HTTP 提供一个用于权限控制和认证的通用框架。最常用的HTTP认证方案是HTTP Basic authentication。
本页介绍了通用的HTTP认证框架以及展示如何通过HTTP Basic authentication来限制权限访问您的服务器。
通用的 HTTP 认证框架
RFC 7235 定义了一个 HTTP 身份验证框架,服务器可以用来针对客户端的请求发送 challenge (质询信息),客户端则可以用来提供身份验证凭证。
质询与应答的工作流程如下:服务器端向客户端返回 401(Unauthorized,未被授权的) 状态码,并在 WWW-Authenticate 首部提供如何进行验证的信息,
其中至少包含有一种质询方式。之后有意向证明自己身份的客户端可以在新的请求中添加 Authorization 首部字段进行验证,字段值为身份验证凭证信息。
通常客户端会弹出一个密码框让用户填写,然后发送包含有恰当的 Authorization
首部的请求。
Java代码示例
/** * BasicAuth认证 * @param username * @param password * @return */ public static CloseableHttpClient httpClientWithBasicAuth(String username, String password){ //创建HttpClientBuilder HttpClientBuilder httpClientBuilder = HttpClientBuilder.create(); //设置BasicAuth BasicCredentialsProvider provider = new BasicCredentialsProvider(); //创建身份验证范围 AuthScope scope = new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT, AuthScope.ANY_REALM); //创建证书对 UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(username, password); //注入凭证 provider.setCredentials(scope,credentials); //设置默认凭据提供程序 httpClientBuilder.setDefaultCredentialsProvider(provider); //httpClient CloseableHttpClient closeableHttpClient = httpClientBuilder.build(); return closeableHttpClient; }
/** * HttpGet请求 * * @param url * @param userName * @param passWord * @return */ public String sendHttpGet(String url, String userName, String passWord) { //BaseAuth认证 CloseableHttpClient client = GetHeadersUtils.httpClientWithBasicAuth(userName, passWord); //base64认证 String value = userName + ":" + passWord; String encodedString = Base64.getEncoder().encodeToString(value.getBytes()); String result = ""; HttpResponse httpResponse = null; HttpGet httpGet = new HttpGet(url); // httpGet.addHeader(KEY, encodedString); httpGet.addHeader(KEY, "Basic" +"\n"+encodedString); try { httpResponse = client.execute(httpGet); HttpEntity entity = httpResponse.getEntity(); if (!ObjectUtils.isEmpty(entity)) {// 将响应内容转换为字符串 result = EntityUtils.toString(entity); } } catch (IOException e) { e.printStackTrace(); } //关闭连接 try { client.close(); } catch (IOException e) { e.printStackTrace(); } return result; }
/** * httpPost请求 * * @param url * @param userName * @param passWord * @param param * @return */ @SneakyThrows public String sendHttpPost(String url, String userName, String passWord, JSONObject param) { //baseAuth认证 CloseableHttpClient closeableHttpClient = GetHeadersUtils.httpClientWithBasicAuth(userName, passWord); String result = ""; HttpResponse httpResponse = null; //http请求 HttpPost httpPost = new HttpPost(url); httpPost.setEntity(new StringEntity(param.toString())); try { httpResponse = closeableHttpClient.execute(httpPost); HttpEntity entity = httpResponse.getEntity(); if (entity != null) {// 将响应内容转换为字符串 result = EntityUtils.toString(entity); } } catch (IOException e) { e.printStackTrace(); } //关闭连接 try { closeableHttpClient.close(); } catch (IOException e) { e.printStackTrace(); } return result; } }
private static String KEY = "Authorization"; /** * HttpPut请求 * * @param url * @param userName * @param passWord * @param httpEntity * @return */ public String sendHttpPut(StringBuffer url, String userName, String passWord, HttpEntity httpEntity) { //BaseAuth认证 CloseableHttpClient client = GetHeadersUtils.httpClientWithBasicAuth(userName, passWord); HttpPut httpPut = new HttpPut(url.toString()); String value = userName + ":" + passWord; String encodedString = Base64.getEncoder().encodeToString(value.getBytes()); httpPut.setEntity(httpEntity); httpPut.addHeader(KEY, "Basic" +"\n"+encodedString); String result = ""; HttpResponse httpResponse = null; try { httpResponse = client.execute(httpPut); HttpEntity entity = httpResponse.getEntity(); if (!ObjectUtils.isEmpty(entity)) { // 将响应内容转换为字符串 result = EntityUtils.toString(entity); } } catch (IOException e) { e.printStackTrace(); } //关闭链接 try { client.close(); } catch (IOException e) { e.printStackTrace(); } return result; } /** * httpDelete * * @param url * @param userName * @param passWord * @return */ public String sendHttpDelete(StringBuffer url, String userName, String passWord) { CloseableHttpClient client = GetHeadersUtils.httpClientWithBasicAuth(userName, passWord); HttpDelete httpDelete = new HttpDelete(url.toString()); String result = ""; HttpResponse httpResponse = null; try { httpResponse = client.execute(httpDelete); HttpEntity entity = httpResponse.getEntity(); if (!ObjectUtils.isEmpty(entity)) {// 将响应内容转换为字符串 result = EntityUtils.toString(entity); } } catch (IOException e) { e.printStackTrace(); } //关闭连接 try { client.close(); } catch (IOException e) { e.printStackTrace(); } return result; }