The password you are referring to is most probably different from the one provided by users while login. While the use case is not clear from the question, but it appears you are trying to use the username/password provided by external users to create a connection to JMS Connection Factory. This does not sound architecturally secure to me. You should use only one credential for connecting to ConnectionFactory which needs to be protected( treat it like db connections). Better is to use JNDI to lookup ConnectionFactory and bypass the username/password management stuff.
However, in case you have to use the technique, can use following code block.I am copying it from Gitblit project as it was open in my eclipse
Using Java8 Base64 class:
final String authorization = httpRequest.getHeader("Authorization");
if (authorization != null && authorization.toLowerCase().startsWith("basic")) {
// Authorization: Basic base64credentials
String base64Credentials = authorization.substring("Basic".length()).trim();
byte[] credDecoded = Base64.getDecoder().decode(base64Credentials);
String credentials = new String(credDecoded, StandardCharsets.UTF_8);
// credentials = username:password
final String[] values = credentials.split(":", 2);
}
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…