使用HttpUrlConnection进行HTTP摘要认证 [英] HTTP digest authentication with HttpUrlConnection
问题描述
我正在尝试使用摘要式身份验证连接到我的计算机上的Tomcat Web Server。我正在使用tomcat的内存领域。以下是服务器的配置方式:
I am trying to connect to the Tomcat Web Server on my machine using a digest authentication. I am using the memory realm of tomcat. Here is how the server is configured:
1)在server.xml中:
1) In server.xml:
<Realm className="org.apache.catalina.realm.MemoryRealm" digest="MD5" />
2)在tomcat-users.xml中
2) In tomcat-users.xml
<user username="testuser" password="81dc9bdb52d04dc20036dbd8313ed055" roles="test"/>
3)在我的网络项目的web.xml中:
3) In web.xml of my web project:
<auth-method>DIGEST</auth-method>
如您所见,我已指定为摘要方法MD5,我已使用加密密码Tomcat的digest.sh。
As you can see I have specified as a digest method "MD5" and I have encryped the password using the digest.sh of Tomcat.
这是我在客户端的代码:
Here is my code on the client side:
private static void testGet() throws IOException {
// Create a URL
URL test = new URL("http://localhost:8080/TestWebProject/TestServlet");
// Open a connection to the URL
HttpURLConnection conn = (HttpURLConnection) test.openConnection();
MessageDigest md5 = null;
try {
md5 = MessageDigest.getInstance("MD5");
} catch(NoSuchAlgorithmException e) {
e.printStackTrace();
}
// Digest password using the MD5 algorithm
String password = "1234";
md5.update(password.getBytes());
String digestedPass = digest2HexString(md5.digest());
// Set header "Authorization"
String credentials = "testuser:" + digestedPass;
conn.setRequestProperty("Authorization", "Digest " + credentials);
// Print status code and message
System.out.println("Test HTTP GET method:");
System.out.println("Status code: " + conn.getResponseCode());
System.out.println("Message: " + conn.getResponseMessage());
System.out.println();
}
private static String digest2HexString(byte[] digest)
{
String digestString="";
int low, hi ;
for(int i=0; i < digest.length; i++)
{
low = ( digest[i] & 0x0f ) ;
hi = ( (digest[i] & 0xf0)>>4 ) ;
digestString += Integer.toHexString(hi);
digestString += Integer.toHexString(low);
}
return digestString ;
}
我认为我的客户端代码没问题,服务器配置正常,太。虽然服务器不断向我发送状态代码401,但消息为未授权。因为我不是一个经验丰富的java开发人员,所以我想询问是否有人有想法或在我的实现中发现错误。
I think that my client side code is ok and the configuration of the server, too. Though the server keeps sending me the status code 401 with message "Unauthorized". As I am not an experienced java developer, I want to ask if anyone has idea or sees an error in my implementation.
提前感谢您!
推荐答案
摘要式身份验证远比发送用户名:密码
复杂得多(实际上是基本的)身份验证...和用户名:密码
元组需要进行Base64编码!)。
Digest authentication is far more complex than just sending username:password
(that is actually Basic authentication... and the username:password
tuple needs to be Base64 encoded!).
你可以阅读全部关于摘要此处。
You can read all about digest here.
如果你'不需要使用 HttpUrlConnection
看看这两个项目:
If you're not required to use HttpUrlConnection
take a look at these two projects:
- 异步Http客户端(更成熟)
- < a href =http://hotpotato.factor45.org =noreferrer> Hotpotato (我的)
- Async Http Client (more mature)
- Hotpotato (mine)
他们俩都支持Digest(和其他有用的东西)开箱即用。
Both of them already support Digest (and other useful stuff) out of the box.
这篇关于使用HttpUrlConnection进行HTTP摘要认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!