Clear passwords set via java.net.Authenticator
I'd like to add a 'sign out' feature to an application, and doing so requires forgetting all passwords. Replacing the Authenticator seems to have no effect, as getPasswordAuthentication is not called again. It seems that there is a cache of passwords, but I can't find it or a way of clearing it. Here is a test case:
import java.net.*;
import java.io.*;
class Main {
public static void main(String[] args) throws MalformedURLException, IOException {
Authenticator.setDefault(new Authenticator() {
public PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication("stack", "overflow".toCharArray());
}
});
URLConnection connection = new URL("http://devio.us/~ricky/stackoverflow-protected/nothingtosee.html").openConnection();
System.out.println(new BufferedReader(new InputStreamReader(connection.getInputStream(), "UTF-8")).readLine());
Authenticator.setDefault(new Authenticator() {
public PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication("no", "way".toCharArray());
}
开发者_JAVA百科 });
connection = new URL("http://devio.us/~ricky/stackoverflow-protected/nothingtosee.html").openConnection();
System.out.println(new BufferedReader(new InputStreamReader(connection.getInputStream(), "UTF-8")).readLine());
//This second line ideally should not succeed. I.e., the results are <html>\n<html>, but only the first <html> should be seen.
}
}
The site is one I control and in case it disappears for any reason: stack/overflow is valid, no/way is not, using .htaccess. If you know of a more standard reference site feel free to alter my code or suggest a replacement.
You can try set null Authenticator. following is the Java Doc specification:
setDefault public static void setDefault(Authenticator a)Sets the authenticator that will be used by the networking code when a proxy or an HTTP server asks for authentication. First, if there is a security manager, its checkPermission method is called with a NetPermission("setDefaultAuthenticator") permission. This may result in a java.lang.SecurityException.
Parameters: a - The authenticator to be set. If a is null then any previously set authenticator is removed.
精彩评论