-
2008-12-04
java servlet 密码认证
版权声明:转载时请以超链接形式标明文章原始出处和作者信息及本声明
/**
http://zhutong7758.blogbus.com/logs/32117923.html
* @(#) UserAuthenticateFilter.java
*
* Copyright 2004 Opensource Develop Team. All rights reserved.
*/
// package
package com.opensource.filter;
// imports
import sun.misc.BASE64Decoder;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import com.opensource.database.ConnectFactory;
/**
* 进行用户身份验证,通过和数据库相连取得用户信息。
*
* @author: ODT
* @see: Filter
* @version: 1.0 21/04/2004
* @since: 1.3
*/
public class UserAuthenticateFilter implements Filter
{
private FilterConfig filterConfig = null;
private String adhocPassword = null;
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException
{
if (filterConfig == null)
return;
HttpServletRequest myReq = (HttpServletRequest) request;
HttpServletResponse myResp = (HttpServletResponse) response;
HttpSession session = myReq.getSession();
String authString = myReq.getHeader("Authorization");
if (authString == null)
{
// 修改realm
myResp.addHeader("WWW-Authenticate", "BASIC realm=\"OpenSource\"");
myResp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
else
{
// atuhenticate
BASE64Decoder decoder = new BASE64Decoder();
String enString = authString.substring(6);
String decString = new String(decoder.decodeBuffer(enString));
int idx = decString.indexOf(":");
String uid = decString.substring(0, idx);
String pwd = decString.substring(idx+1);
if (!externalAuthenticate(uid, pwd))
{
// 修改realm
myResp.addHeader("WWW-Authenticate", "BASIC realm=\"OpenSource\"");
myResp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
session.setAttribute("username", uid);
session.setAttribute("password", pwd);
}
filterConfig.getServletContext().log("in AdHocAuthenticateFilter");
chain.doFilter(request, response);
filterConfig.getServletContext().log("Getting out of AdHocAuthenticateFilter");
}
/**
* 数据库查询可自己修改
* @param: user -- 用户名
* @param: password -- 密码
* @return: boolean
*/
private boolean externalAuthenticate(String user, String password)
{
Connection myConnection = new ConnectFactory().getConnection();
try
{
String confirmSql =
"SELECT USERNAME, PASSWORD FROM USERS WHERE " +
"USERNAME=? AND PASSWORD=?";
PreparedStatement prep = myConnection.prepareStatement(confirmSql);
prep.setString(1, user);
prep.setString(2, password);
ResultSet rs = prep.executeQuery();
if (rs.next())
{
myConnection.close();
return true;
}
}
catch (SQLException sqle)
{
return false;
}
return false;
}
public void destroy(){}
public void init(FilterConfig filterConfig)
{
if (adhocPassword == null)
adhocPassword = "aaaa";
this.filterConfig = filterConfig;
}
public String toString()
{
if (filterConfig == null)
return ("AdHocAuthenticateFilter()");
StringBuffer sb = new StringBuffer("AdHocAuthenticateFilter(");
sb.append(filterConfig);
sb.append(")");
return (sb.toString());
}
}
安装配置UserAuthenticateFilter
web.xml
<filter>
<filter-name>User Authenticate</filter-name>
<filter-class>com.opensource.filter.UserAuthenticateFilter</filter-class>
<init-param>
<param-name>adhocPassword</param-name>
<!-- 可以初始化其他值 -->
<param-value>************</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>User Authenticate</filter-name>
<!-- 访问/opensource/下的任何文件都需要输入密码 -->
<url-pattern>/opensource/*</url-pattern>
</filter-mapping>随机文章:
MySQL主从服务器配置手记 2008-08-19(转)Lucene 索引数据库 2007-01-30Lucene.Net初识( 2007-01-29JavaScript 对象与数组参考大全 2007-01-28在Oracle数据库中时间的存储和读取(读取时、分、秒) 2007-01-28
收藏到:Del.icio.us
