我正在使用一个使用spring 3,2的应用程序,并使用只需要基本身份验证的rest api中的数据......事情是我无法登录到api,我得到的只是401。
配置如下:
首先,凭据提供程序
<bean id="credentialProvider" class="org.apache.http.impl.client.BasicCredentialsProvider" />
访问restful service的授权范围。由于我们希望将此模板用于所有内容,因此我们使用默认值
进行设置<bean id="authScope" class="org.apache.http.auth.AuthScope">
<constructor-arg name="host"> <null /> </constructor-arg>
<constructor-arg name="port"> <value>-1</value> </constructor-arg>
<constructor-arg name="realm"> <null /> </constructor-arg>
<constructor-arg name="scheme"> <null /> </constructor-arg>
</bean>
用于访问api服务的用户名和密码凭据
<bean id="credentials" class="org.apache.http.auth.UsernamePasswordCredentials">
<constructor-arg name="userName" value="${dataApi.username}"></constructor-arg>
<constructor-arg name="password" value="${dataApi.password}"></constructor-arg>
</bean>
创建凭据提供程序
<bean id="methodInvoke" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="targetObject" ref="credentialProvider" />
<property name="targetMethod" value="setCredentials" />
<property name="arguments">
<list>
<ref local="authScope" />
<ref local="credentials" />
</list>
</property>
</bean>
我们必须使用代理,所以......
<bean id="proxyHttpClient" class="com.cibbva.commerce360.utils.ProxyHttpClient">
<constructor-arg name="host" value="${proxy.hostname}" />
<constructor-arg name="port" value="${proxy.port}" />
<constructor-arg name="user" value="${proxy.username}" />
<constructor-arg name="pass" value="${proxy.password}" />
<constructor-arg name="conman" ref="clientConnectionManager"></constructor-arg>
<property name="credentialsProvider" ref="credentialProvider" />
</bean>
clientConnectionManager定义为:
<bean id="clientConnectionManager" class="org.apache.http.impl.conn.PoolingClientConnectionManager">
<property name="defaultMaxPerRoute" value="${dataAPi.connection.maxPerRoute}"></property>
<property name="maxTotal" value="${dataAPi.connection.maxTotal}"></property>
</bean>
最后是requestFactory和restTemplate:
<bean id="requestFactory" class="org.springframework.http.client.HttpComponentsClientHttpRequestFactory">
<constructor-arg ref="proxyHttpClient" />
</bean>
<bean id="restTemplate" class="org.springframework.web.client.RestTemplate">
<constructor-arg name="requestFactory" ref="requestFactory" />
</bean>
我认为问题是因为没有将Authorization参数添加到请求的标头中,在调试模式下查看,我看到以下内容:
DEBUG org.apache.http.headers - >> GET /xxxx/xxxxxx?xxxx HTTP/1.1
DEBUG org.apache.http.headers - >> Accept: application/json, application/*+json
DEBUG org.apache.http.headers - >> Host: hostname
DEBUG org.apache.http.headers - >> Connection: Keep-Alive
DEBUG org.apache.http.headers - >> User-Agent: Apache-HttpClient/4.2.3 (java 1.5)
DEBUG org.apache.http.wire - << "HTTP/1.1 401 No Autorizado[\r][\n]"
如您所见,标题中没有身份验证信息。为了丢弃用户名和密码错误的可能性,我使用curl发出相同的请求:
curl -v --user 'username:pasword' https://xxxx/xxxxxx?xxxx
输出结果为:
SSL certificate verify ok.
Server auth using Basic with user 'user'
GET xxxx/xxxxxx?xxxx HTTP/1.1
Authorization: Basic Y29tL....
User-Agent: curl/7.29.0
Host: hostname
Accept: */*
HTTP/1.1 404 No Encontrado
总结一下,如何将参数Authorization添加到我的请求标题中?
非常感谢你!
答案 0 :(得分:1)
好的,我终于找到了解决这个问题的方法。我所做的是创建一个实现ClientHttpRequestInterceptor的类,然后手动放置Authorization Header,代码类似于:
public class RequestHeaderIntercepter implements ClientHttpRequestInterceptor{
@Override
public ClientHttpResponse intercept(HttpRequest request, byte[] body,
ClientHttpRequestExecution execution) throws IOException {
HttpRequestWrapper requestWrapper = new HttpRequestWrapper(request);
requestWrapper.getHeaders().set("Authorization", "encoded username:password");
return execution.execute(request, body);
}
}
之后,你必须将监听器注册到restTemplate,这就是全部!拦截请求,并将Authorization参数添加到标题中。