jun_2007.jar

 

根据提示指定解压目录就可以.

 

WindowsNTLM下居然用的是msdll,如下:

 

    OSVERSIONINFO   version;

    UCHAR libName[MAX_PATH];

 

    ntlm_ctxHandleID = (*env)->GetFieldID(env, clazz, "ctxHandle", "J");

    ntlm_crdHandleID = (*env)->GetFieldID(env, clazz, "crdHandle", "J");

 

    version.dwOSVersionInfoSize = sizeof (OSVERSIONINFO);

    GetVersionEx (&version);

 

    if (version.dwPlatformId == VER_PLATFORM_WIN32_NT) {

       strcpy (libName, "security.dll" );

    }

    else if (version.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS) {

       strcpy (libName, "secur32.dll" );

    }

 

    lib = LoadLibrary (libName);

 

    pFreeCredentialsHandle

       = (FREE_CREDENTIALS_HANDLE_FN) GetProcAddress(

       lib, "FreeCredentialsHandle" );

 

    pAcquireCredentialsHandle

       = (ACQUIRE_CREDENTIALS_HANDLE_FN) GetProcAddress(

       lib, "AcquireCredentialsHandleA" );

 

    pFreeContextBuffer

       = (FREE_CONTEXT_BUFFER_FN) GetProcAddress(

       lib, "FreeContextBuffer" );

 

    pInitializeSecurityContext

       = (INITIALIZE_SECURITY_CONTEXT_FN) GetProcAddress(

       lib, "InitializeSecurityContextA" );

 

    pCompleteAuthToken

       = (COMPLETE_AUTH_TOKEN_FN) GetProcAddress(

       lib, "CompleteAuthToken" );

 

    pDeleteSecurityContext

       = (DELETE_SECURITY_CONTEXT_FN) GetProcAddress(

       lib, "DeleteSecurityContext" );

 

这样的实现写法的确可以节省代码和时间,但自己一步步的实现绝对不是没有必要. solaris下的实现就完全是java写的.

 

下面的注释才可以了解一下http认证原理:

 

/**

     * Returns the String that should be included in the HTTP

     * <B>Authorization</B> field.  Return null if no info was

     * supplied or could be found.

     * <P>

     * Example:

     * --> GET http://www.authorization-required.com/ HTTP/1.0

     * <-- HTTP/1.0 403 Unauthorized

     * <-- WWW-Authenticate: Basic realm="WallyWorld"

     * call schemeSupported("Basic"); (return true)

     * call authString(u, "Basic", "WallyWorld", null);

     *   return "QWadhgWERghghWERfdfQ=="

     * --> GET http://www.authorization-required.com/ HTTP/1.0

     * --> Authorization: Basic QWadhgWERghghWERfdfQ==

     * <-- HTTP/1.0 200 OK

     * <B> YAY!!!</B>

     */

 

其实这次重点不是以上而是DigestAuthentication

现在首先用pd12分析一下类结构,如下:

 

http://p.blog.csdn.net/images/p_blog_csdn_net/zfive5/72680/o_zfive5java.jpg

 

 

待续….

0
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:1040584次
    • 积分:15721
    • 等级:
    • 排名:第670名
    • 原创:455篇
    • 转载:257篇
    • 译文:0篇
    • 评论:279条
    格言
    都说人往高处走,可是高处不胜寒。水往低处流,谁知低处纳百川!
    文章分类
    文章存档
    最新评论