小弟有一个关于 response.setStatus(401);当弹出认证框时,点击“取消”按钮,程序回运行到那里呢?以下是源程序。
public static void certificate(HttpSession session, HttpServletRequest request, HttpServletResponse response)
throws ValidateException, ServletException, IOException, Exception
{
// try
// {
String userID = null;
String password = null;
boolean valid = false;
String authHeader = request.getHeader("Authorization");
if (authHeader != null)
{
System.out.println("authHeader=" + authHeader);
java.util.StringTokenizer st = new java.util.StringTokenizer(
authHeader);
if (st.hasMoreTokens())
{
String basic = st.nextToken();
// We only handle HTTP Basic authentication
System.out.println("basic=" + basic);
if (basic.equalsIgnoreCase("Basic"))
{
String credentials = st.nextToken();
System.out.println("credentials=" + credentials);
// This example uses sun.misc.* classes.
// You will need to provide your own
// if you are not comfortable with that.
sun.misc.BASE64Decoder decoder = new sun.misc.BASE64Decoder();
String userPass = new String(decoder
.decodeBuffer(credentials));
// System.out.println("userid=" + userID);
// String encoding = new
// sun.misc.BASE64Encoder().encode
// (userPassword.getBytes());
// The decoded string is in the form
// "userID:password".
int p = userPass.indexOf(":");
if (p != -1)
{
System.out.println("userPass=" + (String) userPass);
userID = (String) userPass.substring(0, p);
password = (String) userPass.substring(p + 1);
// Validate user ID and password
// and set valid true true if valid.
// In this example, we simply check
// that neither field is blank
//判断是否为空
if ((!CTools.isEmptyStrWithTrim(userID) && (!CTools
.isEmptyStrWithTrim(password))))
{
// User a= User.getInstance();
// System.out.println("a="+a);
// int logflag = a.ValidateUser(userID,password,
// request.getRemoteAddr()); //验证用户明密码是否正确
int logflag = User.getInstance().ValidateUser(
userID, password,
request.getRemoteAddr()); //验证用户明密码是否正确
System.out.println("logflag:" + logflag);
if (logflag == 0 || logflag == 1)
{
valid = true;
}
else
{
throw new ValidateException("无效用户名和密码");
}
}
else
{
throw new ValidateException("无效用户名和密码");
}
}
}
}
}
// If the user was not validated, fail with a
// 401 status code (UNAUTHORIZED) and
// pass back a WWW-Authenticate header for
// this servlet.
//
// Note that this is the normal situation the
// first time you access the page. The client
// web browser will prompt for userID and password
// and cache them so that it doesn't have to
// prompt you again.
System.out.println("valid=" + valid);
if (!valid)
{
String s = "Basic realm=\"www.test.com.cn\"";
System.out.println("s:" + s);
response.setHeader("WWW-Authenticate", s);
response.setStatus(401);
throw new AttestationException("验证未通过");
}
else
{
......
}
Print this page
