JAVA中的授权头字符长度有限制吗?
[英]Is there a limit on Authorization header character length in JAVA?
问题描述
I am sending a GET request from an android app, AUTHORIZATION header included.
我正在从 Android 应用程序发送 GET 请求,其中包括 AUTHORIZATION 标头。 When i check auth.password on the server it is being truncated.当我在服务器上检查 auth.password 时,它被截断了。 Original string 60 characters and the server is receiving 48 characters only.原始字符串 60 个字符,服务器仅接收 48 个字符。 Password is a hashed String密码是散列字符串
Below is the code for the function generating the request.下面是生成请求的函数的代码。
private String getToken(username, password){
InputStream inputStream = null;
String result = "";
try {
// create HttpClient
HttpClient httpclient = new DefaultHttpClient();
HttpGet httpGet= new HttpGet(url);
String credentials= "";
if (username.length != 0 && password.length != 0) ){
credentials= username + ":"+ password
}else {
return "";
}
String encoding= Base64.encodeToString(credentials.getBytes("utf-8"),Base64.DEFAULT);
httpGet.setHeader(HttpHeaders.HOST,SERVER);
httpGet.setHeader(HttpHeaders.AUTHORIZATION, "Basic " + encoding);
// make GET request to the given URL
HttpResponse httpResponse = httpclient.execute(httpGet);
// receive response as inputStream
inputStream = httpResponse.getEntity().getContent();
// convert inputstream to string
if(inputStream != null) {
result = convertInputStreamToString(inputStream);
result = new JSONObject(result).getString("token");
}
} catch (Exception e) {
Log.d("InputStream", e.getLocalizedMessage());
result= "";
}
return result;
}
decoding the variable encoding back to string gives me the original credentials Log.e(TAG, "getToken: DECODED BYTES"+ new String(Base64.decode(encoding,0),"utf-8") );将变量编码解码回字符串给了我原始凭证Log.e(TAG, "getToken: DECODED BYTES"+ new String(Base64.decode(encoding,0),"utf-8") );
sending the same request from Postman does not truncate the password.从邮递员发送相同的请求不会截断密码。
sample password $2b$12$FywsqVzLrCR1iSVDLe7eBeK/.K07JUXX9YEHklyWPz9W7/nj52Xfa示例密码$2b$12$FywsqVzLrCR1iSVDLe7eBeK/.K07JUXX9YEHklyWPz9W7/nj52Xfa
server Application is written in python服务器应用程序是用python编写的
1 个解决方案
解决方案1
0 2020-09-10 21:16:53
So the answer to this is to change this line of code String encoding= Base64.encodeToString(credentials.getBytes("utf-8"),Base64.DEFAULT);所以这个问题的答案是改变这行代码String encoding= Base64.encodeToString(credentials.getBytes("utf-8"),Base64.DEFAULT);
TO到
String encoding= Base64.encodeToString(credentials.getBytes("utf-8"),Base64.URL_SAFE| Base64.NO_WRAP);
This will protect the url against characters like ' .这将保护 url 免受诸如' 之类的字符的影响。 ' (dot), esp for encrypted password. ' (点),尤其是加密密码。 If you check the sample password, the dot character is there.如果您检查示例密码,点字符就在那里。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.