HTTP 身份验证 - Java Http 客户端缺少通过 curl 存在的标头
[英]HTTP Authentication - Java Http Client is missing header that is present via curl
问题描述
I'm trying to send a simple GET to an HTTP endpoint with java.net.http.HttpClient.
我正在尝试使用 java.net.http.HttpClient 向 HTTP 端点发送一个简单的 GET。 The endpoint requires basic authentication.端点需要基本身份验证。 Simple enough, I'm doing what everyone's doing:很简单,我正在做每个人都在做的事情:
HttpClient httpClient = HttpClient.newBuilder()
.version(HttpClient.Version.HTTP_1_1)
.authenticator(new Authenticator(){
@Override
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication("guest","guest".toCharArray());
}
})
.build();
HttpRequest request = HttpRequest.newBuilder()
.GET()
.uri(URI.create("localhost:15672/api/overview")
.build();
HttpResponse<Void> httpResponse = httpClient.send(request, HttpResponse.BodyHandlers.discarding());
However, this throws an IOException "WWW-Authenticate header missing for response code 401".但是,这会引发 IOException“响应代码 401 缺少 WWW-Authenticate 标头”。 It is not completely unreasonable to me that the server initially responds with 401 and the client then re-tries the request with the help of the Authenticator.服务器最初以 401 响应,然后客户端在身份验证器的帮助下重新尝试请求,这对我来说并非完全不合理。 The header is mandatory and if it is absent, that warrants an exception.标头是强制性的,如果不存在,则保证例外。
So far, so good.到现在为止还挺好。 However, when I do the same request via curl, the header is present:然而,当我做经由卷曲相同的请求,报头的存在:
> curl -i http://localhost:15672/api/overview
HTTP/1.1 401 Unauthorized
content-length: 0
content-security-policy: script-src 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'self'
date: Thu, 08 Jul 2021 11:06:45 GMT
server: Cowboy
vary: origin
www-authenticate: Basic realm="RabbitMQ Management"
What am I doing wrong here?我在这里做错了什么?
2 个解决方案
解决方案1
0 已采纳 2021-07-09 07:01:52
In the mean time I found out what the problem was: The server I'm contacting is buggy.与此同时,我发现了问题所在:我正在联系的服务器有问题。 The first GET returned exactly what is shown as the curl result.第一个 GET 返回的结果与 curl 结果完全一致。 The Java HttpClient reacted correctly and sent a second GET with credentials. Java HttpClient 正确响应并发送了第二个带有凭据的 GET。 The credentials were wrong (for testing purposes) but the response was not a 403 as one would expect, but another 401 and this second 401 response is the one missing the header.凭据是错误的(出于测试目的),但响应不是人们所期望的 403,而是另一个 401,第二个 401 响应是缺少标头的响应。
解决方案2
-1 2021-07-08 12:25:37
For basic authorization, you can do对于基本授权,您可以执行
String plainCreds = "myuser:mypassword";
byte[] base64Bytes = Base64.encodeBase64(plainCreds.getBytes());
HttpRequest request = HttpRequest.newBuilder()
.get()
.uri(URI.create("localhost:15672/api/overview"))
.header("Authorization", "Basic " + new String(base64Bytes))
.build();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.