Apache http 客户端示例无法进行摘要式身份验证

Posted 2023-02-24

【中文标题】Apache http 客户端示例无法进行摘要式身份验证

【英文标题】：Apache http client sample failing for Digest authentication

【发布时间】：2016-12-27 00:24:12

【问题描述】：

我正在运行示例 Apache hc（http 客户端）进行摘要式身份验证。我没有改变任何东西，只是使用提供的示例：

public static void main(String[] args) throws Exception 
    HttpHost target = new HttpHost("httpbin.org", 80, "http");
    CredentialsProvider credsProvider = new BasicCredentialsProvider();
    credsProvider.setCredentials(
            new AuthScope(target.getHostName(), target.getPort()),
            new UsernamePasswordCredentials("user", "passwd"));
    CloseableHttpClient httpclient = HttpClients.custom()
            .setDefaultCredentialsProvider(credsProvider)
            .build();
    try 

        // Create AuthCache instance
        AuthCache authCache = new BasicAuthCache();
        // Generate DIGEST scheme object, initialize it and add it to the local
        // auth cache
        DigestScheme digestAuth = new DigestScheme();
        // Suppose we already know the realm name
        digestAuth.overrideParamter("realm", "me@kennethreitz.com");
        // Suppose we already know the expected nonce value
        digestAuth.overrideParamter("nonce", "b2c603bb7c93cfa197945553a1044283");
        authCache.put(target, digestAuth);

        // Add AuthCache to the execution context
        HttpClientContext localContext = HttpClientContext.create();
        localContext.setAuthCache(authCache);

        HttpGet httpget = new HttpGet("http://httpbin.org/digest-auth/auth/user/passwd");

        System.out.println("Executing request " + httpget.getRequestLine() + " to target " + target);
        for (int i = 0; i < 3; i++) 
            CloseableHttpResponse response = httpclient.execute(target, httpget, localContext);
            try 
                System.out.println("----------------------------------------");
                System.out.println(response.getStatusLine());
                System.out.println(EntityUtils.toString(response.getEntity()));
             finally 
                response.close();
            
        
     finally 
        httpclient.close();
    

我得到：HTTP/1.1 401 UNAUTHORIZED

如果我直接转到http://httpbin.org/digest-auth/auth/user/passwd，会提示我输入用户/密码，然后提供该页面。所以网站运行正常。

知道有什么问题吗？我有最新版本的库。

浏览器的 Fiddler 身份验证（成功）：

不存在代理授权标头。

存在授权标头：摘要用户名=“用户”， 领域="me@kennethreitz.com", nonce="8ada87344eb5a10bf810bcc211205c24", uri="/digest-auth/auth/user/passwd", response="ad22423e5591d14c90c6fe3cd762e64c", opaque="361645844d957289c4c8f3479f76269f", qop=auth, nc=00000001, cnonce="260d8ddfe64bf32e"

我的代码的 Fiddler 身份验证（失败）：

不存在代理授权标头。

存在授权标头：摘要用户名=“用户”， 领域="me@kennethreitz.com", nonce="76af6c9c0a1f57ee5f0fcade2a5f758c", uri="http://httpbin.org/digest-auth/auth/user/passwd", 响应=“745686e3f38ab40ce5907d41f91823e6”，qop=auth，nc=00000001， cnonce="634b618d5c8ac9af", 算法=MD5, opaque="fe84ce11c48a7b258490600800e5e6df"

【问题讨论】：

Apache HttpClient Digest authentication的可能重复

【参考方案1】：

这个代码digestAuth.overrideParamter("realm", "some realm")应该有一些变化。用你的服务器领域替换"some realm"。请看这个question

【讨论】：

如何以编程方式确定领域？此代码适用于将在连接到许多服务器的多台计算机上运行的库。所以我不能硬编码。

查看此处以编程方式设置领域***.com/questions/53028003/…

【参考方案2】：

好的，我得到了它的工作。你也必须设置一个cookie。 Thanks to this post 寻求帮助。以下代码有效 - 但前提是您不使用 Fiddler。

    public static void main(String[] args) throws Exception 

        CookieStore cookieStore = new BasicCookieStore();
        BasicClientCookie cookie = new BasicClientCookie("fake", "fake_value");
        cookie.setDomain("httpbin.org");
        cookie.setPath("/");
        cookieStore.addCookie(cookie);

        // https://***.com/questions/27291842/digest-auth-with-java-apache-client-always-401-unauthorized

        HttpHost target = new HttpHost("httpbin.org", 80, "http");
        CredentialsProvider credsProvider = new BasicCredentialsProvider();
        credsProvider.setCredentials(
                new AuthScope(target.getHostName(), target.getPort()),
                new UsernamePasswordCredentials("user", "passwd"));

        CloseableHttpClient httpclient = HttpClients.custom()
                .setDefaultCookieStore(cookieStore)
                .setDefaultCredentialsProvider(credsProvider)
//              .setProxy(new HttpHost("127.0.0.1", 8888))
                .build();
        try 

            // Create AuthCache instance
            AuthCache authCache = new BasicAuthCache();
            // Generate DIGEST scheme object, initialize it and add it to the local
            // auth cache
            DigestScheme digestAuth = new DigestScheme();
            // Suppose we already know the realm name
            digestAuth.overrideParamter("realm", "me@kennethreitz.com");
            // Suppose we already know the expected nonce value
            digestAuth.overrideParamter("nonce", calculateNonce());
            authCache.put(target, digestAuth);

            // Add AuthCache to the execution context
            HttpClientContext localContext = HttpClientContext.create();
            localContext.setAuthCache(authCache);

            HttpGet httpget = new HttpGet("http://httpbin.org/digest-auth/auth/user/passwd");

            System.out.println("Executing request " + httpget.getRequestLine() + " to target " + target);
                CloseableHttpResponse response = httpclient.execute(target, httpget, localContext);
                try 
                    System.out.println("----------------------------------------");
                    System.out.println(response.getStatusLine());
                    System.out.println(EntityUtils.toString(response.getEntity()));
                 finally 
                    response.close();
                
         finally 
            httpclient.close();
        
    

    public static synchronized String calculateNonce() 

        Date d = new Date();
        SimpleDateFormat f = new SimpleDateFormat("yyyy:MM:dd:hh:mm:ss");
        String fmtDate = f.format(d);
        Random rand = new Random(100000);
        Integer randomInt = rand.nextInt();
        return org.apache.commons.codec.digest.DigestUtils.md5Hex(fmtDate + randomInt.toString());