# HTTP 基础授权 { #http-basic-auth }

最简单的用例是使用 HTTP 基础授权（HTTP Basic Auth）。

在 HTTP 基础授权中，应用需要请求头包含用户名与密码。

如果没有接收到 HTTP 基础授权，就返回 HTTP 401 `"Unauthorized"` 错误。

并返回响应头 `WWW-Authenticate`，其值为 `Basic`，以及可选的 `realm` 参数。

HTTP 基础授权让浏览器显示内置的用户名与密码提示。

输入用户名与密码后，浏览器会把它们自动发送至请求头。

## 简单的 HTTP 基础授权 { #simple-http-basic-auth }

* 导入 `HTTPBasic` 与 `HTTPBasicCredentials`
* 使用 `HTTPBasic` 创建**安全方案**
* 在*路径操作*的依赖项中使用 `security`

            "WWW-Authenticate",
            "Basic realm=\"protected area\", charset=\"UTF-8\"",
          ),
        body = "Please authenticate with UTF-8.",
      ),
    )
    server.enqueue(
      MockResponse(
        code = 401,
        headers =
          headersOf(
            "WWW-Authenticate",
            "Basic realm=\"protected area\"",
          ),

  @Test @Disabled
  fun challenge() {
    val challenge = Challenge("", mapOf("" to ""))
    val scheme: String = challenge.scheme()
    val authParams: Map<String?, String> = challenge.authParams()
    val realm: String? = challenge.realm()
    val charset: Charset = challenge.charset()
  }

  @Test @Disabled
  fun cipherSuite() {
    val cipherSuite: CipherSuite = CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

# HTTP 基本認證 { #http-basic-auth }

在最簡單的情況下，你可以使用 HTTP Basic 認證。

在 HTTP Basic 認證中，應用程式會期待一個包含使用者名稱與密碼的標頭。

如果沒有接收到，會回傳 HTTP 401「Unauthorized」錯誤。

並回傳一個 `WWW-Authenticate` 標頭，其值為 `Basic`，以及可選的 `realm` 參數。

這會告訴瀏覽器顯示內建的使用者名稱與密碼提示視窗。

接著，當你輸入該使用者名稱與密碼時，瀏覽器會自動在標頭中送出它們。

## 簡單的 HTTP 基本認證 { #simple-http-basic-auth }

- 匯入 `HTTPBasic` 與 `HTTPBasicCredentials`。
- 使用 `HTTPBasic` 建立一個「`security` scheme」。
- 在你的*路徑操作*中以依賴的方式使用該 `security`。

        }

        final WebAuthenticationConfig config = new WebAuthenticationConfig();

        // host/port/realm: only set if not blank (null means "any" - AuthScope.ANY equivalent)
        if (StringUtil.isNotBlank(getHostname())) {
            config.setHost(getHostname());
        }
        if (getPort() != null) {

 * get proper ticket caching.
 *
 * Be advised that short/NetBIOS name usage is not supported with this authenticator. Always specify full FQDNs/Realm.
 * This can be a problem if using DFS in it's default configuration as that still returns referrals in short form.
 * See <a href="https://support.microsoft.com/en-us/kb/244380">KB-244380</a> for compatible server configuration.

 * **Cache**: directory
 * **CacheControl**: immutable, maxAgeSeconds, maxStaleSeconds, minFreshSeconds, mustRevalidate,
   noCache, noStore, noTransform, onlyIfCached, sMaxAgeSeconds
 * **Challenge**: authParams, charset, realm, scheme
 * **CipherSuite**: javaName
 * **ConnectionSpec**: cipherSuites, supportsTlsExtensions, tlsVersions
 * **Cookie**: domain, expiresAt, hostOnly, httpOnly, name, path, persistent, value
 * **Dispatcher**: executorService

        // Arrange
        mockResponse(HTTP_UNAUTHORIZED, "Unauthorized",
                Collections.singletonMap("WWW-Authenticate", Collections.singletonList("Basic realm=\"Test\"")),
                new ByteArrayInputStream(new byte[0]));

        // Act
        int responseCode = ntlmConnection.getResponseCode();

        // Assert

labels.authRealm=Realm
labels.available=Status
labels.createdBy=Created By
labels.createdTime=Created Time
labels.depth=Depth
labels.excludedPaths=Excluded Paths for Crawling
labels.excludedUrls=Excluded URLs for Crawling
labels.excludedDocPaths=Excluded Paths for Searching
labels.excludedDocUrls=Excluded URLs for Searching
labels.hostname=Hostname
labels.id=ID
labels.includedPaths=Included Paths for Crawling

   * auth param in the challenge at key null. Invalid headers and challenges are ignored.
   * No semantic validation is done, for example that `Basic` auth must have a `realm`
   * auth param, this is up to the caller that interprets these challenges.
   */
  fun challenges(): List<Challenge> {
    return headers.parseChallenges(
      when (code) {