Java Tutorial/Servlet/Authentication

Материал из Java эксперт
Версия от 17:44, 31 мая 2010; (обсуждение)
(разн.) ← Предыдущая | Текущая версия (разн.) | Следующая → (разн.)
Перейти к: навигация, поиск

A password protected servlet

import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.SHA1Digest;
public class PasswordServlet extends HttpServlet {
  public void doGet(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    System.out.println("user = " + request.getParameter("user"));
    System.out.println("timestamp = " + request.getParameter("timestamp"));
    System.out.println("random = " + request.getParameter("random"));
    System.out.println("digest = " + request.getParameter("digest"));
    String user = request.getParameter("user");
    String password = lookupPassword(user);
    String timestamp = request.getParameter("timestamp");
    String randomNumber = request.getParameter("random");
    byte[] userBytes = user.getBytes();
    byte[] timestampBytes = HexCodec.hexToBytes(timestamp);
    byte[] randomBytes = HexCodec.hexToBytes(randomNumber);
    byte[] passwordBytes = password.getBytes();
    Digest digest = new SHA1Digest();
    digest.update(userBytes, 0, userBytes.length);
    digest.update(timestampBytes, 0, timestampBytes.length);
    digest.update(randomBytes, 0, randomBytes.length);
    digest.update(passwordBytes, 0, passwordBytes.length);
    byte[] digestValue = new byte[digest.getDigestSize()];
    digest.doFinal(digestValue, 0);
    String message = "";
    String clientDigest = request.getParameter("digest");
    if (isEqual(digestValue, HexCodec.hexToBytes(clientDigest)))
      message = "User " + user + " logged in.";
    else
      message = "Login was unsuccessful.";
    response.setContentType("text/plain");
    response.setContentLength(message.length());
    PrintWriter out = response.getWriter();
    out.println(message);
  }
  private String lookupPassword(String user) {
    return "happy8";
  }
  private boolean isEqual(byte[] one, byte[] two) {
    if (one.length != two.length)
      return false;
    for (int i = 0; i < one.length; i++)
      if (one[i] != two[i])
        return false;
    return true;
  }
}
class HexCodec {
  private static final char[] kDigits = { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a",
      "b", "c", "d", "e", "f" };
  public static char[] bytesToHex(byte[] raw) {
    int length = raw.length;
    char[] hex = new char[length * 2];
    for (int i = 0; i < length; i++) {
      int value = (raw[i] + 256) % 256;
      int highIndex = value >> 4;
      int lowIndex = value & 0x0f;
      hex[i * 2 + 0] = kDigits[highIndex];
      hex[i * 2 + 1] = kDigits[lowIndex];
    }
    return hex;
  }
  public static byte[] hexToBytes(char[] hex) {
    int length = hex.length / 2;
    byte[] raw = new byte[length];
    for (int i = 0; i < length; i++) {
      int high = Character.digit(hex[i * 2], 16);
      int low = Character.digit(hex[i * 2 + 1], 16);
      int value = (high << 4) | low;
      if (value > 127)
        value -= 256;
      raw[i] = (byte) value;
    }
    return raw;
  }
  public static byte[] hexToBytes(String hex) {
    return hexToBytes(hex.toCharArray());
  }
}





Get Auth Type from Servlet Request

import java.util.*;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.security.*;
public class MyServlet extends HttpServlet {
   
    public void init(ServletConfig cfg) throws ServletException 
    {
        super.init(cfg);
    } 
    public void doGet(HttpServletRequest request, HttpServletResponse response) 
        throws IOException, ServletException 
    {
        response.setContentType("text/html");
        PrintWriter out = response.getWriter();
        out.println("<HTML>");
        out.println("<HEAD>");
        out.println("<TITLE>");
        out.println("User Authentication");
        out.println("</TITLE>");
        out.println("</HEAD>");
        out.println("<BODY>");
        out.println("<H1>User Authentication</H1>");
        String type = request.getAuthType();
        out.println("Welcome to this secure page.<BR>");
        out.println("Authentication mechanism: " + type + "<BR>");
        Principal principal = request.getUserPrincipal();
        out.println("Your username is: " + principal.getName() + "<BR>");
        out.println("</BODY>");
        out.println("</HTML>");
    } 
}





Servlet Login

import java.io.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class MyServlet extends HttpServlet {
  public void doPost(HttpServletRequest req, HttpServletResponse res)
                                throws ServletException, IOException {
    res.setContentType("text/html");
    PrintWriter out = res.getWriter();
    String account = req.getParameter("account");
    String password = req.getParameter("password");
    String pin = req.getParameter("pin");
    if (!allowUser(account, password, pin)) {
      out.println("<HTML><HEAD><TITLE>Access Denied</TITLE></HEAD>");
      out.println("<BODY>Your login and password are invalid.<BR>");
      out.println("You may want to 



==  Servlet with bouncy castle security package ==






   
  <!-- start source code -->
   
    <source lang="java">
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.bouncycastle.crypto.StreamCipher;
import org.bouncycastle.crypto.engines.RC4Engine;
import org.bouncycastle.crypto.params.KeyParameter;
public class StealthServlet extends HttpServlet {
  public void doGet(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    String user = request.getParameter("user");
    HttpSession session = request.getSession();
    StreamCipher inCipher = (StreamCipher) session.getAttribute("inCipher");
    StreamCipher outCipher = (StreamCipher) session.getAttribute("outCipher");
    if (inCipher == null && outCipher == null) {
      byte[] inKey = getInKey(user);
      byte[] outKey = getOutKey(user);
      inCipher = new RC4Engine();
      outCipher = new RC4Engine();
      inCipher.init(true, new KeyParameter(inKey));
      outCipher.init(false, new KeyParameter(outKey));
      session.setAttribute("inCipher", inCipher);
      session.setAttribute("outCipher", outCipher);
    }
    String clientHex = request.getParameter("message");
    byte[] clientCiphertext = HexCodec.hexToBytes(clientHex);
    byte[] clientDecrypted = new byte[clientCiphertext.length];
    inCipher.processBytes(clientCiphertext, 0, clientCiphertext.length, clientDecrypted, 0);
    System.out.println("message = " + new String(clientDecrypted));
    String message = "Hello, this is StealthServlet.";
    byte[] plaintext = message.getBytes();
    byte[] ciphertext = new byte[plaintext.length];
    outCipher.processBytes(plaintext, 0, plaintext.length, ciphertext, 0);
    char[] hexCiphertext = HexCodec.bytesToHex(ciphertext);
    response.setContentType("text/plain");
    response.setContentLength(hexCiphertext.length);
    PrintWriter out = response.getWriter();
    out.println(hexCiphertext);
  }
  private byte[] getInKey(String user) {
    return "Outgoing MIDlet key".getBytes();
  }
  private byte[] getOutKey(String user) {
    return "Incoming MIDlet key".getBytes();
  }
}
class HexCodec {
  private static final char[] kDigits = { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a",
      "b", "c", "d", "e", "f" };
  public static char[] bytesToHex(byte[] raw) {
    int length = raw.length;
    char[] hex = new char[length * 2];
    for (int i = 0; i < length; i++) {
      int value = (raw[i] + 256) % 256;
      int highIndex = value >> 4;
      int lowIndex = value & 0x0f;
      hex[i * 2 + 0] = kDigits[highIndex];
      hex[i * 2 + 1] = kDigits[lowIndex];
    }
    return hex;
  }
  public static byte[] hexToBytes(char[] hex) {
    int length = hex.length / 2;
    byte[] raw = new byte[length];
    for (int i = 0; i < length; i++) {
      int high = Character.digit(hex[i * 2], 16);
      int low = Character.digit(hex[i * 2 + 1], 16);
      int value = (high << 4) | low;
      if (value > 127)
        value -= 256;
      raw[i] = (byte) value;
    }
    return raw;
  }
  public static byte[] hexToBytes(String hex) {
    return hexToBytes(hex.toCharArray());
  }
}





Simple Servlet Example using the getRemoteUser() method.

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class MainClass extends HttpServlet {
  public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException,
      java.io.IOException {
    res.setContentType("text/html");
    java.io.PrintWriter out = res.getWriter();
    out.println("<HTML>");
    out.println("<HEAD><TITLE>User Example</TITLE></HEAD>");
    out.println("<BODY>");
    String username = req.getRemoteUser();
    if (username == null) {
      out.println("Hello. You are not logged in.");
    } else if ("Bob".equals(username)) {
      out.println("Hello, Bob. Nice to see you again.");
    } else {
      out.println("Hello, " + username + ".");
    }
    out.println("</BODY>");
    out.println("</HTML>");
    out.close();
  }
}