Java 6 SE 里的DigestAuthentication[1]
Author:zfive5
Email:zfive5@yahoo.com.cn
两三年前,看过一阵子java,同时也分析过java sdk的源码,当时为什么看jdbc是怎样实现的,今天在csdn看到什么13篇文章,看到java 6 SE支持ntlm了。
同是也看到了Digest,一下子兴趣就来,马上到sun的网站download一个jdk 6 se的代码. java的大部分代码都是java,还有很少一部分是c写的(这部分主要是和平台有关的)
命令行下运行:
C:/>java -jar C:/jdk-6u2-fcs-src-b05-jrl-22_jun_2007.jar
根据提示指定解压目录就可以.
Windows的NTLM下居然用的是ms的dll,如下:
OSVERSIONINFO version;
UCHAR libName[MAX_PATH];
ntlm_ctxHandleID = (*env)->GetFieldID(env, clazz, "ctxHandle", "J");
ntlm_crdHandleID = (*env)->GetFieldID(env, clazz, "crdHandle", "J");
version.dwOSVersionInfoSize = sizeof (OSVERSIONINFO);
GetVersionEx (&version);
if (version.dwPlatformId == VER_PLATFORM_WIN32_NT) {
strcpy (libName, "security.dll" );
}
else if (version.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS) {
strcpy (libName, "secur32.dll" );
}
lib = LoadLibrary (libName);
pFreeCredentialsHandle
= (FREE_CREDENTIALS_HANDLE_FN) GetProcAddress(
lib, "FreeCredentialsHandle" );
pAcquireCredentialsHandle
= (ACQUIRE_CREDENTIALS_HANDLE_FN) GetProcAddress(
lib, "AcquireCredentialsHandleA" );
pFreeContextBuffer
= (FREE_CONTEXT_BUFFER_FN) GetProcAddress(
lib, "FreeContextBuffer" );
pInitializeSecurityContext
= (INITIALIZE_SECURITY_CONTEXT_FN) GetProcAddress(
lib, "InitializeSecurityContextA" );
pCompleteAuthToken
= (COMPLETE_AUTH_TOKEN_FN) GetProcAddress(
lib, "CompleteAuthToken" );
pDeleteSecurityContext
= (DELETE_SECURITY_CONTEXT_FN) GetProcAddress(
lib, "DeleteSecurityContext" );
这样的实现写法的确可以节省代码和时间,但自己一步步的实现绝对不是没有必要. 在solaris下的实现就完全是java写的.
下面的注释才可以了解一下http认证原理:
/**
* Returns the String that should be included in the HTTP
* <B>Authorization</B> field. Return null if no info was
* supplied or could be found.
* <P>
* Example:
* --> GET http://www.authorization-required.com/ HTTP/1.0
* <-- HTTP/1.0 403 Unauthorized
* <-- WWW-Authenticate: Basic realm="WallyWorld"
* call schemeSupported("Basic"); (return true)
* call authString(u, "Basic", "WallyWorld", null);
* return "QWadhgWERghghWERfdfQ=="
* --> GET http://www.authorization-required.com/ HTTP/1.0
* --> Authorization: Basic QWadhgWERghghWERfdfQ==
* <-- HTTP/1.0 200 OK
* <B> YAY!!!</B>
*/
其实这次重点不是以上而是DigestAuthentication
现在首先用pd12分析一下类结构,如下:
待续….