Java Restlet如何在HTTP基本身份验证中解码机密
我有以下班级处理我的一条路线:Java Restlet如何在HTTP基本身份验证中解码机密,java,rest,base64,jax-rs,restlet,Java,Rest,Base64,Jax Rs,Restlet,我有以下班级处理我的一条路线: public class HotelsSrv extends ServerResource implements HotelsListResource { private String hotelId; @Override protected void doInit() throws ResourceException { super.doInit(); String str; String s
public class HotelsSrv extends ServerResource implements
HotelsListResource {
private String hotelId;
@Override
protected void doInit() throws ResourceException {
super.doInit();
String str;
String secret = getRequest().getChallengeResponse().getSecret().toString();
byte[] bytes = new BASE64Decoder().decodeBuffer(secret)
str = new String(bytes);
System.out.println("user: "+getRequest().getChallengeResponse().getIdentifier());
System.out.println("password: "+str);
}
byte[] bytes = new BASE64Decoder().decodeBuffer(secret)
public void authenticate(HttpServletRequest req) {
String authhead = req.getHeader("Authorization");
if (authhead != null) {
// *****Decode the authorisation String*****
byte[] e = Base64.decode(authhead.substring(6));
String usernpass = new String(e);
// *****Split the username from the password*****
String user = usernpass.substring(0, usernpass.indexOf(":"));
String password = usernpass.substring(usernpass.indexOf(":") + 1);
// check username and password
}
}
不需要对秘密进行编码/解码。它存储为ChallengeResponse类中的一个char表,仅出于安全原因(参见javadocs,更多说明请参见此链接)
你试过下面的代码吗?我对上面的代码做了一些调整,效果很好:Series headers=HttpRequest.getCurrent().getHeaders();字符串auth=headers.getFirstValue(“授权”);如果(auth!=null){//解码授权字符串字节[]e=Base64.Decode(auth.substring(6));字符串usernpass=new String(e);//从密码中拆分用户名user=usernpass.substring(0,usernpass.indexOf(“:”);密码=usernpass.substring(usernpass.indexOf(“:”)+1); }
String secret = new String(getRequest().getChallengeResponse().getSecret());