www-authenticate认证
2017-11-15 本文已影响0人
SingleException
7###实例代码
package cn.demo;
import java.io.IOException;
import java.io.Serializable;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;
public class ToolsFilter implements Filter, Serializable {
private String username;
private String password;
private static final long serialVersionUID = 1L;
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
resp.setContentType("text/html; charset=utf-8");
String authValue = req.getHeader("Authorization");
if(authValue!=null){
int sepeIndex = authValue.toUpperCase().indexOf("BASIC ");
String b64UserAndPwd = authValue.substring(sepeIndex + "BASIC ".length());
String[] ss =new String(Base64.decode(b64UserAndPwd)).split(":");
String name=ss[0];
String word=ss[1];
if(username.equals(name)&&password.equals(word)){
chain.doFilter(request, response);
return;
}
}
resp.setStatus(401);
resp.addHeader("WWW-Authenticate", "Basic realm=管理工具控制台登录");
String errMsg = "<center><font size=2><b>登录失败,请检查用户名和口令。</b></font></center>";
resp.getWriter().println(errMsg);
}
@Override
public void init(FilterConfig config) throws ServletException {
username=config.getInitParameter("ADMIN_NAME");
password=config.getInitParameter("ADMIN_PASSWD");
}
}
web.xml配置
<filter>
<filter-name>tools</filter-name>
<filter-class>cn.demo.ToolsFilter</filter-class>
<init-param>
<param-name>ADMIN_NAME</param-name>
<param-value>admin</param-value>
</init-param>
<init-param>
<param-name>ADMIN_PASSWD</param-name>
<param-value>admin</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>tools</filter-name>
<url-pattern>/*</url-pattern>
<!-- 没有配置dispatcher就是默认request方式的 -->
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
