HTTP 身份验证

最新推荐文章于 2024-04-13 18:04:19 发布

qq_20049725

最新推荐文章于 2024-04-13 18:04:19 发布

阅读量942

点赞数

文章标签： http 服务器 java

本文链接：https://blog.csdn.net/qq_20049725/article/details/122978854

版权

HTTP 提供一个用于权限控制和认证的通用框架。最常用的HTTP认证方案是HTTP Basic authentication。

本页介绍了通用的HTTP认证框架以及展示如何通过HTTP Basic authentication来限制权限访问您的服务器。

通用的 HTTP 认证框架

RFC 7235 定义了一个 HTTP 身份验证框架，服务器可以用来针对客户端的请求发送 challenge （质询信息），客户端则可以用来提供身份验证凭证。

质询与应答的工作流程如下：服务器端向客户端返回 401（Unauthorized，未被授权的）状态码，并在 WWW-Authenticate 首部提供如何进行验证的信息，

其中至少包含有一种质询方式。之后有意向证明自己身份的客户端可以在新的请求中添加 Authorization 首部字段进行验证，字段值为身份验证凭证信息。

通常客户端会弹出一个密码框让用户填写，然后发送包含有恰当的 Authorization 首部的请求。

Java代码示例

/**
 * BasicAuth认证
 * @param username
 * @param password
 * @return
 */
public static CloseableHttpClient httpClientWithBasicAuth(String username, String password){
    //创建HttpClientBuilder
    HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
    //设置BasicAuth
    BasicCredentialsProvider provider = new BasicCredentialsProvider();
    //创建身份验证范围
    AuthScope scope = new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT, AuthScope.ANY_REALM);
    //创建证书对
    UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(username, password);
    //注入凭证
    provider.setCredentials(scope,credentials);
    //设置默认凭据提供程序
    httpClientBuilder.setDefaultCredentialsProvider(provider);
    //httpClient
    CloseableHttpClient closeableHttpClient = httpClientBuilder.build();

    return closeableHttpClient;
}

/**
  * HttpGet请求
  *
  * @param url
  * @param userName
  * @param passWord
  * @return
  */
 public String sendHttpGet(String url, String userName, String passWord) {
     //BaseAuth认证
     CloseableHttpClient client = GetHeadersUtils.httpClientWithBasicAuth(userName, passWord);
     //base64认证
     String value = userName + ":" + passWord;
     String encodedString = Base64.getEncoder().encodeToString(value.getBytes());
     String result = "";
     HttpResponse httpResponse = null;
     HttpGet httpGet = new HttpGet(url);
//     httpGet.addHeader(KEY, encodedString);
   httpGet.addHeader(KEY, "Basic" +"\n"+encodedString);
     try {
         httpResponse = client.execute(httpGet);
         HttpEntity entity = httpResponse.getEntity();
         if (!ObjectUtils.isEmpty(entity)) {// 将响应内容转换为字符串
             result = EntityUtils.toString(entity);
         }
     } catch (IOException e) {
         e.printStackTrace();
     }
     //关闭连接
     try {
         client.close();

     } catch (IOException e) {
         e.printStackTrace();
     }
     return result;
 }

/**
     * httpPost请求
     *
     * @param url
     * @param userName
     * @param passWord
     * @param param
     * @return
     */
    @SneakyThrows
    public String sendHttpPost(String url, String userName, String passWord, JSONObject param) {
        //baseAuth认证
        CloseableHttpClient closeableHttpClient = GetHeadersUtils.httpClientWithBasicAuth(userName, passWord);
        String result = "";
        HttpResponse httpResponse = null;
        //http请求
        HttpPost httpPost = new HttpPost(url);
        httpPost.setEntity(new StringEntity(param.toString()));
        try {
            httpResponse = closeableHttpClient.execute(httpPost);
            HttpEntity entity = httpResponse.getEntity();
            if (entity != null) {// 将响应内容转换为字符串
                result = EntityUtils.toString(entity);
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
        //关闭连接
        try {
            closeableHttpClient.close();

        } catch (IOException e) {
            e.printStackTrace();
        }
        return result;
    }
}

private static String KEY = "Authorization";


/**
 * HttpPut请求
 *
 * @param url
 * @param userName
 * @param passWord
 * @param httpEntity
 * @return
 */
public String sendHttpPut(StringBuffer url, String userName, String passWord, HttpEntity httpEntity) {
    //BaseAuth认证
    CloseableHttpClient client = GetHeadersUtils.httpClientWithBasicAuth(userName, passWord);
    HttpPut httpPut = new HttpPut(url.toString());
    String value = userName + ":" + passWord;
    String encodedString = Base64.getEncoder().encodeToString(value.getBytes());
    httpPut.setEntity(httpEntity);
    httpPut.addHeader(KEY, "Basic" +"\n"+encodedString);
    String result = "";
    HttpResponse httpResponse = null;
    try {
        httpResponse = client.execute(httpPut);
        HttpEntity entity = httpResponse.getEntity();
        if (!ObjectUtils.isEmpty(entity)) { // 将响应内容转换为字符串
            result = EntityUtils.toString(entity);
        }
    } catch (IOException e) {
        e.printStackTrace();
    }
    //关闭链接
    try {
        client.close();
    } catch (IOException e) {
        e.printStackTrace();
    }
    return result;
}

/**
 * httpDelete
 *
 * @param url
 * @param userName
 * @param passWord
 * @return
 */
public String sendHttpDelete(StringBuffer url, String userName, String passWord) {
    CloseableHttpClient client = GetHeadersUtils.httpClientWithBasicAuth(userName, passWord);
    HttpDelete httpDelete = new HttpDelete(url.toString());
    String result = "";
    HttpResponse httpResponse = null;
    try {
        httpResponse = client.execute(httpDelete);
        HttpEntity entity = httpResponse.getEntity();
        if (!ObjectUtils.isEmpty(entity)) {// 将响应内容转换为字符串
            result = EntityUtils.toString(entity);
        }
    } catch (IOException e) {
        e.printStackTrace();
    }
    //关闭连接
    try {
        client.close();
    } catch (IOException e) {
        e.printStackTrace();
    }
    return result;
}

qq_20049725

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
HTTP 身份验证

HTTP 提供一个用于权限控制和认证的通用框架。最常用的HTTP认证方案是HTTP Basic authentication。本页介绍了通用的HTTP认证框架以及展示如何通过HTTP Basic authentication来限制权限访问您的服务器。通用的 HTTP 认证框架RFC 7235定义了一个 HTTP 身份验证框架，服务器可以用来针对客户端的请求发送challenge（质询信息），客户端则可以用来提供身份验证凭证。质询与应答的工作流程如下：服务器端向客户端返回401（Una...
复制链接

扫一扫