开发者

Clear passwords set via java.net.Authenticator

问答 作者:

I'd like to add a 'sign out' feature to an application, and doing so requires forgetting all passwords. Replacing the Authenticator seems to have no effect, as getPasswordAuthentication is not called again. It seems that there is a cache of passwords, but I can't find it or a way of clearing it. Here is a test case:

import java.net.*;
import java.io.*;

class Main {
    public static void main(String[] args) throws MalformedURLException, IOException {
        Authenticator.setDefault(new Authenticator() {
            public PasswordAuthentication getPasswordAuthentication() {
                return new PasswordAuthentication("stack", "overflow".toCharArray());
            }
        });

        URLConnection connection = new URL("http://devio.us/~ricky/stackoverflow-protected/nothingtosee.html").openConnection();
        System.out.println(new BufferedReader(new InputStreamReader(connection.getInputStream(), "UTF-8")).readLine());

        Authenticator.setDefault(new Authenticator() {
            public PasswordAuthentication getPasswordAuthentication() {
                return new PasswordAuthentication("no", "way".toCharArray());
            }
       开发者_JAVA百科 });

        connection = new URL("http://devio.us/~ricky/stackoverflow-protected/nothingtosee.html").openConnection();
        System.out.println(new BufferedReader(new InputStreamReader(connection.getInputStream(), "UTF-8")).readLine());

        //This second line ideally should not succeed.  I.e., the results are <html>\n<html>, but only the first <html> should be seen.
    }
}

The site is one I control and in case it disappears for any reason: stack/overflow is valid, no/way is not, using .htaccess. If you know of a more standard reference site feel free to alter my code or suggest a replacement.

You can try set null Authenticator. following is the Java Doc specification:

setDefault public static void setDefault(Authenticator a)Sets the authenticator that will be used by the networking code when a proxy or an HTTP server asks for authentication. First, if there is a security manager, its checkPermission method is called with a NetPermission("setDefaultAuthenticator") permission. This may result in a java.lang.SecurityException.

Parameters: a - The authenticator to be set. If a is null then any previously set authenticator is removed.

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9