生成Oauth2 SAML授权代码的问题使用HTTPClient java

时间:2018-02-19 08:50:32

标签: java oauth-2.0 httpclient saml-2.0 authorize

我正在尝试自动化令牌生成(授权代码,然后是Access / JWT令牌)进程,然后将用于命中APIc / API。

  

注意:出于安全原因,我在下面使用了dumy domains / scope / redirect URI / parameters。

如何手动生成代币 : 我获得了以下URL以生成授权代码

代码生成网址https://sample.domain.com/affwebservices/public/saml2sso?SPID=testqaapi2p3&RelayState=response_type%3Dcode%26client_id%3DClient_ID_Value%26redirect_uri%3Dhttps://testqa3members.domain.com/ApiHandler/home%26scope%3DScope%20Value%26path%3Dtestqainternalpath3

当我在浏览器中手动点击此按钮时,会出现弹出窗口,我提供了UserID(Ldap)和密码。 之后,它被重定向到不同的URL,最后获得了具有授权代码的以下URL。

https://testqa3members.domain.com/ApiHandler/home?的代码= AAIUVJbr29CUjCcWDvKWKBZDDcCtx5CQZsq9XpCpSd0FvAzLeLBJlAtG5C9ff6fr3m11Fp1Kez8E4dalL10GVg_kyjnsxYzRKEWQiraSIGo6bwVTd4zffqkLjXLsF5CRXqI

我尝试使用'Apache httpclient'生成令牌的步骤

  • 步骤1:通过设置提交“代码生成URL”作为GET请求 “setCredentials”
  • 步骤2:检索重定向网址列表
  • 步骤3:检索上次重定向URL
  • 步骤4:提交带有上次重定向URL的发布请求以获取授权码

获取代码

DefaultHttpClient httpclient = new DefaultHttpClient();

System.out.println("Adding Paramters to a Array List as NameValuePair");
List<NameValuePair> params = new ArrayList<NameValuePair>();
params.add(new BasicNameValuePair("SPID", "testqaapi2p3"));
//params.add(new BasicNameValuePair("RelayState", "response_type=code"));
params.add(new BasicNameValuePair("RelayState", "response_type=code&client_id=" + clientId + "&redirect_uri=" + redirectUrl + "&scope=" + scope + "&path=testqainternalpath3"));

System.out.println("Parameters List:" + params);

System.out.println("Building the URI with Authorization Endpoint by adding the Parameters create in Array List");
URI uri = new URIBuilder(authUrl)
        .addParameters(params)
        .build();
System.out.println("Built URI:" + uri);

httpclient.getCredentialsProvider().setCredentials(new AuthScope(null, AuthScope.ANY_PORT), new UsernamePasswordCredentials(userName, password));

System.out.println("Creating HTTPGET with the Created URI");
HttpGet get = new HttpGet(uri);
System.out.println("HttpGet:" + get);

System.out.println("Creating Client Context");
HttpClientContext context = HttpClientContext.create();
System.out.println("Created Client Context:" + context);

System.out.println("Executing the GET Method with the created Client Context");
HttpResponse response = httpclient.execute(get, context);
System.out.println("HttpResponse:" + response);

System.out.println("Getting the Final URI from the Submitted Get Method");
URI finalUrl = get.getURI();
System.out.println("Final URL:" + finalUrl);

System.out.println("Creating a List of URI from the Redirection Locations using Client Context");
List<URI> locations = context.getRedirectLocations();
System.out.println("List of URI:" + locations);

if (locations != null) {
    finalUrl = locations.get(locations.size() - 1);
}
System.out.println("Taking the last URL as Final:" + finalUrl);

这是我从get requestReferer 中获取的最后一个网址 上次重定向网址https://sample.domain.com/affwebservices/public/saml2sso?SMASSERTIONREF=QUERY&SPID=testqaapi2p3&RelayState=response_type%3Dcode%26client_id%3DClient_ID_Value%26redirect_uri%3Dhttps://testqa3members.domain.com/ApiHandler/home%26scope%3DScope%20Value%26path%3Dtestqainternalpath3&SAMLTRANSACTIONID=863d56e5-e9bd9485-85561bb7-a209c491-476bc279-298

POST代码

HttpPost postReq = new HttpPost(finalUrl);

        postReq.addHeader("Content-Type", "text/html"); 
        postReq.addHeader("Content-Type", "application/x-www-form-urlencoded"); 
        postReq.addHeader("User-Agent", "Mozilla/5.0 (Windows NT 6.1; rv:57.0)");

        HttpResponse responsePost = httpclient.execute(postReq,context);
        System.out.println("Post Response:" + responsePost);

OutPut:但我收到了一个500 - 发布请求的内部服务器错误 HTTP / 1.1 500内部服务器错误[日期:星期一,2018年2月19日08:05:12 GMT,服务器:Apache / 2.4.23(Win32)OpenSSL / 1.0.2h-fips mod_jk / 1.2.41,内容 - 语言:zh ,Content-Length:1259,Connection:close,Content-Type:text / html; charset = utf-8] org.apache.http.conn.BasicManagedEntity@1147d0

我的分析到目前为止: 我尝试使用“Firefox”浏览器和开发人员工具中的网络选项查看提交的请求。 我看到的是一个Post Request正在通过“Last Redirection URL”提交给具有以下参数的授权端点。 并且使用标头X-Backside-Transport:FAIL FAIL失败失败的位置标头(https://testqa3members.domain.com/ApiHandler/home?code=AAIUVJbr29CUjCcWDvKWKBZDDcCtx5CQZsq9XpCpSd0FvAzLeLBJlAtG5C9ff6fr3m11Fp1Kez8E4dalL10GVg_kyjnsxYzRKEWQiraSIGo6bwVTd4zffqkLjXLsF5CRXqI)中可用的代码检索302状态代码

授权端点网址https://testqaapi2.domain.com/testcare/testqainternalpath3/v3/auth/oauth2/samlauthorize

接头: 引用站点: https://sample.domain.com/affwebservices/public/saml2sso?SMASSERTIONREF=QUERY&SPID=testqaapi2p3&RelayState=response_type%3Dcode%26client_id%3DClient_ID_Value%26redirect_uri%3Dhttps://testqa3members.domain.com/ApiHandler/home%26scope%3DScope%20Value%26path%3Dtestqainternalpath3&SAMLTRANSACTIONID=863d56e5-e9bd9485-85561bb7-a209c491-476bc279-298

参数: 的RelayState:RESPONSE_TYPE =代码&安培; CLIENT_ID = Client_ID_Value&安培; REDIRECT_URI = https://testqa3members.domain.com/ApiHandler/home&scope=Scope+Value&path=testqainternalpath3

SAMLResponse:PFJlc3BvbnNlIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIERl c3RpbmF0aW9uPSJodHRwczovL3FhYXBpMi5hZXRuYS5jb20vaGVhbHRoY2FyZS9xYWludHBhdGgz L3YzL2F1dGgvb2F1dGgyL3NhbWxhdXRob3JpemUiIElEPSJfODQ1NzEzYjc1MDQ1N2YzN2YyZjAw ZmFkZWRmMDk2NTQ3ZGMzIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDItMTlUMDg6MDQ6NTdaIiBWZXJz aW9uPSIyLjAiPg0KICAgIDxuczE6SXNzdWVyIHhtbG5zOm5zMT0idXJuOm9hc2lzOm5hbWVzOnRj OlNBTUw6Mi4wOmFzc2VydGlvbiIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6 bmFtZWlkLWZvcm1hdDplbnRpdHkiPkFldEhlYWx0aENh ... zdGFudD0iMjAxOC0wMi0xOVQwODowNDo1N1oi IFNlc3Npb25JbmRleD0iWkVNcERvYndNK3M0OVU5S1lIdnY1ZGJNc0JBPXByRXo5dz09IiBTZXNz aW9uTm90T25PckFmdGVyPSIyMDE4LTAyLTE5VDA4OjA2OjI3WiI + DQogICAgICAgICAgICA8bnMy OkF1dGhuQ29udGV4dD4NCiAgICAgICAgICAgICAgICA8bnMyOkF1dGhuQ29udGV4dENsYXNzUmVm PnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9uczI6QXV0 aG5Db250ZXh0Q2xhc3NSZWY + DQogICAgICAgICAgICA8L25zMjpBdXRobkNvbnRleHQ + DQogICAg ICAgIDwvbnMyOkF1dGhuU3RhdGVtZW50Pg0KICAgIDwvbnMyOkFz c2VydGlvbj4NCjwvUmVzcG9u c2U +

我的复制以上的增强功能

List<NameValuePair> postParams = new ArrayList<NameValuePair>();
    postParams.add(new BasicNameValuePair("RelayState", "response_type=code&client_id=" + clientId + "&redirect_uri=" + redirectUrl + "&scope=" + scope + "&path=qaintpath3"));

    URI postURL = new URIBuilder("https://testqaapi2.domain.com/testcare/testqainternalpath3/v3/auth/oauth2/samlauthorize")
            .addParameters(postParams)
            .build();

    HttpPost postReq = new HttpPost(postURL);
    postReq.addHeader("Content-Type", "text/html"); 
    //postReq.addHeader("Connection", "close"); 
    postReq.addHeader("Referer", finalUrl.toString());
    postReq.addHeader("Content-Type", "application/x-www-form-urlencoded"); 
    postReq.addHeader("Connection", "keep-alive");
    postReq.addHeader("User-Agent", "Mozilla/5.0 (Windows NT 6.1; rv:57.0)");

    HttpResponse responsePost = httpclient.execute(postReq,context);
    System.out.println("Post Response:" + responsePost);

OutPut:但是,我获得了200状态代码Insead的302状态。 HTTP / 1.1 200 OK [X-Backside-Transport:OK OK,...]

  

问题:   1.作为上述参数传递的SAMResponse是什么?   2.为什么我使用X-Backside-Transport获得200状态:OK,而不是使用X-Backside-Transport的300状态代码:FAIL FAIL   我错过了什么吗?

有人可以帮我解决这个问题吗?

  

注意:一旦我获得授权码,我将使用解决方案   此链接(Issues with Generating Authorization code and User Token using Apache OAuth client 2.0 library in Java)生成用于命中的Access / JWT令牌   APIC的/ API的

0 个答案:

没有答案