Groovy 摘要认证
Posted
技术标签:
【中文标题】Groovy 摘要认证【英文标题】:Groovy Digest authentication 【发布时间】:2017-07-27 21:59:59 【问题描述】:我正在尝试编写一个 groovy 脚本(也欢迎使用 java 代码;)),它应该允许我执行 Digest 身份验证。需要能够在 SOAPUI 中使用 Digest auth,因为 SOAP 不支持本机这种身份验证。
为了测试我的脚本,我使用了一个 URL:https://postman-echo.com/digest-auth
首先我通过网络浏览器访问该页面以获取 WWW-Authenticate 标头。 摘要领域="Users", nonce="81lEQmJGxRb3Us9jVJPYlDpjw11On7zW", qop="auth"
然后我输入正确的用户名+密码并检查 Web 浏览器计算的授权标头。结果如下:
Digest username="postman", realm="Users", nonce="81lEQmJGxRb3Us9jVJPYlDpjw11On7zW", uri="/digest-auth", response="82884fe7c55a19e80e8c8dea7ba1aece", qop=auth, nc=00000001, cnonce="89aa538367b9069a"
然后我使用我的脚本使用相同的数据来执行响应数据的计算。结果如下:
Digest username="postman", realm="Users", nonce="81lEQmJGxRb3Us9jVJPYlDpjw11On7zW", uri="/digest-auth", response="a6767f0a78d17e0cab90df65ec2ace5c", qop=auth,nc="00000001",cnonce="03d476861afd384510f2cb80ccfa8511"
我的响应与网络浏览器计算的响应不同。
我做错了什么?
这是我的脚本:
import org.apache.commons.codec.digest.DigestUtils
import com.eviware.soapui.impl.wsdl.actions.teststep.RunFromTestStepAction
// URL: https://postman-echo.com/digest-auth
wwwAuthHeader = "Digest realm=\"Users\", nonce=\"81lEQmJGxRb3Us9jVJPYlDpjw11On7zW\", qop=\"auth\""
def realmArray = wwwAuthHeader.split(",")
def realm = realmArray[0].split("=")[1]
def nonce = realmArray[1].split("=")[1]
def qop = realmArray[2].split("=")[1]
def uri = "/digest-auth"
def user = "postman"
def pass = "password"
def method ="GET"
def resp = md5(user,realm,pass,method,uri,nonce)
log.info "resp: "+resp
def cnonce = DigestUtils.md5Hex(user)
def authorizationString = "Digest username=\"$user\", realm=$realm, nonce=$nonce, uri=\"$uri\", response=\"$resp\", qop=auth,nc=\"00000001\",cnonce=\"$cnonce\""
log.info "authorizationString: " + authorizationString
// methods
def md5(user, realm, pass, method, String uri, nonce)
def A1 = DigestUtils.md5Hex ("$user:$realm:$pass")
def A2 = DigestUtils.md5Hex ("$method:$uri")
return DigestUtils.md5Hex ("$A1:$nonce:$A2")
【问题讨论】:
带有Authenticator 的 Java 代码用于摘要式身份验证:***.com/a/61179764/2073804
【参考方案1】:
如果您只是想编写一个 groovy 脚本(也欢迎使用 java 代码,正如您的问题所读),它允许您执行 Digest 身份验证,这里有一些东西供您参考:
@Grab(group='org.apache.httpcomponents', module='httpclient', version='4.5.3')
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.auth.AuthScope;
import org.apache.http.HttpResponse;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.util.EntityUtils;
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(
new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT),
new UsernamePasswordCredentials("postman", "password"));
CloseableHttpClient httpClient = HttpClients.custom()
.setDefaultCredentialsProvider(credsProvider)
.build();
HttpGet httpGet = new HttpGet("https://postman-echo.com/digest-auth");
HttpResponse httpResponse = httpClient.execute(httpGet);
String content = EntityUtils.toString(httpResponse.getEntity());
println content;
运行它,输出如下所示:
"authenticated":true
【讨论】:
以上是关于Groovy 摘要认证的主要内容,如果未能解决你的问题,请参考以下文章