无法设置HttpsURLConnection的Authorization标头

Question

我尝试设置HttpsURLConnection对象的OAuth授权标头，下面是该代码的

    String url1 = "/data/ServiceAccount?schema=1.0&form=json&byBillingAccountId={EQUALS,xyz@pqr.edu}";
    String url = "https://secure.api.abc.net/data/ServiceAccount?schema=1.0&byBillingAccountId={EQUALS,xyz@pqr.edu}";


    String header = OAuthClient.prepareURLWithOAuthSignature(url1);

    HttpsURLConnection con = null;

    try {
        URL obj = new URL(url);
        con = (HttpsURLConnection) obj.openConnection();

        con.setRequestMethod("GET");
        con.setRequestProperty("Authorization", "OAuth " + header);
        System.out.println("Request properties = " + con.getRequestProperty("Authorization"));


        int responseCode = con.getResponseCode();

        System.out.println("Response Code = " + responseCode);

        BufferedReader in = new BufferedReader(
                new InputStreamReader(con.getInputStream()));
        String inputLine;
        StringBuffer response = new StringBuffer();

        while ((inputLine = in.readLine()) != null) {
            response.append(inputLine);
        }
        in.close();
        con.disconnect();
        //print result
        System.out.println("Response = " + response.toString());


    } catch (MalformedURLException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (IOException e) {
        e.printStackTrace();
    } finally {
        if(con!=null) con.disconnect();
    }

以下是prepareURLWithOAuthSignature

的代码

public String prepareURLWithOAuthSignature(String url)
{

    String signature = null;

    setOAuthParameters();

    setOAuthQParams();

    try
    {
        httpURL = URLEncoder.encode(baseURL+url, "UTF-8");

        signature = OAuthSignatureService.getSignature(httpURL, URLEncoder.encode(URLEncodedUtils.format(qparams, "UTF-8"), "UTF-8"), consumer_secret);

        OAuthParameters.put("oauth_signature", signature);


    } catch (Exception e) {
        e.printStackTrace();
    }

    return getOAuthAuthorizationHeader();

}


public String getOAuthAuthorizationHeader()
{

    String OAuthHeader = "oauth_consumer_key=\"" + OAuthParameters.get("oauth_consumer_key") + "\"" + 
                        ",oauth_signature_method=\"" + OAuthParameters.get("oauth_signature_method") + "\"" +
                        ",oauth_timestamp=\"" + OAuthParameters.get("oauth_timestamp") + "\"" +
                        ",oauth_nonce=\"" + OAuthParameters.get("oauth_nonce") + "\"" +
                        ",oauth_version=\"" + OAuthParameters.get("oauth_version") + "\"" +
                        ",oauth_signature=\"" + OAuthParameters.get("oauth_signature") + "\"";

    byte[] authEncBytes = Base64.encodeBase64(OAuthHeader.getBytes());

    String authStringEnc = new String(authEncBytes);

    return authStringEnc;
}

问题在于

1）当我打印con.getRequestProperty时（＆＃34;授权＆＃34;）我得到一个空值，这意味着没有设置Authorization标头

2）我从服务器获得的最终回复是403

知道这里出了什么问题吗？

Answer 1

我知道这可能不是一个答案，但看起来这个问题是作为一个错误提交给sun的，这是答复的相关部分。

  

此行为是故意的，以防止出现安全漏洞   getRequestProperty（）已打开。调用setRequestProperty（＆＃34;授权＆＃34）   应该仍然有效，你只是不能通过证明结果   getRequestProperty（）。

原始论坛帖子请参阅：http://www.coderanch.com/t/205485/sockets/java/setRequestProperty-authorization-JDK

我无法建议您为何获得403，但尝试添加＆＃34; Content-Type＆＃34;请求您的连接标头，看看它是否有任何区别。直到我在代码中添加了标题，我才从Spring Security模块中获得了404。