认证学习2 - Base认证讲解、代码实现、演示

 
认证大全（想学习其他认证，请到此链接查看）

 

参考文章（先看这个）： https://blog.csdn.net/qq_35642036/article/details/82788588
 
官方文章（强烈看这个-写的非常全）： https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Authentication#%E5%9F%BA%E6%9C%AC%E9%AA%8C%E8%AF%81%E6%96%B9%E6%A1%88
 
Base64编码： 只是一种字符编码转换而已，并非密文，依然可以解码解出明文内容是什么
 
特点： 简单，无需复杂的认证操作，仅仅只是在请求中添加用户账号、密码信息。前提是客户机、服务器是非常安全，没有人进行拦截截取用户认证信息
 
典型案例： Nexus的jar包上传接口，可查看此文章的脚本代码 【https://blog.csdn.net/weixin_39651356/article/details/126007459】

 

//每次请求时请求头都携带认证信息：即用户账号、密码
//格式：Authorization: 认证方式  用户:密码的base64编码
Authorization: Basic【用户账号:用户密码】的Base64编码


//如果认证失败：响应头中则会有一个类似这个信息
//WWW-Authenticate: 认证方式 realm="需要的认证资源角色描述或者仅仅只是资源描述"
WWW-Authenticate: Basic realm="Sonatype Nexus Repository Manager"
1
2
3
4
5
6
7
8

讲解（Base认证）

 

请求添加认证方式

 

方式1-API工具自动帮你添加认证请求头，你只要事先填好账户密码即可

 

方式2-自己添加请求头信息

public class OtherTest {
    @Test
    public void test2() {

        String formatInfo = StrUtil.format("{}:{}", "admin", "admin123");
        Console.log(formatInfo);

        String encodeContent = Base64.encode(formatInfo);
        Console.log(encodeContent);
		
        String requestHeaderInfo = StrUtil.format("Authorization: Basic {}", encodeContent);
        Console.log(requestHeaderInfo);

    }

}    
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

 

方式3-curl

# 格式1，下面两句效果是一样的，只要添加 -u 默认就是basic认证
curl --basic -u '账号:密码'  url地址
curl  -u '账号:密码'  url地址

# 格式2：注意 -n必须加因为不加-n，echo就会在字符串末尾加上换行符多了个字符
curl -H  ''Authorization:$(echo -n '账号:密码' | base64)"  url地址
1
2
3
4
5
6

认证结果

认证成功-响应请求头

认证失败-响应请求头

实现（Base认证）

代码（Base认证）

application.yml

server:
  port: 8080



# mybatisplus\u8BBE\u7F6E
mybatis-plus:
  configuration:
    log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
    map-underscore-to-camel-case: true
    cache-enabled: true
  mapper-locations: classpath:mapper/*Mapper.xml
  global-config:
    db-config:
      id-type: assign_uuid
      logic-delete-value: 1
      logic-not-delete-value: 0
      logic-delete-field: is_del
      where-strategy: not_empty  #\u4E0Dwhere\u975Eempty\u7684\u5B57\u6BB5\u3010\u7A7A\u5B57\u7B26\u3001null\u503C\u3011
      update-strategy: not_empty
      insertStrategy: not_empty
spring:
  datasource:
    driver-class-name: com.p6spy.engine.spy.P6SpyDriver
    username: root
    password: root
    url: jdbc:p6spy:mysql://localhost:3306/lrc_blog?useSSL=false&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai



  freemarker:
    suffix: .html

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

 
BasicAuthInterceptor.java

package work.linruchang.qq.mybaitsplusjoin.config.interceptor;

import cn.hutool.core.codec.Base64;
import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.lang.Dict;
import cn.hutool.core.util.StrUtil;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.List;

/**
 * 作用：Basic认证
 *
 * @author LinRuChang
 * @version 1.0
 * @date 2022/08/04
 * @since 1.8
 **/
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class BasicAuthInterceptor implements HandlerInterceptor {

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        boolean authStatusFlag = false;
        String authorization = request.getHeader("Authorization");
        String authType = null;
        String authInfoCredentials = null;
        String userName = null;
        List<String> authorizationInfos = StrUtil.splitTrim(authorization, StrUtil.SPACE);
        if(CollUtil.size(authorizationInfos) == 2) {
            authType = authorizationInfos.get(0);
            authInfoCredentials = authorizationInfos.get(1);
            if (StrUtil.isNotBlank(authInfoCredentials)) {
                if (StrUtil.equalsAnyIgnoreCase(authType, "BASIC")) {
                    String authInfo = Base64.decodeStr(authInfoCredentials);
                    userName = StrUtil.splitTrim(authInfo, StrUtil.COLON).get(0);
                    String password = StrUtil.splitTrim(authInfo, StrUtil.COLON).get(1);

                    //这里自行获取数据库中的用户、密码信息进行校验是否正确
                    Dict dbUserInfo = getUserInfo(userName);
                    if(dbUserInfo != null && StrUtil.equals(password,dbUserInfo.getStr("password"))) {
                        authStatusFlag = true;
                    }
                }
            }
        }



        //认证失败
        if (!authStatusFlag) {
            response.setHeader("WWW-Authenticate",StrUtil.format("{} realm=\"rights of administrators\"", StrUtil.blankToDefault(authType,"BASIC")));
            response.setStatus(401);
            return false;
        }
        //添加cookie信息给用户 == 当前用户名
        if(!StrUtil.containsIgnoreCase(request.getRequestURI(),"logout")) {
            Cookie userNameCookie = new Cookie("userName", userName);
            userNameCookie.setPath("/");
            response.addCookie(userNameCookie);

            Cookie userNameDescCookie = new Cookie("userNameDesc", "管理员");
            userNameDescCookie.setPath("/");
            response.addCookie(userNameDescCookie);
        }
        return authStatusFlag;
    }


    public Dict getUserInfo(String userName) {
        if(StrUtil.equals(userName,"admin")) {
            return Dict.create()
                    .set("userName","admin")
                    .set("password", "admin123");

        }
        return null;
    }
}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

 
MyConfig.java

@Configuration
public class MyConfig implements WebMvcConfigurer {

    @Autowired
    BasicAuthInterceptor basicAuthInterceptor;

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(basicAuthInterceptor)
                .addPathPatterns("/**")
                .excludePathPatterns("/js/**");
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13

 
ArticleCategoryController.java

@RestController
@RequestMapping("article-category")
public class ArticleCategoryController {

    @Autowired
    ArticleCategoryService articleCategoryService;


    /**
     * 根据ID进行查询
     * @param id
     * @return
     */
    @GetMapping("/one/{id}")
    public CommonHttpResult<ArticleCategory> findById(@PathVariable("id") String id) {
        return CommonHttpResult.success(articleCategoryService.getById(id));
    }
    
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

 
UserController0.java

@Controller
@RequestMapping("user0")
public class UserController0 {

    /**
     * 用户页面
     *
     * @return
     */
    @GetMapping
    public String userPage() {
        return "user";
    }

    /**
     * 退出登录
     * 命令浏览器清除当前站点的所有缓存以及cookie信息
     * @param httpServletResponse
     */
    @GetMapping("logout")
    @SneakyThrows
    public void logout(HttpServletResponse httpServletResponse) {
        httpServletResponse.setStatus(401);
        httpServletResponse.setHeader("Clear-Site-Data", "\"cache\", \"cookies\"");
    }
}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

 
user.html

DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Titletitle>
    <script src="/js/jquery.min.js">script>
head>
<body>

<button id="logout">退出登录button>

<p>
    用户名：<span id="userName">span>
p>

<p>
    用户描述：<span id="userNameDesc">span>
p>


body>

<script>
    $(function () {
        $("#userName").text(getCookie("userName"))
        $("#userNameDesc").text(getCookie("userNameDesc"))

        //退出登录
        $("#logout").click(function () {
            jQuery.get({
                url: "/user0/logout",
                error: function() {
                    window.location.reload();
                }
            });
        })



        function getCookie(cookie_name) {
            var allcookies = document.cookie;
            //索引长度，开始索引的位置
            var cookie_pos = allcookies.indexOf(cookie_name);


            // 如果找到了索引，就代表cookie存在,否则不存在
            if (cookie_pos != -1) {
                // 把cookie_pos放在值的开始，只要给值加1即可
                //计算取cookie值得开始索引，加的1为“=”
                cookie_pos = cookie_pos + cookie_name.length + 1;
                //计算取cookie值得结束索引
                var cookie_end = allcookies.indexOf(";", cookie_pos);


                if (cookie_end == -1) {
                    cookie_end = allcookies.length;


                }
                //得到想要的cookie的值
                var value = unescape(allcookies.substring(cookie_pos, cookie_end));
            }
            return value;
        }
    })
script>

html>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

演示（Base认证）

普通API接口

 
服务器质询浏览器需要权限才能访问此链接

 
客户端填写错误的用户名、密码

 
客户端填写正确的用户名、密码 == 链接数据访问成功

用户信息展示以退出登录