使用安全的 HTTPS 连接在 Android Webview 上设置凭据 [英] Set credentials on an Android Webview using secured HTTPS connection

问题描述

我想创建一个 Android Webview，它使用凭据通过安全的 HTTPS 连接连接到网站.

I would like to create an Android Webview that connects to a website via a secured HTTPS connection with the use of credentials.

第一个困难是接受证书(私有)，通过这篇 非常有用的帖子.

First difficulty was to accept the certificate (private), it was solved with this very useful post.

第二个困难是使用凭据，我发现了这篇帖子.

Second difficulty is to use credentials, I found this post.

(来自 dparnas 的第一个答案)似乎处理得很好，但它谈论的是 HTTP 连接而不是 HTTPS.我已经试过了，但它不起作用，我只是到达了登录表单页面，没有任何错误消息，只是普通的空白表单.

(first answer from dparnas) which seems to deal pretty well with it, but it talks about HTTP connection and not HTTPS. I ve tried it, but it doesnt work, I just reach the sign-in form page without any error message, just the normal blank form.

这是我的代码:

import android.app.Activity;
import android.net.http.SslError;
import android.os.Bundle;
import android.webkit.HttpAuthHandler;
import android.webkit.SslErrorHandler;
import android.webkit.WebView;
import android.webkit.WebViewClient;

public class ConnectorWebView extends Activity {
  WebView mWebView;
  String mUsrName;
  String mPassC;

  @Override
  public void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.connwebview);

    // Getting info from Intent extras
    // Get it if it s different from null
    Bundle extras = getIntent().getExtras();            
    mUsrName = extras != null ? extras.getString("username") : null;
    mPassC = extras != null ? extras.getString("passcode") : null;

    mWebView = (WebView) findViewById(R.id.webview);
    mWebView.getSettings().setJavaScriptEnabled(true);
    mWebView.setHttpAuthUsernamePassword("myhost.com", "myrealm", mUsrName, mPassC);

    mWebView.setWebViewClient(new WebViewClient() {
        @Override 
        public void onReceivedHttpAuthRequest  (WebView view, HttpAuthHandler handler, String host, String realm){ 
          handler.proceed(mUsrName, mPassC);
        } 

        public void onReceivedSslError (WebView view, SslErrorHandler handler, SslError error) {
          handler.proceed() ;
        }
      });

    mWebView.loadUrl("https://myhost.com/secured_area");
  }
}

推荐答案

因为在使用 HTTPSWebView 似乎无法在本地处理 Basic 身份验证>，我开始考虑手动设置 Authorization 标头(包含编码的用户名/密码).

As it seems that WebView cannot natively handle Basic authentication when using HTTPS, I started toying with the idea of setting the Authorization header (containing the encoded username/password) manually.

我认为可以这样做:

import org.apache.commons.codec.binary.Base64;

// ...

@Override
public void onCreate(Bundle savedInstanceState) {
  super.onCreate(savedInstanceState);
  setContentView(R.layout.connwebview);

  // Getting info from Intent extras
  // Get it if it s different from null
  Bundle extras = getIntent().getExtras();            
  mUsrName = extras != null ? extras.getString("username") : null;
  mPassC = extras != null ? extras.getString("passcode") : null;

  mWebView = (WebView) findViewById(R.id.webview);
  mWebView.getSettings().setJavaScriptEnabled(true);
  // mWebView.setHttpAuthUsernamePassword("myhost.com",
  //                                   "myrealm",
  //                                   mUsrName,
  //                                   mPassC);

  mWebView.setWebViewClient(new WebViewClient() {
      @Override 
      public void onReceivedHttpAuthRequest(WebView view,
                                            HttpAuthHandler handler,
                                            String host,
                                            String realm){ 
        handler.proceed(mUsrName, mPassC);
      } 

      public void onReceivedSslError(WebView view,
                                     SslErrorHandler handler,
                                     SslError error) {
        handler.proceed() ;
      }
    });

  String up = mUserName +":" +mPassC;
  String authEncoded = new String(Base64.encodeBase64(up.getBytes()));
  String authHeader = "Basic " +authEncoded;
  Map<String, String> headers = new HashMap<String, String>();
  headers.put("Authorization", authHeader);
  mWebView.loadUrl("https://myhost.com/secured_area", headers);
}

这利用了 WebView.loadUrl (String url, Map<String, String> additionalHttpHeaders) 方法，对于这个例子，我使用了 Base64Encodera href="http://commons.apache.org/codec/" rel="noreferrer">Apache Commons.Base64Encoder 部分非常简单，如果您不想在应用程序中包含外部库(无论出于何种原因)，您可以随时编写 拥有(参考a>).

This takes advantage of the WebView.loadUrl (String url, Map<String, String> additionalHttpHeaders) method and for this example I'm using the Base64Encoder from Apache Commons. The Base64Encoder part is quite trivial and if you didn't want to include external libraries in your application (for whatever reason), you could always write your own (reference).

还要注意，前面提到的 WebView.loadUrl (String url, Map additionalHttpHeaders) 方法仅在 API 8+ 中可用.作为参考，另请参阅关于基本身份验证(讨论标头等)的维基百科文章.

Also note that the aforementioned WebView.loadUrl (String url, Map<String, String> additionalHttpHeaders) method is only available in API 8+. For reference, see also the Wikipedia article on Basic Authentication (which discusses the headers, etc).

这篇关于使用安全的 HTTPS 连接在 Android Webview 上设置凭据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！