我有一个Java服务器(在localhost:8080上运行),该服务器调用Red Hat Single Sign-On(RH-SSO)服务(在localhost:8180上运行)。服务器像这样调用服务:
// HttpRequest, HttpResponse are merely custom data collections.
// They have nothing in common with HttpServletRequest or HttpServletResponse.
private HttpResponse processURLRequest(HttpRequest request) {
HttpResponse response;
if(request.getURL() == null) {
return new HttpResponse(request.getErrorText());
}
try {
HttpURLConnection con = (HttpURLConnection) request.getURL().openConnection();
//con.setInstanceFollowRedirects(true); // jpm
con.setRequestMethod(request.getMethod());
applyHeadersToConnection(con, request.getHeaders());
applyCookiesToConnection(con, request.createMultiValueCookies());
applyDoOutput(con, request.getMethod());
applyBodyLinesToConnection(con, request.getBodyLines());
response = new HttpResponse(con);
} catch(Exception e) {
response = new HttpResponse(e.toString());
}
return response;
}
我记录请求,调用processURLRequest(),然后记录响应。这是请求。
HttpRequest:
url: http://localhost:8180/auth/realms/mycompany/protocol/saml/clients/vanillin/
method: GET
header[0], name: Accept, values: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,
header[1], name: Cache-Control, values: max-age=0,
header[2], name: Upgrade-Insecure-Requests, values: 1,
header[3], name: User-Agent, values: Mozilla/5.0,
header[4], name: Connection, values: keep-alive,
header[5], name: Accept-Language, values: en-US,en;q=0.9,
header[6], name: Accept-Encoding, values: gzip, deflate, br,
以下是回复:
HttpResponse:
url: http://localhost:8180/auth/realms/mycompany/protocol/saml/clients/vanillin/
status: 405
header[0], name: null, values: HTTP/1.1 405 Method Not Allowed,
header[1], name: Connection, values: keep-alive,
header[2], name: Content-Length, values: 1968,
header[3], name: Date, values: Mon, 15 Oct 2018 20:26:51 GMT,
header[4], name: Content-Type, values: text/html;charset=utf-8,
但是,如果我直接从浏览器访问此URL,我会成功。在Chrome网络查看器中:
General:
Request URL: http://localhost:8180/auth/realms/mycompany/protocol/saml/clients/vanillin/
Request Method: GET
Status Code: 200 OK
Remote Address: 127.0.0.1:8180
Referrer Policy: no-referrer-when-downgrade
Response headers:
HTTP/1.1 200 OK
Cache-Control: no-store, must-revalidate, max-age=0
Set-Cookie: AUTH_SESSION_ID=794d5610-013b-443e-9c0e-a5711db0e557.w2119; Version=1; Path=/auth/realms/mycompany; HttpOnly
Set-Cookie: KC_RESTART=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiMGNiNzM1ZTctMzUyZi00ZTExLWE0MmYtODMzYmYxNDczYzJhIn0.eyJjaWQiOiJ2YW5pbGxhIiwicHR5Ijoic2FtbCIsInJ1cmkiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvdmFuaWxsYSIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7InNhbWxfaWRwX2luaXRpYXRlZF9sb2dpbiI6InRydWUiLCJzYW1sX2JpbmRpbmciOiJwb3N0In19.YZXJhzAzYXQ8LhN-glmOCg0haMfKn_aIKHxbwqP88hk; Version=1; Path=/auth/realms/mycompany; HttpOnly
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Date: Mon, 15 Oct 2018 19:41:04 GMT
Connection: keep-alive
X-Robots-Tag: none
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Type: text/html;charset=utf-8
Content-Length: 3802
Content-Language: en
Request headers:
GET /auth/realms/mycompany/protocol/saml/clients/vanillin/ HTTP/1.1
Host: localhost:8180
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: whoson=284-1539632437172
我的请求Java servlet使用Java 1.8在JBoss 7 EAP中运行 环境。
正在接受浏览器请求的主机,但是 拒绝JBoss请求,正在运行Red Hat Single Sign-On (RH-SSO)7.2,使用Java 1.8环境。
已为SAML(不是OIDC)身份验证设置了RH-SSO领域/客户端。
预先感谢, 杰罗姆。
更新
我在其他目的地尝试了服务器问题。
如果Java服务器调用非本地RH-SSO服务器(https://mycompany:8443/auth/realms/mycompany/protocol/saml/clients/protected/),我仍然会收到HTTP 405结果。
如果Java服务器调用https://stackoverflow.com,则它将获得HTTP 200结果以及一个网页正文。
对我来说还是个谜。
Jerome。