http://www.jexp.ru/index.php?action=history&feed=atom&title=Java_Tutorial%2FServlet%2FAuthentication
Java Tutorial/Servlet/Authentication - История изменений
2026-04-21T21:35:48Z
История изменений этой страницы в вики
MediaWiki 1.30.0
http://www.jexp.ru/index.php?title=Java_Tutorial/Servlet/Authentication&diff=4916&oldid=prev
Admin: 1 версия
2010-06-01T05:06:58Z
<p>1 версия</p>
<table class="diff diff-contentalign-left" data-mw="interface">
<tr style="vertical-align: top;" lang="ru">
<td colspan="1" style="background-color: white; color:black; text-align: center;">← Предыдущая</td>
<td colspan="1" style="background-color: white; color:black; text-align: center;">Версия 05:06, 1 июня 2010</td>
</tr><tr><td colspan="2" style="text-align: center;" lang="ru"><div class="mw-diff-empty">(нет различий)</div>
</td></tr></table>
Admin
http://www.jexp.ru/index.php?title=Java_Tutorial/Servlet/Authentication&diff=4915&oldid=prev
в 17:44, 31 мая 2010
2010-05-31T17:44:27Z
<p></p>
<p><b>Новая страница</b></p><div>== A password protected servlet ==<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="java"><br />
import java.io.IOException;<br />
import java.io.PrintWriter;<br />
import javax.servlet.ServletException;<br />
import javax.servlet.http.HttpServlet;<br />
import javax.servlet.http.HttpServletRequest;<br />
import javax.servlet.http.HttpServletResponse;<br />
import org.bouncycastle.crypto.Digest;<br />
import org.bouncycastle.crypto.digests.SHA1Digest;<br />
public class PasswordServlet extends HttpServlet {<br />
public void doGet(HttpServletRequest request, HttpServletResponse response)<br />
throws ServletException, IOException {<br />
System.out.println("user = " + request.getParameter("user"));<br />
System.out.println("timestamp = " + request.getParameter("timestamp"));<br />
System.out.println("random = " + request.getParameter("random"));<br />
System.out.println("digest = " + request.getParameter("digest"));<br />
String user = request.getParameter("user");<br />
String password = lookupPassword(user);<br />
String timestamp = request.getParameter("timestamp");<br />
String randomNumber = request.getParameter("random");<br />
byte[] userBytes = user.getBytes();<br />
byte[] timestampBytes = HexCodec.hexToBytes(timestamp);<br />
byte[] randomBytes = HexCodec.hexToBytes(randomNumber);<br />
byte[] passwordBytes = password.getBytes();<br />
Digest digest = new SHA1Digest();<br />
digest.update(userBytes, 0, userBytes.length);<br />
digest.update(timestampBytes, 0, timestampBytes.length);<br />
digest.update(randomBytes, 0, randomBytes.length);<br />
digest.update(passwordBytes, 0, passwordBytes.length);<br />
byte[] digestValue = new byte[digest.getDigestSize()];<br />
digest.doFinal(digestValue, 0);<br />
String message = "";<br />
String clientDigest = request.getParameter("digest");<br />
if (isEqual(digestValue, HexCodec.hexToBytes(clientDigest)))<br />
message = "User " + user + " logged in.";<br />
else<br />
message = "Login was unsuccessful.";<br />
response.setContentType("text/plain");<br />
response.setContentLength(message.length());<br />
PrintWriter out = response.getWriter();<br />
out.println(message);<br />
}<br />
private String lookupPassword(String user) {<br />
return "happy8";<br />
}<br />
private boolean isEqual(byte[] one, byte[] two) {<br />
if (one.length != two.length)<br />
return false;<br />
for (int i = 0; i < one.length; i++)<br />
if (one[i] != two[i])<br />
return false;<br />
return true;<br />
}<br />
}<br />
class HexCodec {<br />
private static final char[] kDigits = { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a",<br />
"b", "c", "d", "e", "f" };<br />
public static char[] bytesToHex(byte[] raw) {<br />
int length = raw.length;<br />
char[] hex = new char[length * 2];<br />
for (int i = 0; i < length; i++) {<br />
int value = (raw[i] + 256) % 256;<br />
int highIndex = value >> 4;<br />
int lowIndex = value & 0x0f;<br />
hex[i * 2 + 0] = kDigits[highIndex];<br />
hex[i * 2 + 1] = kDigits[lowIndex];<br />
}<br />
return hex;<br />
}<br />
public static byte[] hexToBytes(char[] hex) {<br />
int length = hex.length / 2;<br />
byte[] raw = new byte[length];<br />
for (int i = 0; i < length; i++) {<br />
int high = Character.digit(hex[i * 2], 16);<br />
int low = Character.digit(hex[i * 2 + 1], 16);<br />
int value = (high << 4) | low;<br />
if (value > 127)<br />
value -= 256;<br />
raw[i] = (byte) value;<br />
}<br />
return raw;<br />
}<br />
public static byte[] hexToBytes(String hex) {<br />
return hexToBytes(hex.toCharArray());<br />
}<br />
}</source><br />
<br />
<br />
<!-- end source code --><br />
<br />
<br />
<br />
<br />
<br />
== Get Auth Type from Servlet Request ==<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="java"><br />
import java.util.*;<br />
import java.io.*;<br />
import javax.servlet.*;<br />
import javax.servlet.http.*;<br />
import java.security.*;<br />
public class MyServlet extends HttpServlet {<br />
<br />
public void init(ServletConfig cfg) throws ServletException <br />
{<br />
super.init(cfg);<br />
} <br />
public void doGet(HttpServletRequest request, HttpServletResponse response) <br />
throws IOException, ServletException <br />
{<br />
response.setContentType("text/html");<br />
PrintWriter out = response.getWriter();<br />
out.println("<HTML>");<br />
out.println("<HEAD>");<br />
out.println("<TITLE>");<br />
out.println("User Authentication");<br />
out.println("</TITLE>");<br />
out.println("</HEAD>");<br />
out.println("<BODY>");<br />
out.println("<H1>User Authentication</H1>");<br />
String type = request.getAuthType();<br />
out.println("Welcome to this secure page.<BR>");<br />
out.println("Authentication mechanism: " + type + "<BR>");<br />
Principal principal = request.getUserPrincipal();<br />
out.println("Your username is: " + principal.getName() + "<BR>");<br />
out.println("</BODY>");<br />
out.println("</HTML>");<br />
} <br />
}</source><br />
<br />
<br />
<!-- end source code --><br />
<br />
<br />
<br />
<br />
<br />
<br />
== Servlet Login ==<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="java"><br />
import java.io.*;<br />
import java.util.*;<br />
import javax.servlet.*;<br />
import javax.servlet.http.*;<br />
public class MyServlet extends HttpServlet {<br />
public void doPost(HttpServletRequest req, HttpServletResponse res)<br />
throws ServletException, IOException {<br />
res.setContentType("text/html");<br />
PrintWriter out = res.getWriter();<br />
String account = req.getParameter("account");<br />
String password = req.getParameter("password");<br />
String pin = req.getParameter("pin");<br />
if (!allowUser(account, password, pin)) {<br />
out.println("<HTML><HEAD><TITLE>Access Denied</TITLE></HEAD>");<br />
out.println("<BODY>Your login and password are invalid.<BR>");<br />
out.println("You may want to <br />
<br />
<br />
<br />
== Servlet with bouncy castle security package ==<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="java"><br />
import java.io.IOException;<br />
import java.io.PrintWriter;<br />
import javax.servlet.ServletException;<br />
import javax.servlet.http.HttpServlet;<br />
import javax.servlet.http.HttpServletRequest;<br />
import javax.servlet.http.HttpServletResponse;<br />
import javax.servlet.http.HttpSession;<br />
import org.bouncycastle.crypto.StreamCipher;<br />
import org.bouncycastle.crypto.engines.RC4Engine;<br />
import org.bouncycastle.crypto.params.KeyParameter;<br />
public class StealthServlet extends HttpServlet {<br />
public void doGet(HttpServletRequest request, HttpServletResponse response)<br />
throws ServletException, IOException {<br />
String user = request.getParameter("user");<br />
HttpSession session = request.getSession();<br />
StreamCipher inCipher = (StreamCipher) session.getAttribute("inCipher");<br />
StreamCipher outCipher = (StreamCipher) session.getAttribute("outCipher");<br />
if (inCipher == null && outCipher == null) {<br />
byte[] inKey = getInKey(user);<br />
byte[] outKey = getOutKey(user);<br />
inCipher = new RC4Engine();<br />
outCipher = new RC4Engine();<br />
inCipher.init(true, new KeyParameter(inKey));<br />
outCipher.init(false, new KeyParameter(outKey));<br />
session.setAttribute("inCipher", inCipher);<br />
session.setAttribute("outCipher", outCipher);<br />
}<br />
String clientHex = request.getParameter("message");<br />
byte[] clientCiphertext = HexCodec.hexToBytes(clientHex);<br />
byte[] clientDecrypted = new byte[clientCiphertext.length];<br />
inCipher.processBytes(clientCiphertext, 0, clientCiphertext.length, clientDecrypted, 0);<br />
System.out.println("message = " + new String(clientDecrypted));<br />
String message = "Hello, this is StealthServlet.";<br />
byte[] plaintext = message.getBytes();<br />
byte[] ciphertext = new byte[plaintext.length];<br />
outCipher.processBytes(plaintext, 0, plaintext.length, ciphertext, 0);<br />
char[] hexCiphertext = HexCodec.bytesToHex(ciphertext);<br />
response.setContentType("text/plain");<br />
response.setContentLength(hexCiphertext.length);<br />
PrintWriter out = response.getWriter();<br />
out.println(hexCiphertext);<br />
}<br />
private byte[] getInKey(String user) {<br />
return "Outgoing MIDlet key".getBytes();<br />
}<br />
private byte[] getOutKey(String user) {<br />
return "Incoming MIDlet key".getBytes();<br />
}<br />
}<br />
class HexCodec {<br />
private static final char[] kDigits = { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a",<br />
"b", "c", "d", "e", "f" };<br />
public static char[] bytesToHex(byte[] raw) {<br />
int length = raw.length;<br />
char[] hex = new char[length * 2];<br />
for (int i = 0; i < length; i++) {<br />
int value = (raw[i] + 256) % 256;<br />
int highIndex = value >> 4;<br />
int lowIndex = value & 0x0f;<br />
hex[i * 2 + 0] = kDigits[highIndex];<br />
hex[i * 2 + 1] = kDigits[lowIndex];<br />
}<br />
return hex;<br />
}<br />
public static byte[] hexToBytes(char[] hex) {<br />
int length = hex.length / 2;<br />
byte[] raw = new byte[length];<br />
for (int i = 0; i < length; i++) {<br />
int high = Character.digit(hex[i * 2], 16);<br />
int low = Character.digit(hex[i * 2 + 1], 16);<br />
int value = (high << 4) | low;<br />
if (value > 127)<br />
value -= 256;<br />
raw[i] = (byte) value;<br />
}<br />
return raw;<br />
}<br />
public static byte[] hexToBytes(String hex) {<br />
return hexToBytes(hex.toCharArray());<br />
}<br />
}</source><br />
<br />
<br />
<!-- end source code --><br />
<br />
<br />
<br />
<br />
<br />
== Simple Servlet Example using the getRemoteUser() method. ==<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="java"><br />
import javax.servlet.ServletException;<br />
import javax.servlet.http.HttpServlet;<br />
import javax.servlet.http.HttpServletRequest;<br />
import javax.servlet.http.HttpServletResponse;<br />
public class MainClass extends HttpServlet {<br />
public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException,<br />
java.io.IOException {<br />
res.setContentType("text/html");<br />
java.io.PrintWriter out = res.getWriter();<br />
out.println("<HTML>");<br />
out.println("<HEAD><TITLE>User Example</TITLE></HEAD>");<br />
out.println("<BODY>");<br />
String username = req.getRemoteUser();<br />
if (username == null) {<br />
out.println("Hello. You are not logged in.");<br />
} else if ("Bob".equals(username)) {<br />
out.println("Hello, Bob. Nice to see you again.");<br />
} else {<br />
out.println("Hello, " + username + ".");<br />
}<br />
out.println("</BODY>");<br />
out.println("</HTML>");<br />
out.close();<br />
}<br />
}</source><br />
<br />
<br />
<!-- end source code --></div>