XML-RPC 身份验证(http 与 XmlRpcNotAuthorizedException) [英] XML-RPC authentication (http vs. XmlRpcNotAuthorizedException)
问题描述
我找不到我的问题的确切答案(谷歌或这里),所以如果这是我错过的重复,我很抱歉:
I could not find an exact answer to my question (either google or here), so my apologies if this is a repeat that I missed:
我正在使用 Java 中的 Apache 的 XML-RPC 库(我有点后悔)编写一个 XML-RPC 服务器,它需要符合给定的规范.通过身份验证,服务器生成 org.apache.xmlrpc.common.XmlRpcNotAuthorizedException.这不是所需的行为.我想返回 HTTP 错误 401(未验证)和 403(禁止).但是,Apache 不断抛出这些异常,我找不到解决方法.
I am writing a XML-RPC server using Apache's XML-RPC libraries (which I'm regretting a bit) in Java that needs to conform to a given specification. With authentication, the server generates an org.apache.xmlrpc.common.XmlRpcNotAuthorizedException. This is not the behaviour that is required. I would like to return an HTTP error 401 (not authenticated) and 403 (forbidden) instead. However, Apache keeps on throwing these exceptions and I cannot find a way around it.
例如发送正确的用户名/密码后收到的响应:
For example response received after sending correct username/password:
HTTP/1.1 200 OK
Content-Length:362
Content-Type:text/xml
Server:Jetty(7.x.y-SNAPSHOT)
<?xml version="1.0" encoding="UTF-8"?>
<methodResponse>
...correct response information here
</methodResponse>
...以及错误的用户名和密码:
...and wrong username and password:
HTTP/1.1 200 OK
Content-Length:252
Content-Type:text/xml
Server:Jetty(7.x.y-SNAPSHOT)
<?xml version="1.0" encoding="UTF-8"?>
<methodResponse>
...xmlrpc exception here
<methodResponse>
我不想要HTTP/1.1 200 OK",我想要HTTP/1.1 401 Unauthorized"
I don't want "HTTP/1.1 200 OK", I want "HTTP/1.1 401 Unauthorized"
我正在考虑继承 Apache 的 ReflectiveXmlRpcHandler(或类似的东西)并尝试拦截异常,但我想知道是否有人找到了解决这个问题的更好主意.
I was considering inheriting Apache's ReflectiveXmlRpcHandler (or something similar) and trying to intercept the exception, but I was wondering if someone else have found a better idea to this problem.
有什么想法吗?
推荐答案
这似乎很困难.如 XML-RPC 规范
Response format
Unless there's a lower-level error, always return 200 OK.
Bad Authentication Credentials 不是低级错误,它只是一个特定的用例.但是您可以在客户端启用异常(注意安全问题)来处理这种特殊情况
Bad Authentication Credentials is not a low-level error, it's just a particular use case. But you can enable Exceptions on the client side (be aware of security issues) to handle this particular case
这篇关于XML-RPC 身份验证(http 与 XmlRpcNotAuthorizedException)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!