In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >
Share
Shulou(Shulou.com)06/01 Report--
Today, the editor will share with you the relevant knowledge points about how Tomcat is handled internally to complete BASIC application certification. The content is detailed and the logic is clear. I believe most people still know too much about this knowledge, so share this article for your reference. I hope you can get something after reading this article. Let's take a look at it.
1. Authorization request header
Before that, let's take a look at the specific role of Authorization in the request header. The following is the definition of authorization in RFC2616:
A user agent that wishes to authenticate itself with a server--
Usually, but not necessarily, after receiving a 401 response--
Does so by including an Authorization request-header field with the
Request. T
Authorization = "Authorization": "credentials
That is, after receiving the 401 information returned by the server, it is used to transmit the authentication information to the server.
2. BASIC certification
The security authentication methods of HTTP can be implemented in the following ways:
BASIC
FORM
DIGEST
SSL
After entering the user name and password, what is actually passed to Tomcat is something like this:
Basic dG9tY2F0OnRvbWNhdA==
This string, before the space is the current authentication method, and the space is followed by the Base64 encoding of the user name and password. When you write here, everyone should know, oh, the background is directly Base64 decoding. You're right. Here's the thing.
The decoded code is as follows: located in BasicAuthorization.authenticate ()
/ / Validate any credentials already included with this request
MessageBytes authorization =
Request.getCoyoteRequest () .getMimeHeaders ()
.getValue ("authorization"); / / parse the authentication value in the request header
If (authorization! = null) {
Authorization.toBytes ()
ByteChunk authorizationBC = authorization.getByteChunk ()
BasicCredentials credentials = null
Try {
Credentials = new BasicCredentials (authorizationBC); / / where the user name and password are resolved
String username = credentials.getUsername ()
String password = credentials.getPassword ()
/ / enter the Realm authentication according to the obtained data
Principal = context.getRealm () .authenticate (username, password)
If (principal! = null) {
Register (request, response, principal
HttpServletRequest.BASIC_AUTH, username, password)
Return (true)
}
}
Catch (IllegalArgumentException iae) {
If (log.isDebugEnabled ()) {
Log.debug ("Invalid Authorization" + iae.getMessage ())
}
}
} BasicCredentials constructor: / * *
* Parse the HTTP Authorization header for BASIC authentication
* as per RFC 2617 section 2, and the Base64 encoded credentials
* as per RFC 2045 section 6.8.
*
* @ param input The header value to parse in-place
*
* @ throws IllegalArgumentException If the header does not conform
* to RFC 2617
, /
Public BasicCredentials (ByteChunk input)
Throws IllegalArgumentException {
Authorization = input
InitialOffset = input.getOffset ()
ParseMethod ()
Byte [] decoded = parseBase64 ()
ParseCredentials (decoded); / / extract here}
This is the Authorization request header extraction process for Basic. What PostMan does is add the user name and password information to the request header before the request.
If you will open the code and try it after reading this article, Tomcat's Manager app is an example. It is also authenticated through BASIC.
3. Application
How do we configure our general applications to use BASIC authentication?
All you need to do is declare the following snippet in web.xml
BASIC
Tomcat Manager Application
At this point, BASIC authentication is used for the application. But if you try it in a hurry at this time, it will not work. Because you didn't specify which resources to protect!
You also need to declare which resources are protected separately, such as the following configuration snippet
HTML Manager
/ html/*
Manager-gui
The above states the specific protected request path, the corresponding role used, and so on. For more information on configuration, please refer to the Manager application, and we won't talk about it any more.
4. Why
We mentioned above that there are many ways to authenticate HTTP, and Tomcat also has corresponding implementations.
So after configuring BASIC in web.xml, how does it correspond to the specific BASIC authentication code?
In fact, the principle of implementation looks like this:
The authentication methods shown in the above list, corresponding to Tomcat, are implemented in the form of a Valve. Which Valve corresponding to the authentication method is added to each application is achieved by parsing the auth-method configured in the web.xml and determining the specific method.
These are all the contents of this article entitled "how to complete BASIC Application Certification within Tomcat". Thank you for reading! I believe you will gain a lot after reading this article. The editor will update different knowledge for you every day. If you want to learn more knowledge, please pay attention to the industry information channel.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.