LWP :: UserAgent HTTP基本身份验证 [英] LWP::UserAgent HTTP Basic Authentication
问题描述
我试图运行此perl5程序:
I tried to run this perl5 program:
#!/usr/bin/env perl
use strict;
use warnings;
use LWP;
my $ua = LWP::UserAgent->new('Mozilla');
$ua->credentials("test.server.com:39272", "realm-name", 'user_name', 'some_pass');
my $res = $ua->get('http://test.server.com:39272/');
print $res->content;
另一方面,我有HTTP :: Daemon:
On other hand I have HTTP::Daemon:
#!/usr/bin/env perl
use strict;
use warnings;
use HTTP::Daemon;
my $hd = HTTP::Daemon->new or die;
print "Contact URL: ", $hd->url, "\n";
while (my $hc = $hd->accept) {
while (my $hr = $hc->get_request) {
if ($hr->method eq 'GET') {
print $hr->as_string, "\n";
}
}
$hc->close;
undef($hc);
}
它只是打印:
Contact URL: http://test.server.com:39272/
GET / HTTP/1.1
Connection: TE, close
Host: test.server.com:39272
TE: deflate,gzip;q=0.3
User-Agent: libwww-perl/6.03
所以我看到LWP :: UserAgent没有发送HTTP Basic身份验证,但是我不知道为什么.
So I see that LWP::UserAgent don't send HTTP Basic auth, but I don't know why.
我在该网站上看到过一些帖子,但是它们具有相同的基本代码,但是没有 工作...
I seen some post on this web site, but they have this same basic code, and it doesn't work...
如果我使用HTTP :: Request,那么它将起作用:
If I use HTTP::Request then it works:
my $req = GET 'http://test.server.com:39272/';
$req->authorization_basic('my_id', 'my_pass');
my $res = $ua->request($req);
输出:
GET / HTTP/1.1
Connection: TE, close
Authorization: Basic bXlfaWQ6bXlfcGFzcw==
Host: test.server.com:39272
TE: deflate,gzip;q=0.3
User-Agent: libwww-perl/6.03
我以前做错了什么吗?
推荐答案
LWP仅在服务器告诉它正在尝试访问该领域的情况下才发送该领域的凭据.特定用户可能只能访问特定领域,或者具有用于不同领域的不同密码. LWP不知道在没有领域的情况下会从其凭证中选择哪一个.此外,除非受到挑战,否则LWP不会使用您存储在凭据中的数据.你不是那样做的.
LWP will only send the credentials for a realm if the server has told it that it's trying to access that realm. A particular user may only be able to access particular realms or have different passwords for different realms. LWP doesn't know which one to pick out of its credentials without the realm. Additionally, LWP isn't going to use the data you store in the credentials unless it's been challenged. You're not doing that.
如果通过指定Authorization标头直接提供凭据,则不进行领域检查.如果您自己明确设置了标题,则始终可以发送所需的任何标题,因此看到它并不奇怪.
If you supply the credentials directly by specifying the Authorization header, you do no realm checking. You can always send any header you like if you set it explicitly yourself, so it's not surprising that you see it.
您只需要一个更好的测试服务器:
You just need a better test server:
use strict;
use warnings;
use HTTP::Daemon;
use HTTP::Status;
my $server = HTTP::Daemon->new or die;
print "Contact URL: ", $server->url, "\n";
while (my $connection = $server->accept) {
while (my $request = $connection->get_request) {
print $request->as_string;
unless( $request->header( 'Authorization' ) ) {
$connection->send_response( make_challenge() )
}
else {
$connection->send_response( make_response() )
}
}
$connection->close;
}
sub make_challenge {
my $response = HTTP::Response->new(
401 => 'Authorization Required',
[ 'WWW-Authenticate' => 'Basic realm="Buster"' ],
);
}
sub make_response {
my $response = HTTP::Response->new(
200 => 'Huzzah!',
[ 'Content-type' => 'text/plain' ],
);
$response->message( 'Huzzah!' );
}
当您运行一次客户端时,应该有两个请求:
When you run your client once, there should be two requests:
GET / HTTP/1.1
Connection: TE, close
Host: macpro.local:52902
TE: deflate,gzip;q=0.3
User-Agent: libwww-perl/6.02
GET / HTTP/1.1
Connection: TE, close
Authorization: Basic dXNlcl9uYW1lOnNvbWVfcGFzcw==
Host: macpro.local:52902
TE: deflate,gzip;q=0.3
User-Agent: libwww-perl/6.02
这篇关于LWP :: UserAgent HTTP基本身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
