排球:WooCommerce HTTPS REST API HTTPS身份验证返回错误401未经授权

时间:2016-08-17 22:47:19

标签: android wordpress rest authentication android-volley

我正在尝试使用volley来使用Rest API HTTP basic Auth在我的WordPress商店中获取产品列表,但它仍然会在未经授权的情况下返回错误401.

这是我的代码:

private void getProducts() {
        Log.d(TAG, "getProducts called");
        String url = "https://www.mystoreurl.com/wp-json/wc/v1/products";
        mJsonArrayRequest = new JsonArrayRequest(url, new Response.Listener<JSONArray>() {
            @Override
            public void onResponse(JSONArray response) {
                Log.d(TAG, "onResponse called with " + response);
            }
        }, new Response.ErrorListener() {
            @Override
            public void onErrorResponse(VolleyError error) {
                Log.d(TAG, "onErrorResponse called for getProducts");
                NetworkResponse errorResponse = error.networkResponse;
                if (errorResponse != null && errorResponse.data != null) {
                    String statusCode = String.valueOf(errorResponse.statusCode);
                    Log.d(TAG, "Status code is " + statusCode);
                    String fullMessage = new String(errorResponse.data);
                    Log.w(TAG, "Error message is " + fullMessage);
                }
            }
        }) {
            @Override
            public Map<String, String> getHeaders() throws AuthFailureError {
                Map<String, String> headers = new HashMap<>();
                String key = getString(R.string.store_consumer_Key);
                String secret = getString(R.string.store_consumer_secret);
                headers.put("consumer_key", key);
                headers.put("consumer_secret", secret);
                return headers;
            }
        };

        RequestQueue requestQueue = Volley.newRequestQueue(getActivity());
        requestQueue.add(mJsonArrayRequest);
    }

但是,如果我将消费者密钥和密钥作为参数放在网址中,如下所示:

private void getProducts() {
        Log.d(TAG, "getProducts called");
        String key = getString(R.string.store_consumer_Key);
        String secret = getString(R.string.store_consumer_secret);

        String url = "https://www.mystoreurl.com/wp-json/wc/v1/products?consumer_key=" + key + "&consumer_secret=" + secret;
        mJsonArrayRequest = new JsonArrayRequest(url, new Response.Listener<JSONArray>() {
            @Override
            public void onResponse(JSONArray response) {
                Log.d(TAG, "onResponse called with " + response);
            }
        }, new Response.ErrorListener() {
            @Override
            public void onErrorResponse(VolleyError error) {
                Log.d(TAG, "onErrorResponse called for getProducts");
                NetworkResponse errorResponse = error.networkResponse;
                if (errorResponse != null && errorResponse.data != null) {
                    String statusCode = String.valueOf(errorResponse.statusCode);
                    Log.d(TAG, "Status code is " + statusCode);
                    String fullMessage = new String(errorResponse.data);
                    Log.w(TAG, "Error message is " + fullMessage);
                }
            }
        });

        RequestQueue requestQueue = Volley.newRequestQueue(getActivity());
        requestQueue.add(mJsonArrayRequest);
    }

它有效,但我担心安全问题。请问这个安全吗?如果没有,那么我如何通过标题进行身份验证呢?

0 个答案:

没有答案
相关问题
最新问题