发送http请求往往需要带用户名和密码,服务端进行授权验证
实现方式是将将用户名和密码放到请求头里面,采用Basic Authentication Scheme ,译为基本授权方案,想要了解的可以自己查查
下面是客户端和服务端的实现
客户端实现:
public void httpSetAuth() throws IOException {
String url3="http://localhost:8085/wangdkMvc/httpTest/getAuthorization.aido";
PrintWriter out = null;
BufferedReader in = null;
String result = "";
String username = "zhangsan";
String password = "mima";
String input = username + ":" + password;
URL realUrl = new URL(url3);
// 打开和URL之间的连接
HttpURLConnection conn = (HttpURLConnection) realUrl.openConnection();
BASE64Encoder base = new BASE64Encoder();
String encodedPassword = base.encode(input.getBytes("UTF-8"));
//将加密的账号密码放到请求头里,这里注意Basic后面要加空格
conn.setRequestProperty("Authorization", "Basic " + encodedPassword);
conn.setConnectTimeout(6000*5);
conn.setReadTimeout(6000*5);
conn.setDoOutput(true);
conn.setDoInput(true);
// 获取URLConnection对象对应的输出流
out = new PrintWriter(conn.getOutputStream());
// 发送请求参数
out.print("{'type':'term','segId':'F5090A0445564C2ABE5225992C62FB710'}");
out.flush();
in = new BufferedReader(
new InputStreamReader(conn.getInputStream(), "UTF-8"));
String line;
while ((line = in.readLine()) != null) {
result += line;
}
System.out.println("resultMessage="+result);
if(out!=null){
out.close();
}
if(in!=null){
in.close();
}
}
服务端实现:
@Controller
@RequestMapping("/httpTest")
public class httpController {
@RequestMapping("/getAuthorization")
@ResponseBody
public void urlJsonPassworld(HttpServletRequest request, HttpServletResponse response) throws IOException {
response.setCharacterEncoding("UTF-8");
request.setCharacterEncoding("UTF-8");
JSONObject returnJson = new JSONObject();
System.out.println("获取Authorization 验证信息如下");
System.out.println("request.getHeader(\"Authorization\"):"+request.getHeader("Authorization"));
String[] auth = request.getHeader("Authorization").split(" ");
String userAndPassworld="";
if(auth.length<2){
System.out.println("获取Authorization 验证信息错误");
returnJson.put("result","0");
returnJson.put("message","获取认证信息错误");
}else{
//解密账号和密码
BASE64Decoder decoder = new BASE64Decoder();
try {
byte[] b = decoder.decodeBuffer(auth[1]);
userAndPassworld = new String(b,"UTF-8");
} catch (Exception e) {
e.printStackTrace();
returnJson.put("result","0");
returnJson.put("message",e.getMessage());
}
//获取账号密码后,可以做权限验证,是写个拦截器也是非常好的,看个人需求了
System.out.println("userAndPassworld="+userAndPassworld);
//获取客户端传入信息
String inputMessage="";
BufferedReader in =new BufferedReader(
new InputStreamReader(
new BufferedInputStream(request.getInputStream()),"GBK")
);
String strMes=in.readLine();
while(strMes!= null){
inputMessage += strMes;
strMes=in.readLine();
}
System.out.println("inputMessage="+inputMessage);
}
//如果验证信息没有错误,返回给客户端信息
returnJson.put("result","1");
returnJson.put("message","成功");
OutputStream outputStream = response.getOutputStream();
PrintWriter printWriter = new PrintWriter(outputStream);
printWriter.print(returnJson);
printWriter.flush();
}
}
控制台信息
客户端控制台信息
resultMessage={"result":"1","message":"成功"}
服务端控制台信息
获取Authorization 验证信息如下
request.getHeader("Authorization"):Basic emhhbmdzYW46bWltYQ==
userAndPassworld=zhangsan:mima
inputMessage={'type':'term','segId':'F5090A0445564C2ABE5225992C62FB710'}