无法处理CakePHP和android

时间:2015-12-31 09:38:26

标签: android cakephp cookies csrf httpurlconnection

我已经阅读过有关此主题的十几篇帖子,其中大多数都依赖于已弃用的Android API,我最终尝试使用this,但没有成功:

所以我得到了那样的csrftoken:

URL url = new URL(urlString);

HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection();
urlConnection.setUseCaches(false);
urlConnection.setRequestMethod("GET");

if (urlConnection.getResponseCode() == HttpURLConnection.HTTP_OK) {
    String COOKIES_HEADER = "Set-Cookie";
    site.setCookieManager(new java.net.CookieManager());

    Map<String, List<String>> headerFields = urlConnection.getHeaderFields();
    List<String> cookiesHeader = headerFields.get(COOKIES_HEADER);

    if(cookiesHeader != null)
    {
        for (String cookie : cookiesHeader)
        {
            if (cookie.startsWith("csrfToken")) {
                site.getCookieManager().getCookieStore().add(null, HttpCookie.parse(cookie).get(0));
            }
        }
    }

    urlConnection.disconnect();
} else {
    urlConnection.disconnect();
    return null;
}

我也尝试从标题中获取所有信息,但它不会改变事情。

然后,在帖子请求期间,我插入了这样的标记:

urlConnection = (HttpURLConnection) url.openConnection();

if(site.getCookieManager().getCookieStore().getCookies().size() > 0)
{
    urlConnection.setRequestProperty("Cookie",
            TextUtils.join(";", site.getCookieManager().getCookieStore().getCookies()));
}

if ((params != null) && !params.isEmpty()) {
    urlConnection.setDoOutput(true);
    urlConnection.setChunkedStreamingMode(0);
    urlConnection.setRequestProperty("Accept-Charset", "UTF-8");
    urlConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded;charset=" + "UTF-8");

    OutputStream output = urlConnection.getOutputStream();
    output.write(params.getBytes("UTF-8"));
    output.close();
}

is = urlConnection.getInputStream();

因此,如果我查看urlconnection数据,我可以看到:

requestHeaders
    nameAndValues
        0 = "Cookie"
        1 = "csrkToken=5f62......973"
        2 = "Accept-Charset"
        3 = "UTF-8"
        4 = "Content-Type"
        5 = "application/x-www-form-urlencoded;charset=UTF-8"

但是当我执行urlConnection.getInputStream()时,我得到以下异常:

java.io.FileNotFoundException: http://my.example.com/mywebservice
    at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:238)
    at com.ndguide.ndguide.JSONParser.getJSONFromUrl(JSONParser.java:93)
    at com.ndguide.ndguide.MainActivity.sendRegistrationIdToBackend(MainActivity.java:1562)
    at com.ndguide.ndguide.MainActivity.access$600(MainActivity.java:82)
    at com.ndguide.ndguide.MainActivity$2.doInBackground(MainActivity.java:1160)
    at com.ndguide.ndguide.MainActivity$2.doInBackground(MainActivity.java:1122)
    at android.os.AsyncTask$2.call(AsyncTask.java:295)
    at java.util.concurrent.FutureTask.run(FutureTask.java:237)
    at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:234)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588)
    at java.lang.Thread.run(Thread.java:818)

我可以确切地说,如果我不在服务器端加载Csrf组件,一切都会顺利。

我也尝试在我的应用程序开头添加以下行,如此处所示,但它会导致相同的异常:

CookieManager cookieManager = new CookieManager();
CookieHandler.setDefault(cookieManager);

那我的标题出了什么问题?

1 个答案:

答案 0 :(得分:2)

所以,感谢ndm的建议,我探讨了Csrf Component所期望的内容,在这里我解释了应该做些什么来完全满足它,因为到目前为止我只发现了部分解释,至少对于像我这样的菜鸟。

首先,我们必须执行GET请求以使用csrf令牌:

URL url = new URL(urlString);

HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection();
urlConnection.setUseCaches(false); // Don't use a Cached Copy
urlConnection.setRequestMethod("GET");

if (urlConnection.getResponseCode() == HttpURLConnection.HTTP_OK) {
    String COOKIES_HEADER = "Set-Cookie";
    site.setCookieManager(new java.net.CookieManager());

    Map<String, List<String>> headerFields = urlConnection.getHeaderFields();
    List<String> cookiesHeader = headerFields.get(COOKIES_HEADER);

    if(cookiesHeader != null)
    {
        for (String cookie : cookiesHeader)
        {
            if (cookie.startsWith("csrfToken")) {
                site.getCookieManager().getCookieStore().add(null, HttpCookie.parse(cookie).get(0));
            }
        }
    }
}
urlConnection.disconnect();

然后在您的帖子请求中,您必须以多种方式复制您的csrf令牌。这是我错过的:

try {

    HttpURLConnection urlConnection = null;
    InputStream is = null;
    JSONObject jObj = null;

    URL url = new URL(urlString);

    urlConnection = (HttpURLConnection) url.openConnection();

    String csrfToken = null;

    if(site.getCookieManager().getCookieStore().getCookies().size() > 0)
    {
        //While joining the Cookies, use ',' or ';' as needed. Most of the server are using ';'
        urlConnection.setRequestProperty("Cookie",
                TextUtils.join(";", site.getCookieManager().getCookieStore().getCookies()));

        for (HttpCookie cookie : site.getCookieManager().getCookieStore().getCookies()) {
            if (cookie.getName().equals("csrfToken")) {
                csrfToken = cookie.getValue();
                urlConnection.setRequestProperty("X-CSRF-Token", csrfToken);
            }
        }
    }

    if ((params != null) && !params.isEmpty()) { // To put your posts params AND the csrf Cookie
        urlConnection.setDoOutput(true);
        urlConnection.setChunkedStreamingMode(0);
        urlConnection.setRequestProperty("Accept-Charset", "UTF-8");
        urlConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded;charset=" + "UTF-8");

        OutputStream output = urlConnection.getOutputStream();
        output.write(params.getBytes("UTF-8"));

        if (csrfToken != null) {
            String token = "&csrfToken=" + csrfToken;
            output.write(token.getBytes("UTF-8"));
        }

        output.close();
    } else {
        OutputStream output = urlConnection.getOutputStream();
        output.write(params.getBytes("UTF-8"));

        if (csrfToken != null) {
            String token = "csrfToken=" + csrfToken;
            output.write(token.getBytes("UTF-8"));
        }

        output.close();

    }

    is = urlConnection.getInputStream();

    int status = urlConnection.getResponseCode();

    if (status == HttpURLConnection.HTTP_OK) {

        /**
         * Do your job
         */

    }

} catch (IllegalArgumentException | NullPointerException | UnsupportedEncodingException | SocketTimeoutException | IOExceptione) {
    e.printStackTrace();
} finally {
    if(is != null) {
        is.close();
    }
    urlConnection.disconnect();
}

希望这有帮助。