java.io.IOException异常:未找到验证挑战 [英] java.io.IOException : No authentication challenges found
问题描述
我是新手到Android,这是我在Android上的第一个项目。我挣扎与认证的问题超过一天。我尝试了几种选择,但没有一次成功。
I am newbie to android and this is my first project on android. I am struggling with "authentication" problem for more than a day. I tried several options but none of them worked.
基本上,我想调用一个REST API,并得到响应。我相信,没有在API没有问题,因为我使用同一个在其他的iOS应用程序。
Basically, I want to call a REST API and get response. I am sure that there is no problem in API as I use the same one in another iOS application.
我通过授权头,但仍没有身份验证发现消息显示。我发现计算器与此相关的一些问题,但他们中的一些没有工作,有的没有道理给我。照片
我得到的状态code 401 。我知道这意味着要么没有认证通过或如果通过,那么他们就错了。在这里,我相信我通过那些是正确的。
I pass authorization header but still authentication no found message is shown. I found few question on stackoverflow related to this, but some of them did not work and some does not make sense to me.
I get status code 401. I know this means either no authentication passed or if passed, then they are wrong. Here, I am sure my passed ones are correct.
下面是我的code:
try {
url = new URL(baseUrl);
}
catch (MalformedURLException me) {
Log.e(TAG, "URL could not be parsed. URL : " + baseUrl + ". Line : " + getLineNumber(), me);
me.printStackTrace();
}
try {
urlConnection = (HttpURLConnection) url.openConnection();
urlConnection.setRequestMethod(method);
urlConnection.setConnectTimeout(TIMEOUT * 1000);
urlConnection.setChunkedStreamingMode(0);
// Set HTTP headers
String authString = "username:password";
String base64Auth = Base64.encodeToString(authString.getBytes(), Base64.DEFAULT);
urlConnection.setRequestProperty("Authorization", "Basic " + base64Auth);
urlConnection.setRequestProperty("Accept", "application/json");
urlConnection.setRequestProperty("Content-type", "application/json");
if (method.equals("POST") || method.equals("PUT")) {
// Set to true when posting data
urlConnection.setDoOutput(true);
// Write data to post to connection output stream
OutputStream out = urlConnection.getOutputStream();
out.write(postParameters.getBytes("UTF-8"));
}
try {
// Get response
in = new BufferedInputStream(urlConnection.getInputStream());
}
catch (IOException e) {
Log.e(TAG, "Exception in getting connection input stream. in : " + in);
e.printStackTrace();
}
// Read the input stream that has response
statusCode = urlConnection.getResponseCode();
Log.d(TAG, "Status code : " + statusCode);
}
catch (ProtocolException pe) {
pe.printStackTrace();
}
catch (IllegalStateException ie) {
ie.printStackTrace();
}
catch (IOException e) {
e.printStackTrace();
}
finally {
urlConnection.disconnect();
}
看截图logcat中的:
Look at screenshot of logcat :
任何帮助将是AP preciated。谢谢你。
Any help would be appreciated. Thank you.
推荐答案
此错误发生beause服务器发送一个401,但不给<一个href="https://en.wikipedia.org/wiki/List_of_HTTP_header_fields#Response_fields"><$c$c>WWW-Authenticate头是一个暗示客户端下一步该怎么做。该 WWW验证头告诉哪种认证的需要(或者基本客户端或摘要)。这可能不是在无头的HTTP客户端非常有用的,但多数民众赞成如何 HTTP 1.1 RFC定义。出现此错误的原因的lib试图解析 WWW验证头但不能。
This error happens beause the server sends a 401 (Unauthorized) but does not give a WWW-Authenticate header which is a hint for the client what to do next. The WWW-Authenticate header tells the client which kind of authentication is needed (either Basic or Digest). This is probably not very useful in headless http clients, but thats how the HTTP 1.1 RFC is defined. The error occurs because the lib tries to parse the WWW-Authenticate header but can't.
从RFC:
(...)的响应必须包含一个WWW身份验证头字段(节 14.47)含有适用于所请求的资源的一个挑战。(...)
(...)The response MUST include a WWW-Authenticate header field (section 14.47) containing a challenge applicable to the requested resource.(...)
可能的解决方案,如果您可以更改服务器:
Possible solutions if you can change the server:
- 添加一个假的WWW身份验证标头,如:
WWW身份验证:基本境界=假。这仅仅是一种解决方法不是一个解决方案,但它应该工作和HTTP客户端满足(<一href="http://stackoverflow.com/questions/1748374/http-401-whats-an-appropriate-www-authenticate-header-value">see在这里你可以在头什么的讨论)。但要注意,一些HTTP客户端可以自动重试导致多个请求的要求(如加错了登录次数过于频繁)。这种观察与IOS HTTP客户端。 - 作为此提出的 loudvchar 的博客,以避免自动反应,就像一个浏览器弹出登录表单的挑战,你可以使用一个非标准的身份验证方法,像这样:
WWW验证:xBasic境界=假。最重要的一点是,领域已被包括在内。 - 使用HTTP状态code
403而不是401。它的语义是不一样的,通常与登录工作时,401是一个正确的响应(<一href="http://stackoverflow.com/questions/3297048/403-forbidden-vs-401-unauthorized-http-responses">see这里详细讨论),但在兼容性方面更安全的解决方案。
- Add a fake "WWW-Authenticate" header like:
WWW-Authenticate: Basic realm="fake". This is a mere workaround not a solution, but it should work and the http client is satisfied (see here a discussion for what you can put in the header). But beware that some http clients may automatically retry the request resulting in multiple requests (e.g. increments wrong login count too often). This was observed with the ios http client. - As proposed by loudvchar in this blog to avoid automatic reactions to the challenge like a pop-up login form in a browser, you can use a non-standard authentication method like so:
WWW-Authenticate: xBasic realm="fake". The important point is that therealmhas to be included. - Use HTTP status code
403instead of401. It's semantic is not the same and usually when working with login 401 is a correct response (see here for detailed discussion) but the safer solution in terms of compatibility.
可能的解决方案,如果您不可以更改服务器:
Possible solutions if you can't change the server:
由于@ErikZ在他的<一个写href="http://stackoverflow.com/questions/12931791/java-io-ioexception-received-authentication-challenge-is-null-in-ics-4-0-3">post你可以使用try&安培;抓
As @ErikZ wrote in his post you could use a try&catch
HttpURLConnection connection = ...;
try {
// Will throw IOException if server responds with 401.
connection.getResponseCode();
} catch (IOException e) {
// Will return 401, because now connection has the correct internal state.
int responsecode = connection.getResponseCode();
}
这篇关于java.io.IOException异常:未找到验证挑战的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
