我正在尝试使用volley来使用Rest API HTTP basic Auth在我的WordPress商店中获取产品列表,但它仍然会在未经授权的情况下返回错误401.
这是我的代码:
private void getProducts() {
Log.d(TAG, "getProducts called");
String url = "https://www.mystoreurl.com/wp-json/wc/v1/products";
mJsonArrayRequest = new JsonArrayRequest(url, new Response.Listener<JSONArray>() {
@Override
public void onResponse(JSONArray response) {
Log.d(TAG, "onResponse called with " + response);
}
}, new Response.ErrorListener() {
@Override
public void onErrorResponse(VolleyError error) {
Log.d(TAG, "onErrorResponse called for getProducts");
NetworkResponse errorResponse = error.networkResponse;
if (errorResponse != null && errorResponse.data != null) {
String statusCode = String.valueOf(errorResponse.statusCode);
Log.d(TAG, "Status code is " + statusCode);
String fullMessage = new String(errorResponse.data);
Log.w(TAG, "Error message is " + fullMessage);
}
}
}) {
@Override
public Map<String, String> getHeaders() throws AuthFailureError {
Map<String, String> headers = new HashMap<>();
String key = getString(R.string.store_consumer_Key);
String secret = getString(R.string.store_consumer_secret);
headers.put("consumer_key", key);
headers.put("consumer_secret", secret);
return headers;
}
};
RequestQueue requestQueue = Volley.newRequestQueue(getActivity());
requestQueue.add(mJsonArrayRequest);
}
但是,如果我将消费者密钥和密钥作为参数放在网址中,如下所示:
private void getProducts() {
Log.d(TAG, "getProducts called");
String key = getString(R.string.store_consumer_Key);
String secret = getString(R.string.store_consumer_secret);
String url = "https://www.mystoreurl.com/wp-json/wc/v1/products?consumer_key=" + key + "&consumer_secret=" + secret;
mJsonArrayRequest = new JsonArrayRequest(url, new Response.Listener<JSONArray>() {
@Override
public void onResponse(JSONArray response) {
Log.d(TAG, "onResponse called with " + response);
}
}, new Response.ErrorListener() {
@Override
public void onErrorResponse(VolleyError error) {
Log.d(TAG, "onErrorResponse called for getProducts");
NetworkResponse errorResponse = error.networkResponse;
if (errorResponse != null && errorResponse.data != null) {
String statusCode = String.valueOf(errorResponse.statusCode);
Log.d(TAG, "Status code is " + statusCode);
String fullMessage = new String(errorResponse.data);
Log.w(TAG, "Error message is " + fullMessage);
}
}
});
RequestQueue requestQueue = Volley.newRequestQueue(getActivity());
requestQueue.add(mJsonArrayRequest);
}
它有效,但我担心安全问题。请问这个安全吗?如果没有,那么我如何通过标题进行身份验证呢?