我已经阅读过有关此主题的十几篇帖子,其中大多数都依赖于已弃用的Android API,我最终尝试使用this,但没有成功:
所以我得到了那样的csrftoken:
URL url = new URL(urlString);
HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection();
urlConnection.setUseCaches(false);
urlConnection.setRequestMethod("GET");
if (urlConnection.getResponseCode() == HttpURLConnection.HTTP_OK) {
String COOKIES_HEADER = "Set-Cookie";
site.setCookieManager(new java.net.CookieManager());
Map<String, List<String>> headerFields = urlConnection.getHeaderFields();
List<String> cookiesHeader = headerFields.get(COOKIES_HEADER);
if(cookiesHeader != null)
{
for (String cookie : cookiesHeader)
{
if (cookie.startsWith("csrfToken")) {
site.getCookieManager().getCookieStore().add(null, HttpCookie.parse(cookie).get(0));
}
}
}
urlConnection.disconnect();
} else {
urlConnection.disconnect();
return null;
}
我也尝试从标题中获取所有信息,但它不会改变事情。
然后,在帖子请求期间,我插入了这样的标记:
urlConnection = (HttpURLConnection) url.openConnection();
if(site.getCookieManager().getCookieStore().getCookies().size() > 0)
{
urlConnection.setRequestProperty("Cookie",
TextUtils.join(";", site.getCookieManager().getCookieStore().getCookies()));
}
if ((params != null) && !params.isEmpty()) {
urlConnection.setDoOutput(true);
urlConnection.setChunkedStreamingMode(0);
urlConnection.setRequestProperty("Accept-Charset", "UTF-8");
urlConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded;charset=" + "UTF-8");
OutputStream output = urlConnection.getOutputStream();
output.write(params.getBytes("UTF-8"));
output.close();
}
is = urlConnection.getInputStream();
因此,如果我查看urlconnection数据,我可以看到:
requestHeaders
nameAndValues
0 = "Cookie"
1 = "csrkToken=5f62......973"
2 = "Accept-Charset"
3 = "UTF-8"
4 = "Content-Type"
5 = "application/x-www-form-urlencoded;charset=UTF-8"
但是当我执行urlConnection.getInputStream()时,我得到以下异常:
java.io.FileNotFoundException: http://my.example.com/mywebservice
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:238)
at com.ndguide.ndguide.JSONParser.getJSONFromUrl(JSONParser.java:93)
at com.ndguide.ndguide.MainActivity.sendRegistrationIdToBackend(MainActivity.java:1562)
at com.ndguide.ndguide.MainActivity.access$600(MainActivity.java:82)
at com.ndguide.ndguide.MainActivity$2.doInBackground(MainActivity.java:1160)
at com.ndguide.ndguide.MainActivity$2.doInBackground(MainActivity.java:1122)
at android.os.AsyncTask$2.call(AsyncTask.java:295)
at java.util.concurrent.FutureTask.run(FutureTask.java:237)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:234)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588)
at java.lang.Thread.run(Thread.java:818)
我可以确切地说,如果我不在服务器端加载Csrf组件,一切都会顺利。
我也尝试在我的应用程序开头添加以下行,如此处所示,但它会导致相同的异常:
CookieManager cookieManager = new CookieManager();
CookieHandler.setDefault(cookieManager);
那我的标题出了什么问题?
答案 0 :(得分:2)
所以,感谢ndm的建议,我探讨了Csrf Component所期望的内容,在这里我解释了应该做些什么来完全满足它,因为到目前为止我只发现了部分解释,至少对于像我这样的菜鸟。
首先,我们必须执行GET请求以使用csrf令牌:
URL url = new URL(urlString);
HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection();
urlConnection.setUseCaches(false); // Don't use a Cached Copy
urlConnection.setRequestMethod("GET");
if (urlConnection.getResponseCode() == HttpURLConnection.HTTP_OK) {
String COOKIES_HEADER = "Set-Cookie";
site.setCookieManager(new java.net.CookieManager());
Map<String, List<String>> headerFields = urlConnection.getHeaderFields();
List<String> cookiesHeader = headerFields.get(COOKIES_HEADER);
if(cookiesHeader != null)
{
for (String cookie : cookiesHeader)
{
if (cookie.startsWith("csrfToken")) {
site.getCookieManager().getCookieStore().add(null, HttpCookie.parse(cookie).get(0));
}
}
}
}
urlConnection.disconnect();
然后在您的帖子请求中,您必须以多种方式复制您的csrf令牌。这是我错过的:
try {
HttpURLConnection urlConnection = null;
InputStream is = null;
JSONObject jObj = null;
URL url = new URL(urlString);
urlConnection = (HttpURLConnection) url.openConnection();
String csrfToken = null;
if(site.getCookieManager().getCookieStore().getCookies().size() > 0)
{
//While joining the Cookies, use ',' or ';' as needed. Most of the server are using ';'
urlConnection.setRequestProperty("Cookie",
TextUtils.join(";", site.getCookieManager().getCookieStore().getCookies()));
for (HttpCookie cookie : site.getCookieManager().getCookieStore().getCookies()) {
if (cookie.getName().equals("csrfToken")) {
csrfToken = cookie.getValue();
urlConnection.setRequestProperty("X-CSRF-Token", csrfToken);
}
}
}
if ((params != null) && !params.isEmpty()) { // To put your posts params AND the csrf Cookie
urlConnection.setDoOutput(true);
urlConnection.setChunkedStreamingMode(0);
urlConnection.setRequestProperty("Accept-Charset", "UTF-8");
urlConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded;charset=" + "UTF-8");
OutputStream output = urlConnection.getOutputStream();
output.write(params.getBytes("UTF-8"));
if (csrfToken != null) {
String token = "&csrfToken=" + csrfToken;
output.write(token.getBytes("UTF-8"));
}
output.close();
} else {
OutputStream output = urlConnection.getOutputStream();
output.write(params.getBytes("UTF-8"));
if (csrfToken != null) {
String token = "csrfToken=" + csrfToken;
output.write(token.getBytes("UTF-8"));
}
output.close();
}
is = urlConnection.getInputStream();
int status = urlConnection.getResponseCode();
if (status == HttpURLConnection.HTTP_OK) {
/**
* Do your job
*/
}
} catch (IllegalArgumentException | NullPointerException | UnsupportedEncodingException | SocketTimeoutException | IOExceptione) {
e.printStackTrace();
} finally {
if(is != null) {
is.close();
}
urlConnection.disconnect();
}
希望这有帮助。