使用CURL模拟Java setRequestProperty以进行RESTful身份验证

时间:2014-09-15 02:59:10

标签: java rest authentication curl restful-authentication

我不知道Java,我没有成功使用Google或试错法测试......

如何在命令行上使用CURL进行RESTful API身份验证,我该如何编写? (php或perl解决方案也可以)

此代码来自文档,但我不打算使用Java并需要翻译它。

URL url = new URL("http://www.thingsandstuff.com/resfulness/post");

HttpURLConnection conn = (HttpURLConnection) url.openConnection();

// i don't know if this is relevant to my question or not... 
conn.setRequestMethod("POST");
conn.setDoInput(true);
conn.setDoOutput(true);

conn.setRequestProperty("Content-Type","application/x-www-form-urlencoded");

// this is what i think might be the problem... 
String userNamePassword = "myusername:mypassword";
userNamePassword =
      new String(org.apache.commons.codec.binary.Base64.encodeBase64(userNamePassword
      .getBytes()));

conn.setRequestProperty("Authorization", userNamePassword);

我总是得到401未经授权的错误。

我一直在玩标题参数-H。我不知道我在做什么不起作用,因为我真的没有做正确的身份验证或者是否是其他事情。数据是xml,我正在测试一些非常简单/直接的东西。我假设即使我的data / xml / post不正确,也会返回错误而不是未经授权。 

# bXl1c2VybmFtZTpteXBhc3N3b3Jk == myusername:mypassword base64 encoded.... 

curl -H "bXl1c2VybmFtZTpteXBhc3N3b3Jk" -d "<datums>" -X POST http://www.thingsandstuff/restfulness/post 
curl -H "bXl1c2VybmFtZTpteXBhc3N3b3Jk" -d "<datums>" -X POST  http://www.thingsandstuff/restfulness/post 

# and like this... with encoded things and not encoded things... 

curl -d "<datums>" -X POST  http://user:password@www.thingsandstuff.com/restfulness/post 
curl -u user:password -d "<datums>" -X POST  http://www.thingsandstuff.com/restfulness/post

对于所有三个,我已经尝试将密码编码在一起,两者都是单独的,都不是......而且我确信我的用户名确实有\并且密码确实以!结尾但我认为,当我没有对它们进行编码时,我正在逃避。

curl man page表示-d will cause curl to pass the data to the server using the content-type application/x-www-form-urlencoded,这意味着我不需要传递额外的标题来说明内容类型,对吧?基本上......我只是部分地知道我在做什么而且它不起作用而且有太多我不知道的东西足以隔离我的问题或甚至可能纠正它(是的,只是足够危险) 。

2 个答案:

答案 0 :(得分:0)

获得401的原因是Authorization标头需要一个方案前缀,在您的情况下Basic

所以目前你正在发送

Authorization: <base64(username:password)>

但Web服务器需要

Authorization: Basic <base64(username:password)>

here

所述

这种改变应该有效:

conn.setRequestProperty("Authorization", "Basic " + userNamePassword);

答案 1 :(得分:0)

好的,这就是我最终的结果...... 

curl -H "Authorization:dXNlclxuYW1lOnBhc3N3b3JkIQ==" -X POST -d 'data=%3C%3Fxml+version....' http://www.stuffandthings.com:8080/restfulness/post

所以...... username:password是64位编码在一起的。数据由ISO / IEC 8859-1编码,前缀为“data =”这一特定的设置休息服务。

我最终把它放在PHP中只是因为它更容易连续测试。这就是为此而努力的结果...... 

$user     = 'user\\name';
$pass     = 'password!';  
$userpass =  base64_encode($user.':'.$pass);
$url      = 'http://www.thingsandstuff.com:8080/restfulness/post';  

if (($handle = fopen("foo.csv", "r")) !== FALSE) 
{
    while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) 
    { 
        list($thing1,$thing2) = $data;

        $xml = "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>
        <entry xmlns=\"http://purl.org/atom/ns#\"> 
            <xml data goes here>
                <ns:thing1>$param1</ns:thing1>
                <ns:thing2>$param2</ns:thing2>
            </xml data goes here>
        </entry>";

        $datums = 'data='.utf8_decode($xml);
        $result = do_curl($url,$datums); 

        // not actually using the response at this
        // point... just running through everything 
        var_dump($result); 
    }
    fclose($handle);
} 

function do_curl($url, $data) {  
    global $userpass, $user, $pass; 

    $ch = curl_init(); 

    $header = array('Authorization:'.$userpass,
                    'Content-Type:application/x-www-form-urlencoded',
                    'Content-Length:'.strlen($data)); 

    // this line was the last thing to be added before it worked
    // i didn't try it again, removing the authentication in $header
    // to see if this was the only thing actually needed...  
    curl_setopt($ch, CURLOPT_USERPWD, $user.':'.$pass); 

    curl_setopt($ch, CURLOPT_URL, $url);  
    curl_setopt($ch, CURLOPT_HEADER, $header); 
    curl_setopt($ch, CURLINFO_HEADER_OUT, true); 
    curl_setopt($ch, CURLOPT_NOBODY, true); 
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data);

    $result = curl_exec($ch); 

    $status = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    $hout   = curl_getinfo($ch, CURLINFO_HEADER_OUT);

    //echo "\n"; var_dump($hout); echo "\n"; 

    curl_close($ch); 

    return array('status'=>$status, 'result'=>$result);  
}

如果我var_dump($hout)函数do_curl ...实际发送的标题是:

POST /resfulness/post HTTP/1.1
Authorization: Basic dXNlclxuYW1lOnBhc3N3b3JkIQ==
Host: www.thingsandstuff.com:8080
Accept: */*
Content-Length: 409
Content-Type: application/x-www-form-urlencoded

<?xml version="1.0" encoding="UTF-8" ?>
        <entry xmlns="http://purl.org/atom/ns#"> 
            <xml data goes here>
                <ns:thing1>value1</ns:thing1>
                <ns:thing2>value2</ns:thing2>
            </xml data goes here>
        </entry>
相关问题
最新问题