Restlet如何解码HTTP基本认证中的secret
Restlet how to decode secret in HTTP basic authentication
我有以下 class 处理我的路线之一:
public class HotelsSrv extends ServerResource implements
HotelsListResource {
private String hotelId;
@Override
protected void doInit() throws ResourceException {
super.doInit();
String str;
String secret = getRequest().getChallengeResponse().getSecret().toString();
byte[] bytes = new BASE64Decoder().decodeBuffer(secret)
str = new String(bytes);
System.out.println("user: "+getRequest().getChallengeResponse().getIdentifier());
System.out.println("password: "+str);
}
我正在尝试解码秘密,以便我可以使用自定义过程对其进行验证,但这一行引发了未知异常:
byte[] bytes = new BASE64Decoder().decodeBuffer(secret)
试试这个代码
public void authenticate(HttpServletRequest req) {
String authhead = req.getHeader("Authorization");
if (authhead != null) {
// *****Decode the authorisation String*****
byte[] e = Base64.decode(authhead.substring(6));
String usernpass = new String(e);
// *****Split the username from the password*****
String user = usernpass.substring(0, usernpass.indexOf(":"));
String password = usernpass.substring(usernpass.indexOf(":") + 1);
// check username and password
}
}
不需要encode/decode这个秘密。它在 ChallengeResponse class 中存储为 table 字符,仅出于安全原因(参见 javadocs,此 link 以获得更多解释 http://www.careercup.com/question?id=14955419)
String secret = new String(getRequest().getChallengeResponse().getSecret());
我有以下 class 处理我的路线之一:
public class HotelsSrv extends ServerResource implements
HotelsListResource {
private String hotelId;
@Override
protected void doInit() throws ResourceException {
super.doInit();
String str;
String secret = getRequest().getChallengeResponse().getSecret().toString();
byte[] bytes = new BASE64Decoder().decodeBuffer(secret)
str = new String(bytes);
System.out.println("user: "+getRequest().getChallengeResponse().getIdentifier());
System.out.println("password: "+str);
}
我正在尝试解码秘密,以便我可以使用自定义过程对其进行验证,但这一行引发了未知异常:
byte[] bytes = new BASE64Decoder().decodeBuffer(secret)
试试这个代码
public void authenticate(HttpServletRequest req) {
String authhead = req.getHeader("Authorization");
if (authhead != null) {
// *****Decode the authorisation String*****
byte[] e = Base64.decode(authhead.substring(6));
String usernpass = new String(e);
// *****Split the username from the password*****
String user = usernpass.substring(0, usernpass.indexOf(":"));
String password = usernpass.substring(usernpass.indexOf(":") + 1);
// check username and password
}
}
不需要encode/decode这个秘密。它在 ChallengeResponse class 中存储为 table 字符,仅出于安全原因(参见 javadocs,此 link 以获得更多解释 http://www.careercup.com/question?id=14955419)
String secret = new String(getRequest().getChallengeResponse().getSecret());