java http 认证方式

j2ee_zhongqi

<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html> <head>  <title>My JSP 'index.jsp' starting page</title>  <meta http-equiv="pragma" content="no-cache">  <meta http-equiv="cache-control" content="no-cache">  <meta http-equiv="expires" content="0">  <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">  <meta http-equiv="description" content="This is my page">  <!-- <link rel="stylesheet" type="text/css" href="styles.css"> --> </head> <body>  <%   sun.misc.BASE64Decoder decoder = new sun.misc.BASE64Decoder();   boolean authenticated = false;   String authorization = request.getHeader("authorization");   System.out.println("authorization:" + authorization);   if (authorization != null) {    if (authorization.startsWith("Basic")) {     authorization = authorization.substring(authorization     .indexOf(' ') + 1);     byte[] bytes = decoder.decodeBuffer(authorization);     authorization = new String(bytes);     String userName = authorization.substring(0, authorization     .indexOf(':'));     String password = authorization.substring(authorization     .indexOf(':') + 1);     System.out.println("userName:" + userName);     System.out.println("password:" + password);     authenticated = userName.equals("abc")     && password.equals("abc");    } else if (authorization.startsWith("Digest")) {     String userName = authorization.substring(authorization     .indexOf("username="));     userName = userName.substring("username=\"".length());     userName = userName.substring(0, userName.indexOf('"'));     String password = authorization.substring(authorization     .indexOf("response="));     password = password.substring("response=\"".length());     password = password.substring(0, password.indexOf('"'));     authenticated = userName.equals("abc")     && password     .equals("3cf1135d3b8e20dd9272d06288569a56");    }   }   if (!authenticated) {    // response.addHeader("WWW-Authenticate","Digest realm=\"Tomcat Manager Application\"");　　    response.addHeader("WWW-Authenticate",    "Basic realm=\"Tomcat Manager Application\"");    response.sendError(401, "Unauthorized");   } else {    out.println("hello abc");   }  %> </body></html>