Apache http 客户端示例无法进行摘要式身份验证
Posted
技术标签:
【中文标题】Apache http 客户端示例无法进行摘要式身份验证【英文标题】:Apache http client sample failing for Digest authentication 【发布时间】:2016-12-27 00:24:12 【问题描述】:我正在运行示例 Apache hc(http 客户端)进行摘要式身份验证。我没有改变任何东西,只是使用提供的示例:
public static void main(String[] args) throws Exception
HttpHost target = new HttpHost("httpbin.org", 80, "http");
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(
new AuthScope(target.getHostName(), target.getPort()),
new UsernamePasswordCredentials("user", "passwd"));
CloseableHttpClient httpclient = HttpClients.custom()
.setDefaultCredentialsProvider(credsProvider)
.build();
try
// Create AuthCache instance
AuthCache authCache = new BasicAuthCache();
// Generate DIGEST scheme object, initialize it and add it to the local
// auth cache
DigestScheme digestAuth = new DigestScheme();
// Suppose we already know the realm name
digestAuth.overrideParamter("realm", "me@kennethreitz.com");
// Suppose we already know the expected nonce value
digestAuth.overrideParamter("nonce", "b2c603bb7c93cfa197945553a1044283");
authCache.put(target, digestAuth);
// Add AuthCache to the execution context
HttpClientContext localContext = HttpClientContext.create();
localContext.setAuthCache(authCache);
HttpGet httpget = new HttpGet("http://httpbin.org/digest-auth/auth/user/passwd");
System.out.println("Executing request " + httpget.getRequestLine() + " to target " + target);
for (int i = 0; i < 3; i++)
CloseableHttpResponse response = httpclient.execute(target, httpget, localContext);
try
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
System.out.println(EntityUtils.toString(response.getEntity()));
finally
response.close();
finally
httpclient.close();
我得到:HTTP/1.1 401 UNAUTHORIZED
如果我直接转到http://httpbin.org/digest-auth/auth/user/passwd,会提示我输入用户/密码,然后提供该页面。所以网站运行正常。
知道有什么问题吗?我有最新版本的库。
浏览器的 Fiddler 身份验证(成功):
不存在代理授权标头。
存在授权标头:摘要用户名=“用户”, 领域="me@kennethreitz.com", nonce="8ada87344eb5a10bf810bcc211205c24", uri="/digest-auth/auth/user/passwd", response="ad22423e5591d14c90c6fe3cd762e64c", opaque="361645844d957289c4c8f3479f76269f", qop=auth, nc=00000001, cnonce="260d8ddfe64bf32e"
我的代码的 Fiddler 身份验证(失败):
不存在代理授权标头。
存在授权标头:摘要用户名=“用户”, 领域="me@kennethreitz.com", nonce="76af6c9c0a1f57ee5f0fcade2a5f758c", uri="http://httpbin.org/digest-auth/auth/user/passwd", 响应=“745686e3f38ab40ce5907d41f91823e6”,qop=auth,nc=00000001, cnonce="634b618d5c8ac9af", 算法=MD5, opaque="fe84ce11c48a7b258490600800e5e6df"
【问题讨论】:
Apache HttpClient Digest authentication的可能重复 【参考方案1】:这个代码digestAuth.overrideParamter("realm", "some realm")
应该有一些变化。用你的服务器领域替换"some realm"
。请看这个question
【讨论】:
如何以编程方式确定领域?此代码适用于将在连接到许多服务器的多台计算机上运行的库。所以我不能硬编码。 查看此处以编程方式设置领域***.com/questions/53028003/…【参考方案2】:好的,我得到了它的工作。你也必须设置一个cookie。 Thanks to this post 寻求帮助。以下代码有效 - 但前提是您不使用 Fiddler。
public static void main(String[] args) throws Exception
CookieStore cookieStore = new BasicCookieStore();
BasicClientCookie cookie = new BasicClientCookie("fake", "fake_value");
cookie.setDomain("httpbin.org");
cookie.setPath("/");
cookieStore.addCookie(cookie);
// https://***.com/questions/27291842/digest-auth-with-java-apache-client-always-401-unauthorized
HttpHost target = new HttpHost("httpbin.org", 80, "http");
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(
new AuthScope(target.getHostName(), target.getPort()),
new UsernamePasswordCredentials("user", "passwd"));
CloseableHttpClient httpclient = HttpClients.custom()
.setDefaultCookieStore(cookieStore)
.setDefaultCredentialsProvider(credsProvider)
// .setProxy(new HttpHost("127.0.0.1", 8888))
.build();
try
// Create AuthCache instance
AuthCache authCache = new BasicAuthCache();
// Generate DIGEST scheme object, initialize it and add it to the local
// auth cache
DigestScheme digestAuth = new DigestScheme();
// Suppose we already know the realm name
digestAuth.overrideParamter("realm", "me@kennethreitz.com");
// Suppose we already know the expected nonce value
digestAuth.overrideParamter("nonce", calculateNonce());
authCache.put(target, digestAuth);
// Add AuthCache to the execution context
HttpClientContext localContext = HttpClientContext.create();
localContext.setAuthCache(authCache);
HttpGet httpget = new HttpGet("http://httpbin.org/digest-auth/auth/user/passwd");
System.out.println("Executing request " + httpget.getRequestLine() + " to target " + target);
CloseableHttpResponse response = httpclient.execute(target, httpget, localContext);
try
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
System.out.println(EntityUtils.toString(response.getEntity()));
finally
response.close();
finally
httpclient.close();
public static synchronized String calculateNonce()
Date d = new Date();
SimpleDateFormat f = new SimpleDateFormat("yyyy:MM:dd:hh:mm:ss");
String fmtDate = f.format(d);
Random rand = new Random(100000);
Integer randomInt = rand.nextInt();
return org.apache.commons.codec.digest.DigestUtils.md5Hex(fmtDate + randomInt.toString());
【讨论】:
以上是关于Apache http 客户端示例无法进行摘要式身份验证的主要内容,如果未能解决你的问题,请参考以下文章
如何在 Golang 中使用摘要身份验证进行 HTTP POST?