HttpClient中的授权承载令牌?
Posted
技术标签:
【中文标题】HttpClient中的授权承载令牌?【英文标题】:Authorization Bearer token in HttpClient? 【发布时间】:2016-10-31 08:33:44 【问题描述】:我正在尝试使用 Java 中的 oauth2 授权令牌访问 API 这是客户端代码
DefaultHttpClient httpclient = new DefaultHttpClient();
HttpPost post = new HttpPost(http://res-api");
post.setHeader("Content-Type","application/json");
post.setHeader("Authorization", "Bearer " + finalToken);
JSONObject json = new JSONObject();
// json.put ...
// Send it as request body in the post request
StringEntity params = new StringEntity(json.toString());
post.setEntity(params);
HttpResponse response = httpclient.execute(post);
httpclient.getConnectionManager().shutdown();
这会返回 401。
等效的 curl 命令使用相同的令牌没有问题:
curl -H "Content-Type:application/json" -H "Authorization:Bearer randomToken" -X POST -d @example.json http://rest-api
我尝试注销请求,看起来授权设置正确
DEBUG [2016-06-28 20:51:13,655] org.apache.http.headers: >> Authorization: Bearer authRandomToKen; Path=/; Domain=oauth2-server; Expires=Wed, 29 Jun 2016 20:51:13 UTC
我通过复制粘贴相同的标记尝试了 curl 命令,并且效果很好
虽然我也看到了这一行
DEBUG [2016-06-28 20:51:13,658] org.apache.http.impl.client.DefaultHttpClient: Response contains no authentication challenges
【问题讨论】:
尝试使用类似wireshark的东西来验证网络调用,CURL和Java看起来应该是一样的。很可能未发送授权标头。尝试使用 CURL 中的代码对其进行硬编码。 感谢您的指点,我用建议编辑了这个问题。没有运气 你能得到响应头吗?请求标头似乎还没有被识别。 响应头是否也应该包含身份验证令牌?我刚刚尝试记录它并没有 看起来没有设置标题 【参考方案1】:I have implemented above given code for receiving Pipedream SSE real time events.Below The Below Code is working fine in Eclipse WITHOUT a 401 ERROR.
package //////YOUR PACKAGE NAME HERE/////
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
public class HttpURLConnectionExample
public static void main(String[] args) throws Exception
// Sending get request
URL url = new URL("https://your Server website");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setRequestProperty("Accept", "application/json");
conn.setRequestProperty("Authorization","Bearer PLACE.HERE");
//e.g. bearer token= eyJhbGciOiXXXzUxMiJ9.eyJzdWIiOiPyc2hhcm1hQHBsdW1zbGljZS5jb206OjE6OjkwIiwiZXhwIjoxNTM3MzQyNTIxLCJpYXQiOjE1MzY3Mzc3MjF9.O33zP2l_0eDNfcqSQz29jUGJC-_THYsXllrmkFnk85dNRbAw66dyEKBP5dVcFUuNTA8zhA83kk3Y41_qZYx43T
//conn.setRequestProperty("Content-Type","application/json");
conn.setRequestMethod("GET");
BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream()));
String output;
StringBuffer response = new StringBuffer();
while ((output = in.readLine()) != null)
System.out.println("Response:-" + output.toString());
////you will get output in "output.toString()" ,Use it however you like
in.close();
【讨论】:
【参考方案2】:我遇到过类似的情况,我可以通过以下方式做到这一点,希望这对其他人有帮助。
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
public class HttpURLConnectionExample
public static void main(String[] args) throws Exception
// Sending get request
URL url = new URL("http://example-url");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setRequestProperty("Authorization","Bearer "+" Actual bearer token issued by provider.");
//e.g. bearer token= eyJhbGciOiXXXzUxMiJ9.eyJzdWIiOiPyc2hhcm1hQHBsdW1zbGljZS5jb206OjE6OjkwIiwiZXhwIjoxNTM3MzQyNTIxLCJpYXQiOjE1MzY3Mzc3MjF9.O33zP2l_0eDNfcqSQz29jUGJC-_THYsXllrmkFnk85dNRbAw66dyEKBP5dVcFUuNTA8zhA83kk3Y41_qZYx43T
conn.setRequestProperty("Content-Type","application/json");
conn.setRequestMethod("GET");
BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream()));
String output;
StringBuffer response = new StringBuffer();
while ((output = in.readLine()) != null)
response.append(output);
in.close();
// printing result from response
System.out.println("Response:-" + response.toString());
【讨论】:
上面的代码工作正常。但 Eclipse 想让我尝试/捕捉它。【参考方案3】:我曾尝试使用 HttpClient 做类似的事情,但我通过进行如下的小改动使其正常工作。
post.setHeader(HttpHeaders.CONTENT_TYPE,"application/json");
post.setHeader(HttpHeaders.AUTHORIZATION, "Bearer " + finalToken);
【讨论】:
以上是关于HttpClient中的授权承载令牌?的主要内容,如果未能解决你的问题,请参考以下文章
如何在流动客户端主题时在C#HttpClient中设置OIDC / OAuth承载令牌