如何从HTTP基本身份验证获取密码 [英] How to get password from HTTP basic authentication

问题描述

我正在通过Java使用HTTP BASIC身份验证.

I'm using HTTP BASIC Authentication with Java.

我的Servlet发送一条JMS消息，但我需要在创建连接时提供用户名和密码来对自己进行身份验证:

My Servlet sends a JMS message but I need to supply the user and password to authenticate myself while creating the connection:

javax.jms.ConnectionFactory.createConnection(String username, String password)

我可以从HttpServletRequest.getUserPrincipal()中检索用户名.但是似乎没有办法检索密码.我该如何解决?

I can retrieve the username from HttpServletRequest.getUserPrincipal(). But there seems to be no way to retrieve the password. How do I solve this?

推荐答案

您所指的密码很可能与用户登录时提供的密码不同.虽然问题尚不清楚用例，但您似乎正在尝试使用外部用户提供的用户名/密码来创建与JMS Connection Factory的连接.这对我来说在体系结构上听起来并不安全.您只应使用一个凭据来连接到ConnectionFactory，该凭据需要受到保护(将其视为db连接).更好的方法是使用JNDI查找ConnectionFactory并绕过用户名/密码管理工作.

The password you are referring to is most probably different from the one provided by users while login. While the use case is not clear from the question, but it appears you are trying to use the username/password provided by external users to create a connection to JMS Connection Factory. This does not sound architecturally secure to me. You should use only one credential for connecting to ConnectionFactory which needs to be protected( treat it like db connections). Better is to use JNDI to lookup ConnectionFactory and bypass the username/password management stuff.

但是，如果必须使用该技术，可以使用以下代码块.我正在Gitblit项目中复制它，因为它已在Eclipse中打开

However, in case you have to use the technique, can use following code block.I am copying it from Gitblit project as it was open in my eclipse

使用Java8 Base64类:

Using Java8 Base64 class:

final String authorization = httpRequest.getHeader("Authorization");
if (authorization != null && authorization.toLowerCase().startsWith("basic")) {
    // Authorization: Basic base64credentials
    String base64Credentials = authorization.substring("Basic".length()).trim();
    byte[] credDecoded = Base64.getDecoder().decode(base64Credentials);
    String credentials = new String(credDecoded, StandardCharsets.UTF_8);
    // credentials = username:password
    final String[] values = credentials.split(":", 2);
}

这篇关于如何从HTTP基本身份验证获取密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！