Django用户身份验证

Question

我正在编写一段java代码，使用以下代码登录基于django的网站。 但它返回403错误

[18/Feb/2014 15:16:36] "POST /accounts/login/ HTTP/1.1" 403 2282

任何人都知道如何解决这个问题？ 非常感谢提前！

private String baseUrl = "http://localhost:9999";    
boolean result = false;
try {
        URL url = new URL(baseUrl + "/accounts/login/");
        HttpURLConnection con = (HttpURLConnection) url.openConnection();
        con.setRequestMethod("POST");
        con.setDoInput(true);
        con.setDoOutput(true);
        String formParameters = "csrfmiddlewaretoken="
                + para + "&username="
                + "name" + "&password="
                + "pwd" + "&next=";

        System.out.println(formParameters);
        DataOutputStream wr = new DataOutputStream(
                con.getOutputStream());
        wr.writeBytes(URLEncoder.encode(formParameters, "UTF-8"));
        wr.flush();
        wr.close();

        if(con.getResponseCode() == 302){
            result = true;
        }
    } catch (MalformedURLException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (IOException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

return result;

Answer 1

嘿我现在正在解决同样的问题，我觉得我需要分享一下。这可能为时已晚，但可能对将来需要一些类似问题的人提供帮助。

1. 请求登录页面，Django将设置您的cookie：

   URL url = new URL("http://localhost:9999");
   HttpURLConnection client = (HttpURLConnection) url.openConnection();
   client.setDoInput(true);
   client.connect();
   inputStream = client.getInputStream(); // open input stream
   //read input
   StringWriter writer = new StringWriter();
   IOUtils.copy(inputStream, writer, "UTF-8");
   String string = writer.toString();
   //NOTE (look for this under this code section)
   String cookie= client.getHeaderField("Set-Cookie").get(0);
   client.disconnect();
   

注意：您的标题值存储在HashMap<String,List<String>>中，我使用了get(0)，因为根据我的经验，＆＃34; Set-Cookie＆＃34;只包含1个值，所以我得到索引0，在这个例子中包含这个：

"csrftoken=FwYSncufKaCZjxLWGUPq7ORZRvTXIxkU; expires=Sun, 09-Jul-2017 18:23:09 GMT; Max-Age=31449600; Path=/ 1"

如您所见，它包含csrf cookie。 现在你需要做两件事：

1. 将上一个Cookie放入您的下一个网址请求属性

2. 您需要将您的csrf标记值（在此示例中为＃34; FwYSncufKaCZjxLWGUPq7 ORZRvTXIxkU＆＃34;，您可以使用regex获取此值）到您的POST参数中。

   < / LI>

   以下是一些代码：

       url = new URL(LOGIN_URL);
       client = (HttpURLConnection) url.openConnection();
       client.setDoInput(true);
       client.setDoOutput(true);
       client.setRequestMethod("POST");
       //set cookie to the previous cookie that has the correct csrf token
       client.setRequestProperty("Cookie", cookie);
       //set up the form params for the POST
       String formParameters = "csrfmiddlewaretoken="
               + csrf + "&username="
               + "name" + "&password="
               + "pwd";
   
       DataOutputStream wr = new DataOutputStream(
               client.getOutputStream());
       wr.write(formParameters.getBytes("UTF-8"));
       wr.flush();
       wr.close();
       client.connect();
       inputStream = client.getInputStream();
       //read return input from the django server
       writer = new StringWriter();
       IOUtils.copy(inputStream, writer, "UTF-8");
       string = writer.toString();
   

   希望这有助于将来的所有人！