WEB开发经验点滴
Posted arlaichin
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了WEB开发经验点滴相关的知识,希望对你有一定的参考价值。
HttpAuthenticate:
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
HTTP/1.1 401 Unauthorized
Server: Waveplus HTTPD
Date: Thu, 01 Jan 1970 01:55:52 GMT
WWW-Authenticate: Basic realm="DI-504"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Connection: close
<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>
<BODY></BODY></HTML>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*
Accept-Language: zh-cn
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: 192.168.0.1
Connection: Keep-Alive
Authorization: Basic YWRtaW46NDQzMjMwMA==
JSP:
<jsp:useBean id="base64"scope="page"class="Base64"/>
<%
if(request.getHeader("Authorization")==null){
response.setStatus(401);
response.setHeader("WWW-authenticate","Basic realm=/"unixboy.com/"");
}else{
String encoded=(request.getHeader("Authorization"));
String tmp=encoded.substring(6);
String up=Base64.decode(tmp);
String user="";
String passWord="";
if(up!=null){
user=up.substring(0,up.indexOf(":"));
password=up.substring(up.indexOf(":")+1);
}
if(user.equals("unixboy")&&password.equals("123456")){
//认证成功
}else{
//认证失败
}
}
%>
参考RFC2617
启用双向 SSL 时 Web 应用程序的配置
<login-config>
<!-- Authorization setting for SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<!-- Authorization setting for SSL -->
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
文件打开和下载:
Response.AddHeader("Content-Disposition", "inline; filename="test.xls");
Response.AddHeader("Content-Disposition", "attachment; filename="test.xls");
https文件下载:
response.setHeader("Expires","0");
response.setHeader("Pragma","public");
response.setHeader("Cache-Control","must-revalidate, post-check=0, pre-check=0");
response.setHeader("Cache-Control","public");
Response.AddHeader("Content-Disposition", "attachment; filename="test.xls");
链接:
http头的referer信息,被有的网站用来防盗链,使得有的应用登录无法通过,如http://reg.163.com/login.jsp
解决的办法有:
1 用https页面,当https页面链向http页面时,不会有referer
2 location.href= "<%=urlGet%>"; 方式
以上是关于WEB开发经验点滴的主要内容,如果未能解决你的问题,请参考以下文章
编程经验点滴----使用接口表保存可能并发的业务,然后顺序处理