具有基本身份验证长密码的httpurlconnection
[英]httpurlconnection with basic authentication long passwords
问题描述
We are having issue with HttpURLConnection + Basic authentication when we have lengthy passwords. 
如果密码太长,我们就会遇到HttpURLConnection +基本身份验证的问题。
Here is the sampple code: 这是示例代码:
URL url = new URL("http://localhost/data.json");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod(method);
String authString = clientId + ":" + clientSecret;
BASE64Encoder encoder = new BASE64Encoder();
String authHeader = encoder.encode(authString.getBytes());
conn.setRequestProperty("Authorization", authHeader);
conn.setRequestProperty("Accept", "application/json"); We tried to use 我们尝试使用
String authString = clientId + ":" + clientSecret;
authString = "" + javax.xml.bind.DatatypeConverter.printBase64Binary(authString.getBytes()); But no luck with this. 但是,这没有运气。
HttpURLConnection with Basic Auth with passswords of certain length working fine but with lengthy passwords we have issue. 带有基本身份验证的HttpURLConnection,具有一定长度的密码可以正常工作,但密码较长,我们会遇到问题。 And the error code returned is 400 并且返回的错误代码是400
Note: This is related to Login with Paypal integration https://developer.paypal.com/webapps/developer/docs/integration/direct/log-in-with-paypal/detailed/#making-first-call 注意:这与使用Paypal集成登录https://developer.paypal.com/webapps/developer/docs/integration/direct/log-in-with-paypal/detailed/#making-first-call有关
and the sample code we have (provided by PayPal) also not working. 并且我们提供的示例代码(由PayPal提供)也无法正常工作。
thank you in advance. 先感谢您。
3 个解决方案
解决方案1
1 已采纳 2013-07-22 06:26:14
The issue I faced is due to lengthy username, password. 我遇到的问题是由于用户名和密码过长。
If I use below code, it works fine 如果我使用下面的代码,它可以正常工作
byte[] encodedBytes = org.apache.commons.codec.binary.Base64.encodeBase64(passwordString.getBytes("UTF-8"));
String encodedString = new String(encoded, "UTF-8");
and 和
headers.put("Authorization", "Basic " + encodedString); headers.put(“ Authorization”,“ Basic” + encodeString);
解决方案2
0 2013-07-10 16:06:37
Try a POST. 尝试POST。
If you are testing this with a local server, make sure it doesn't have any restrictions on max URL size, max parameter length, max POST header size, etc. Check server side logs. 如果要在本地服务器上进行测试,请确保它对最大URL大小,最大参数长度,最大POST标头大小等没有任何限制。请检查服务器端日志。
This is likely not the problem, but there is a probable bug in this statement "authString.getBytes()". 这可能不是问题,但是此语句“ authString.getBytes()”中可能存在错误。 You are converting the string to bytes based on the system default encoding, which depends on JVM/OS/Locale-- you should pass an explicit encoding to getBytes(). 您正在根据系统默认编码将字符串转换为字节,该默认编码取决于JVM / OS / Locale-您应将显式编码传递给getBytes()。
解决方案3
0 2013-07-10 16:20:35
You should inspect a succesful authentication, ie. 您应该检查成功的身份验证,即。 with a web browser having request inspector (ie. chrome) or just with wireshark. 使用具有请求检查器(即chrome)的网络浏览器或仅使用Wireshark。
So you can see what kind of request message is sent to the server. 这样您就可以看到发送到服务器的请求消息类型。
Starting from that point you can check if your code provides the same kind of request and, if they're not the same, you can at least find what's wrong. 从这一点开始,您可以检查您的代码是否提供相同类型的请求,并且如果它们不相同,则至少可以找到问题所在。
Although even if there's no spec-enforced limit for basic auth lenght, some platform dependent limits still exist as outlined here: Is there a practical HTTP Header length limit? 尽管即使对于基本身份验证长度没有规范强制执行的限制,但仍存在一些与平台相关的限制,如下所示: 是否有实际的HTTP标头长度限制?
Hope you find it usefull. 希望对您有用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.