ZFIVE5

zfive5@163.com

Java 6 SE 里的DigestAuthentication[1]


Java 6 SE 里的DigestAuthentication[1]

Author:zfive5
Email:zfive5@yahoo.com.cn

两三年前,看过一阵子java,同时也分析过java sdk的源码,当时为什么看jdbc是怎样实现的,今天在csdn看到什么13篇文章,看到java 6 SE支持ntlm

 

同是也看到了Digest,一下子兴趣就来,马上到sun的网站download一个jdk 6 se的代码. java的大部分代码都是java,还有很少一部分是c写的(这部分主要是和平台有关的)

 

命令行下运行:

 

C:/>java -jar C:/jdk-6u2-fcs-src-b05-jrl-22_jun_2007.jar

 

根据提示指定解压目录就可以.

 

WindowsNTLM下居然用的是msdll,如下:

 

    OSVERSIONINFO   version;

    UCHAR libName[MAX_PATH];

 

    ntlm_ctxHandleID = (*env)->GetFieldID(env, clazz, "ctxHandle", "J");

    ntlm_crdHandleID = (*env)->GetFieldID(env, clazz, "crdHandle", "J");

 

    version.dwOSVersionInfoSize = sizeof (OSVERSIONINFO);

    GetVersionEx (&version);

 

    if (version.dwPlatformId == VER_PLATFORM_WIN32_NT) {

       strcpy (libName, "security.dll" );

    }

    else if (version.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS) {

       strcpy (libName, "secur32.dll" );

    }

 

    lib = LoadLibrary (libName);

 

    pFreeCredentialsHandle

       = (FREE_CREDENTIALS_HANDLE_FN) GetProcAddress(

       lib, "FreeCredentialsHandle" );

 

    pAcquireCredentialsHandle

       = (ACQUIRE_CREDENTIALS_HANDLE_FN) GetProcAddress(

       lib, "AcquireCredentialsHandleA" );

 

    pFreeContextBuffer

       = (FREE_CONTEXT_BUFFER_FN) GetProcAddress(

       lib, "FreeContextBuffer" );

 

    pInitializeSecurityContext

       = (INITIALIZE_SECURITY_CONTEXT_FN) GetProcAddress(

       lib, "InitializeSecurityContextA" );

 

    pCompleteAuthToken

       = (COMPLETE_AUTH_TOKEN_FN) GetProcAddress(

       lib, "CompleteAuthToken" );

 

    pDeleteSecurityContext

       = (DELETE_SECURITY_CONTEXT_FN) GetProcAddress(

       lib, "DeleteSecurityContext" );

 

这样的实现写法的确可以节省代码和时间,但自己一步步的实现绝对不是没有必要. solaris下的实现就完全是java写的.

 

下面的注释才可以了解一下http认证原理:

 

/**

     * Returns the String that should be included in the HTTP

     * <B>Authorization</B> field.  Return null if no info was

     * supplied or could be found.

     * <P>

     * Example:

     * --> GET http://www.authorization-required.com/ HTTP/1.0

     * <-- HTTP/1.0 403 Unauthorized

     * <-- WWW-Authenticate: Basic realm="WallyWorld"

     * call schemeSupported("Basic"); (return true)

     * call authString(u, "Basic", "WallyWorld", null);

     *   return "QWadhgWERghghWERfdfQ=="

     * --> GET http://www.authorization-required.com/ HTTP/1.0

     * --> Authorization: Basic QWadhgWERghghWERfdfQ==

     * <-- HTTP/1.0 200 OK

     * <B> YAY!!!</B>

     */

 

其实这次重点不是以上而是DigestAuthentication

现在首先用pd12分析一下类结构,如下:

 

http://p.blog.csdn.net/images/p_blog_csdn_net/zfive5/72680/o_zfive5java.jpg

 

 

待续….

阅读更多
版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/zfive5/article/details/1796809
个人分类: Java
想对作者说点什么? 我来说一句

Java 2 SE 6 Documentation(帮助文档)

2014年08月23日 48.79MB 下载

java se 6 api

2013年05月19日 1KB 下载

没有更多推荐了,返回首页

加入CSDN,享受更精准的内容推荐,与500万程序员共同成长!
关闭
关闭