Apache的HttpClient的摘要式身份验证 [英] Apache HttpClient Digest authentication

问题描述

基本上我需要做的是执行摘要验证。第一件事，我想是可以的官方例子<一href="http://svn.apache.org/repos/asf/httpcomponents/httpclient/tags/4.0.1/httpclient/src/examples/org/apache/http/examples/client/ClientAuthentication.java">here. 但是，当我尝试执行它（有一些小的变化，邮政代替Get方法），我收到了

Basically what I need to do is to perform digest authentication. First thing I tried is the official example available here. But when I try to execute it(with some small changes, Post instead of the the Get method) I get a

org.apache.http.auth.MalformedChallengeException: missing nonce in challange
at org.apache.http.impl.auth.DigestScheme.processChallenge(DigestScheme.java:132)

在这个失败的我尝试使用：

When this failed I tried using:

DefaultHttpClient client = new DefaultHttpClient();
client.getCredentialsProvider().setCredentials(new AuthScope(null, -1, null), new UsernamePasswordCredentials("<username>", "<password>"));

HttpPost post = new HttpPost(URI.create("http://<someaddress>"));
        List<NameValuePair> nvps = new ArrayList<NameValuePair>();
nvps.add(new BasicNameValuePair("domain", "<username>"));
post.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));

DigestScheme digestAuth = new DigestScheme();
digestAuth.overrideParamter("algorithm", "MD5");
digestAuth.overrideParamter("realm", "http://<someaddress>");
digestAuth.overrideParamter("nonce", Long.toString(new Random().nextLong(), 36));
digestAuth.overrideParamter("qop", "auth");
digestAuth.overrideParamter("nc", "0");
digestAuth.overrideParamter("cnonce", DigestScheme.createCnonce());

Header auth = digestAuth.authenticate(new
      UsernamePasswordCredentials("<username>", "<password>"), post);
System.out.println(auth.getName());
System.out.println(auth.getValue());
post.setHeader(auth);


HttpResponse ret = client.execute(post);
ByteArrayOutputStream v2 = new ByteArrayOutputStream();
ret.getEntity().writeTo(v2);
System.out.println("----------------------------------------");
System.out.println(v2.toString());
System.out.println("----------------------------------------");
System.out.println(ret.getStatusLine().getReasonPhrase());
System.out.println(ret.getStatusLine().getStatusCode());

起初我只有重写境界和现时DigestScheme参数。但事实证明，在服务器上运行PHP脚本需要的所有其它参数，可以但无论如果我指定与否DigestScheme没有产生他们在授权请求preperty当我调用它的authenticate（）方法。和PHP脚本返回的HTTP响应code 200与PHP脚本需要cnonce，NC和QOP参数的消息。

At first I have only overridden "realm" and "nonce" DigestScheme parameters. But it turned out that PHP script running on the server requires all other params, but no matter if I specify them or not DigestScheme doesn't generate them in the Authorization RequestPreperty when I call its authenticate() method. And PHP script returns HTTP response code 200 with a message that PHP script requires cnonce, nc and qop parameters.

我一直在努力奋斗着这个两天，并没有运气。基于一切我认为这个问题的原因是PHP脚本。在我看来，它并没有发出挑战，当应用程序试图访问未经批准的开发。

I've been struggling with this for two days, and no luck. Based on everything I think that the cause of the problem is the PHP script. It looks to me that it doesn't send a challenge when app tries to access it unauthorized.

任何想法吗？

编辑： 还有一件事，我试着卷曲连接和它的作品。

One more thing, I've tried connecting with cURL and it works.

推荐答案

我设法做一个摘要登录使用 digestScheme 后，验证code

I managed to do a Digest login using digestScheme after verifying the code.

digestAuth.processChallenge(null);

强制previous输入参数是除preTED。空参数首标，基于该头中发送，如果有的话。

Forces the previous input parameters to be interpreted. The null parameter is a header, based on the header sent, if any.

现在的保护级别/ NC 的使用和digestScheme工作的要求。 在Android上运行它

Now qop/nc is used and digestScheme works as required. Running it on android

digestAuth.overrideParamter("algorithm", "MD5");
digestAuth.overrideParamter("realm", serverRealm);
digestAuth.overrideParamter("nonce", Long.toString(new Random().nextLong(), 36));
digestAuth.overrideParamter("qop", "auth");//   not effective 
digestAuth.overrideParamter("nc",""+sequence);//nt effective 
digestAuth.overrideParamter("cnonce", DigestScheme.createCnonce());
digestAuth.overrideParamter("opaque","ba897c2f0f3de9c6f52d");
String err;
try
{
    digestAuth.processChallenge(null);
    //force  qop in use  chalange  on return header ????!!!!
}
catch (Exception e)
{ 
    err=e.getLocalizedMessage();
}

这篇关于Apache的HttpClient的摘要式身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！