正确使用HttpRequestInterceptor和CredentialsProvider进行HttpClient的抢占式身份验证
[英]Proper use of HttpRequestInterceptor and CredentialsProvider in doing preemptive authentication with HttpClient
问题描述
I'm writing an application in Android that consumes some REST services I've created. 
我正在Android中编写一个应用程序,它消耗了我创建的一些REST服务。 These web services aren't issuing a standard Apache Basic challenge / response. 这些Web服务未发布标准的Apache Basic质询/响应。 Instead in the server-side code I'm wanting to interrogate the username and password from the HTTP(S) request and compare it against a database user to make sure they can run that service. 而是在服务器端代码中,我想要从HTTP(S)请求中查询用户名和密码,并将其与数据库用户进行比较,以确保它们可以运行该服务。
I'm using HttpClient to do this and I have the credentials stored on the client after the initial login (at least that's how I see this working). 我正在使用HttpClient来执行此操作,并且在初始登录后我将凭据存储在客户端上(至少我看到这是如何工作的)。 So here is where I'm stuck. 所以这就是我被困住的地方。 Preemptive authenticate under HttpClient requires you to setup an interceptor as a static member. HttpClient下的抢占式身份验证要求您将拦截器设置为静态成员。 This is the example Apache Components uses. 这是Apache Components使用的示例。
HttpRequestInterceptor preemptiveAuth = new HttpRequestInterceptor() {
@Override
public void process( final HttpRequest request, final HttpContext context) throws HttpException, IOException {
AuthState authState = (AuthState) context.getAttribute(ClientContext.TARGET_AUTH_STATE);
CredentialsProvider credsProvider = (CredentialsProvider) context.getAttribute(
ClientContext.CREDS_PROVIDER);
HttpHost targetHost = (HttpHost) context.getAttribute(ExecutionContext.HTTP_TARGET_HOST);
if (authState.getAuthScheme() == null) {
AuthScope authScope = new AuthScope(targetHost.getHostName(), targetHost.getPort());
Credentials creds = credsProvider.getCredentials(authScope);
if (creds != null) {
authState.setAuthScheme(new BasicScheme());
authState.setCredentials(creds);
}
}
}
};
So the question would be this. 所以问题就是这个。 What would the proper use of this be? 适当使用它会是什么? Would I spin this up as part of the application when the application starts? 当应用程序启动时,我会将其作为应用程序的一部分进行旋转吗? Pulling the username and password out of memory and then using them to create this CredentialsProvider which is then utilized by the HttpRequestInterceptor? 将用户名和密码从内存中拉出来,然后使用它们创建这个CredentialsProvider然后由HttpRequestInterceptor使用? Or is there a way to do this more dynamically? 或者有没有办法更动态地做到这一点?
2 个解决方案
解决方案1
1 已采纳 2010-05-07 11:50:18
HttpClient does not like pre-emptive authentication very much. HttpClient非常不喜欢先发制人认证。
If your REST API supports BASIC authentication, then it is probably simpler to just put in the proper header yourself. 如果您的REST API支持BASIC身份验证,那么自己输入正确的标头可能更简单。 Here is a sample Twitter client , using the Twitter API, that uses this technique. 这是一个使用Twitter API的Twitter客户端示例 ,它使用了这种技术。
解决方案2
0 2010-05-07 12:11:22
Nevermind, I found out what was wrong. 没关系,我发现了什么是错的。 I took another look at the Apache examples and realized that I wasn't passing along the "http" when creating the HttpHost object I was using. 我再看一下Apache的例子,并意识到我在创建我正在使用的HttpHost对象时没有传递“http”。 It was completely unrelated. 这完全不相关。 Ugh. 啊。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.