一、Http  Base Auth 方式

当访问一个Http Basic Auth 网站的时候需要提供用户名，密码，否则会返回401 (ithout uthoration)。

Http Basic Authentication认证 有2种方式：

1、请求头部Authorization 中添加 用户名/密码 的base64 编码字符串。

2、url中拼用户名和密码。

 

市面上大部分浏览器支持url拼用户名，密码的方式访问，

代码不支持这种url 拼用户名，密码。

 

二、Http Basic Auth 原理

在HTTP协议进行通信的过程中，HTTP协议定义了基本认证过程以允许HTTP服务器对WEB浏览器进行用户身份认证的方法，当一个客户端向HTTP服务 器进行数据请求时，

如果客户端未被认证，则HTTP服务器将通过基本认证过程对客户端的用户名及密码进行验证，以决定用户是否合法。

客户端在接收到HTTP服务器的身份认证要求后，会提示用户输入用户名及密码， 用户输入后，

客户端将用户名和密码中间用“：”分隔合并，并将合并后的字符串用BASE64编码，在每次请求数据 时，将密文附加于请求头（Request Header）Authorization: Basic XXXXXXX中。

HTTP服务器在每次收到请求包后，根据协议取得客户端附加的用户信息（BASE64编码的用户名和密码），解开请求包，对用户名及密码进行验证，

如果用 户名及密码正确，则根据客户端请求，返回客户端所需要的数据;否则，返回错误代码或重新要求客户端提供用户名及密码。

 

 

 

三、Basic Auth  的优缺点

优点：提供简单的用户验证功能，其认证过程简单明了，适合于对安全性要求不高的系统或设备中。

缺点：输入的用户名，密码 base64编码后会出现在Authorization里，很容易被解析出来。

/* * ==================================================================== * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements.  See the NOTICE file * distributed with this work for additional information * regarding copyright ownership.  The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License.  You may obtain a copy of the License at * *   http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied.  See the License for the * specific language governing permissions and limitations * under the License. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation.  For more * information on the Apache Software Foundation, please see * 
    . * */package org.apache.http.examples.client;import org.apache.http.HttpHost;import org.apache.http.auth.AuthScope;import org.apache.http.auth.UsernamePasswordCredentials;import org.apache.http.client.AuthCache;import org.apache.http.client.CredentialsProvider;import org.apache.http.client.methods.CloseableHttpResponse;import org.apache.http.client.methods.HttpGet;import org.apache.http.client.protocol.HttpClientContext;import org.apache.http.impl.auth.BasicScheme;import org.apache.http.impl.client.BasicAuthCache;import org.apache.http.impl.client.BasicCredentialsProvider;import org.apache.http.impl.client.CloseableHttpClient;import org.apache.http.impl.client.HttpClients;import org.apache.http.util.EntityUtils;/** * An example of HttpClient can be customized to authenticate * preemptively using BASIC scheme. *  * Generally, preemptive authentication can be considered less * secure than a response to an authentication challenge * and therefore discouraged. */public class ClientPreemptiveBasicAuthentication {    public static void main(String[] args) throws Exception {        HttpHost target = new HttpHost("httpbin.org", 80, "http");        CredentialsProvider credsProvider = new BasicCredentialsProvider();        credsProvider.setCredentials(                new AuthScope(target.getHostName(), target.getPort()),                new UsernamePasswordCredentials("user", "passwd"));        CloseableHttpClient httpclient = HttpClients.custom()                .setDefaultCredentialsProvider(credsProvider).build();        try {            // Create AuthCache instance            AuthCache authCache = new BasicAuthCache();            // Generate BASIC scheme object and add it to the local            // auth cache            BasicScheme basicAuth = new BasicScheme();            authCache.put(target, basicAuth);            // Add AuthCache to the execution context            HttpClientContext localContext = HttpClientContext.create();            localContext.setAuthCache(authCache);            HttpGet httpget = new HttpGet("http://httpbin.org/hidden-basic-auth/user/passwd");            System.out.println("Executing request " + httpget.getRequestLine() + " to target " + target);            for (int i = 0; i < 3; i++) {                CloseableHttpResponse response = httpclient.execute(target, httpget, localContext);                try {                    System.out.println("----------------------------------------");                    System.out.println(response.getStatusLine());                    System.out.println(EntityUtils.toString(response.getEntity()));                } finally {                    response.close();                }            }        } finally {            httpclient.close();        }    }}