带有Java的SharePoint REST API - 身份验证错误

Posted 2021-05-06

我有以下Java代码向SharePoint REST API发送POST请求以创建列表，并返回以下身份验证错误：

    CloseableHttpClient httpClient = null;
    try {

        String user = xxx;
        String password = xxx;
        String domain = xxx;
        String workstation = "";
        CredentialsProvider credsProvider = new BasicCredentialsProvider();
        credsProvider.setCredentials(new AuthScope(AuthScope.ANY),
                new NTCredentials(user, password, workstation, domain));
        httpClient = HttpClients.custom().setDefaultCredentialsProvider(credsProvider).build();



        String digestQueryURL = "http://my_sharepoint_site/_api/contextinfo";
        HttpPost httpPost = new HttpPost(digestQueryURL);
        httpPost.addHeader("Accept", "application/json;odata=verbose");
        CloseableHttpResponse response = httpClient.execute(httpPost);
        byte[] content = EntityUtils.toByteArray(response.getEntity());

        String jsonString = new String(content, "UTF-8");           
        ObjectMapper mapper = new ObjectMapper();
        JsonNode j = mapper.readTree(jsonString);
        String formDigestValue = j.get("d").get("GetContextWebInformation").get("FormDigestValue").toString();          
        response.close();



        // now try to create the list
        String url = "http://my_sharepoint_site/_api/web/lists";
        HttpPost httpPost2 = new HttpPost(url);
        httpPost2.addHeader("X-RequestDigest", getFormDigest(httpClient));
        httpPost2.addHeader("Accept", "application/json;odata=verbose");
        httpPost2.addHeader("Content-Type", "application/json;odata=verbose");

        String body = "{ '__metadata': { 'type': 'SP.List' }, 'AllowContentTypes': true, 'BaseTemplate': 100, 'ContentTypesEnabled': true, 'Description': 'My list description', 'Title': 'Test' }";
        StringEntity se = new StringEntity(body);
        httpPost2.setEntity(se);

        CloseableHttpResponse response2 = httpClient.execute(httpPost2);

        StringBuilder result = new StringBuilder();
        System.out.println(response2.getStatusLine().toString());
        BufferedReader br = new BufferedReader(new InputStreamReader(response2.getEntity().getContent()));
        String output;
        while ((output = br.readLine()) != null) {
            result.append(output);
        }
        System.out.println(result.toString());

    } catch (Exception e) {
    }

控制台输出

HTTP/1.1 403 FORBIDDEN

{"error":{"code":"-2130575251, System.Runtime.InteropServices.COMException","message":{"lang":"en-US","value":"The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again."}}}

我可以使用非常相似的代码将GET请求发送到REST API以检索所有列表，检索列表项，执行所有这些读取操作。但是，这不适用于POST请求。难道我做错了什么？提供的凭据适用于完全控制整个网站集的帐户，因此我们可以排除权限错误。

答案

好吧，这个问题非常简单。这一行：

    String formDigestValue = j.get("d").get("GetContextWebInformation").get("FormDigestValue").toString();          

返回带有括号的formDigestValue。使用asText（）而不是toString（）帮助。