摘要认证
目前对于对外的接口安全,采用的认证方式接触到最多的就是Basic认证和摘要认证;由于Basic认证安全性比较低,目前在项目中用的多的还是摘要认证;对于调用摘要认证接口,下面给出一个简单的测试demo。
其实对于给第三方提供接口,最理想最可控的方式还是走Oauth2.0。
demo 代码:
package com.github.heqiao2010;
import java.net.URI;
import java.util.Collections;
import org.apache.commons.httpclient.auth.AuthPolicy;
import org.apache.http.HttpResponse;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.impl.auth.DigestSchemeFactory;
import org.apache.http.impl.client.DefaultHttpClient;
/**
* http digest工具类
* @author heqiao
*
*/
public class HttpDigestUtils {
/**
* http client
*/
private static DefaultHttpClient httpClient = new DefaultHttpClient();
/**
* 发送摘要认证请求
*/
@SuppressWarnings("deprecation")
public static HttpResponse send(String username, String password, HttpUriRequest request){
HttpResponse response = null;
try {
URI serverURI = request.getURI();
Credentials creds = new UsernamePasswordCredentials(username, password);
httpClient.getCredentialsProvider().setCredentials(new AuthScope(serverURI.getHost(), serverURI.getPort()),
(Credentials) creds);
httpClient.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY,
Collections.singleton(AuthPolicy.DIGEST));
httpClient.getAuthSchemes().register(AuthPolicy.DIGEST, new DigestSchemeFactory());
response = httpClient.execute(request);
} catch (Exception e) {
e.printStackTrace();
}
return response;
}
}