pkslow.com 南瓜慢说

  • AllArticles
  • Container
  • Spring
  • Life
  • Cloud
  • Collections
  • About
  • GitHub

  • Search
Terraform101 English Terraform Middleware config Go Private Kubernetes pkslow Test HTTPS Redis Docker Mac Plan Stream MongoDB Spring DevOps JVM String Map Set List Performance Email Springboot JavaCollections ArrayList Java

调试Http Basic认证,用base64加密解密

Created on: 2021-01-14 | Category: Others | 0 | View: 1683

1 HTTP Basic认证

HTTP Basic认证是在HTTP 1.0就引入的认证方案,存在安全缺陷;但由于实现简单,仍有项目在用。

它主要通过请求头Authorization来做认证,格式为:

键:Authorization

值:Basic base64(username:password),即Basic 加密串,如Basic dXNlcjp1c2Vy。

Spring Security的配置可以为:

@EnableWebFluxSecurity
public class WebfluxSecurityConfig {
  @Bean
  public MapReactiveUserDetailsService userDetailsService() {
    UserDetails user = User.withDefaultPasswordEncoder()
      .username("user")
      .password("user")
      .roles("USER")
      .build();
    return new MapReactiveUserDetailsService(user);
  }

  @Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
    http.httpBasic()
      .and()
      .authorizeExchange()
      .anyExchange().hasRole("USER")
      .and()
      .formLogin()
      .and()
      .csrf().disable();

    return http.build();
  }
}

2 如何加密解密

命令如下:

# 加密
$ echo -n 'user:user' | openssl base64
dXNlcjp1c2Vy

# 加密
$ echo -n 'user:user' | base64
dXNlcjp1c2Vy

# 加密
openssl base64 -in <infile> -out <outfile>

# 解密
$ echo -n 'dXNlcjp1c2Vy' | base64 -d

当然也可以通过代码加密/解密。

3 访问

3.1 Postman访问

通过Postman可以直接输入用户名和密码访问,其实它也是帮你自动加个请求头而已。所以要请求,自己不需要再添加请求头Authorization了,免得覆盖了。

3.2 命令行访问

通过curl访问如下:

$ curl http://localhost:8088/user/name -H 'Authorization:Basic dXNlcjp1c2Vy'

Code for all: GitHub

欢迎关注微信公众号<南瓜慢说>,将持续为你更新...

file

Recommendations:
Cloud Native
Terraform
Container: Docker/Kubernetes
Spring Boot / Spring Cloud
Https
如何制定切实可行的计划并好好执行

  • Author 作者: LarryDpk 南瓜慢说
  • Link 链接: https://www.pkslow.com/archives/http-basic-authentication
  • 版权声明: 本博客所有文章除特别声明外,不可转载!
# Terraform101 # English # Terraform # Middleware # config # Go # Private # Kubernetes # pkslow # Test # HTTPS # Redis # Docker # Mac # Plan # Stream # MongoDB # Spring # DevOps # JVM # String # Map # Set # List # Performance # Email # Springboot # JavaCollections # ArrayList # Java
Terraform101 English Terraform Middleware config Go Private Kubernetes pkslow Test HTTPS Redis Docker Mac Plan Stream MongoDB Spring DevOps JVM String Map Set List Performance Email Springboot JavaCollections ArrayList Java
把Spring Cloud Data Flow部署在Kubernetes上,再跑个任务试试
在Jenkins pipeline中无法执行npm,报错Cannot run program npm
  • Contents
  • Site Overview
南瓜慢说

南瓜慢说

多年Java开发,主要专注后端技术:Java/Spring/Springboot/微服务/大数据等。

多读书,多分享;多写作,多整理。

241 Posts
9 Categories
30 Tags
RSS
0%
© 2020 — 2022 南瓜慢说 pkslow The WebSite keeping alive:   粤ICP备20036375号