[英]Is there a limit on Authorization header character length in JAVA?
I am sending a GET request from an android app, AUTHORIZATION header included.我正在从 Android 应用程序发送 GET 请求,其中包括 AUTHORIZATION 标头。 When i check auth.password on the server it is being truncated.
当我在服务器上检查 auth.password 时,它被截断了。 Original string 60 characters and the server is receiving 48 characters only.
原始字符串 60 个字符,服务器仅接收 48 个字符。 Password is a hashed String
密码是散列字符串
Below is the code for the function generating the request.下面是生成请求的函数的代码。
private String getToken(username, password){
InputStream inputStream = null;
String result = "";
try {
// create HttpClient
HttpClient httpclient = new DefaultHttpClient();
HttpGet httpGet= new HttpGet(url);
String credentials= "";
if (username.length != 0 && password.length != 0) ){
credentials= username + ":"+ password
}else {
return "";
}
String encoding= Base64.encodeToString(credentials.getBytes("utf-8"),Base64.DEFAULT);
httpGet.setHeader(HttpHeaders.HOST,SERVER);
httpGet.setHeader(HttpHeaders.AUTHORIZATION, "Basic " + encoding);
// make GET request to the given URL
HttpResponse httpResponse = httpclient.execute(httpGet);
// receive response as inputStream
inputStream = httpResponse.getEntity().getContent();
// convert inputstream to string
if(inputStream != null) {
result = convertInputStreamToString(inputStream);
result = new JSONObject(result).getString("token");
}
} catch (Exception e) {
Log.d("InputStream", e.getLocalizedMessage());
result= "";
}
return result;
}
decoding the variable encoding back to string gives me the original credentials Log.e(TAG, "getToken: DECODED BYTES"+ new String(Base64.decode(encoding,0),"utf-8") );
将变量编码解码回字符串给了我原始凭证
Log.e(TAG, "getToken: DECODED BYTES"+ new String(Base64.decode(encoding,0),"utf-8") );
sending the same request from Postman does not truncate the password.从邮递员发送相同的请求不会截断密码。
sample password $2b$12$FywsqVzLrCR1iSVDLe7eBeK/.K07JUXX9YEHklyWPz9W7/nj52Xfa
示例密码
$2b$12$FywsqVzLrCR1iSVDLe7eBeK/.K07JUXX9YEHklyWPz9W7/nj52Xfa
server Application is written in python服务器应用程序是用python编写的
So the answer to this is to change this line of code String encoding= Base64.encodeToString(credentials.getBytes("utf-8"),Base64.DEFAULT);
所以这个问题的答案是改变这行代码
String encoding= Base64.encodeToString(credentials.getBytes("utf-8"),Base64.DEFAULT);
TO到
String encoding= Base64.encodeToString(credentials.getBytes("utf-8"),Base64.URL_SAFE| Base64.NO_WRAP);
This will protect the url against characters like ' .这将保护 url 免受诸如' 之类的字符的影响。 ' (dot), esp for encrypted password.
' (点),尤其是加密密码。 If you check the sample password, the dot character is there.
如果您检查示例密码,点字符就在那里。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.