堆栈内存溢出
  繁体   English   中英

使用来自Apache的HttpClient的基于表单的JBoss身份验证

[英]Form based JBoss authentication using HttpClient from Apache

 原文  2012-03-12 15:42:41       java/ authentication/ apache-httpclient-4.x

问题描述

我正在尝试使用apache中的示例代码登录到我的JBoss Webapp,但是我不成功。 JBoss AS已配置为用于基于表单的身份验证。 有谁知道为什么它不起作用? 

public class ClientFormLogin {

    public static void main(String[] args) throws Exception {

        System.out.println("started with login...");

        DefaultHttpClient httpclient = new DefaultHttpClient();
        try {
            HttpGet httpget = new HttpGet("url to requested website");


            HttpResponse response = httpclient.execute(httpget);
            HttpEntity entity = response.getEntity();

            System.out.println("Login form get: " + response.getStatusLine());
            EntityUtils.consume(entity);

            System.out.println("Initial set of cookies:");
            List<Cookie> cookies = httpclient.getCookieStore().getCookies();
            if (cookies.isEmpty()) {
                System.out.println("None");
            } else {
                for (int i = 0; i < cookies.size(); i++) {
                    System.out.println("- " + cookies.get(i).toString());
                }
            }

            HttpPost httpost = new HttpPost("url to the j_security_check page");

            List <NameValuePair> nvps = new ArrayList <NameValuePair>();
            nvps.add(new BasicNameValuePair("j_username", "my_username"));
            nvps.add(new BasicNameValuePair("j_password", "my_password!"));

            httpost.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));

            response = httpclient.execute(httpost);
            entity = response.getEntity();

            System.out.println("Login form get: " + response.getStatusLine());
            EntityUtils.consume(entity);

            System.out.println("Post logon cookies:");
            cookies = httpclient.getCookieStore().getCookies();
            if (cookies.isEmpty()) {
                System.out.println("None");
            } else {
                for (int i = 0; i < cookies.size(); i++) {
                    System.out.println("- " + cookies.get(i).toString());
                }
            }

        } finally {
            // When HttpClient instance is no longer needed,
            // shut down the connection manager to ensure
            // immediate deallocation of all system resources
            httpclient.getConnectionManager().shutdown();
        }
    }
}

错误信息: 

Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
    at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
    at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
    at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:150)
    at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
    at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:575)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
    at com.sicap.ssis.client.ClientFormLogin.main(ClientFormLogin.java:57)

1 个解决方案

解决方案1
 -1 已采纳  2012-03-13 12:28:40

这是解决方案:

添加新课程: 

import java.io.IOException;
import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import org.apache.http.client.HttpClient;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.impl.client.DefaultHttpClient;

/*
 This code is public domain: you are free to use, link and/or modify it in any way you want, for all purposes including commercial applications.
 */
public class WebClientDevWrapper {

    @SuppressWarnings("deprecation")
    public static HttpClient wrapClient(HttpClient base) {
        try {
            SSLContext ctx = SSLContext.getInstance("TLS");
            X509TrustManager tm = new X509TrustManager() {

                public void checkClientTrusted(X509Certificate[] xcs,
                        String string) {
                }

                public void checkServerTrusted(X509Certificate[] xcs,
                        String string) {
                }

                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            };
            X509HostnameVerifier verifier = new X509HostnameVerifier() {

                @Override
                public void verify(String string, SSLSocket ssls)
                        throws IOException {
                }

                @Override
                public void verify(String string, X509Certificate xc)
                        throws SSLException {
                }

                @Override
                public void verify(String string, String[] strings,
                        String[] strings1) throws SSLException {
                }

                @Override
                public boolean verify(String string, SSLSession ssls) {
                    return true;
                }
            };
            ctx.init(null, new TrustManager[] { tm }, null);
            SSLSocketFactory ssf = new SSLSocketFactory(ctx);
            ssf.setHostnameVerifier(verifier);
            ClientConnectionManager ccm = base.getConnectionManager();
            SchemeRegistry sr = ccm.getSchemeRegistry();
            sr.register(new Scheme("https", ssf, 443));
            return new DefaultHttpClient(ccm, base.getParams());
        } catch (Exception ex) {
            ex.printStackTrace();
            return null;
        }
    }
}

现在在httpClient周围添加包装器: 

DefaultHttpClient httpclient = new DefaultHttpClient();
httpclient = (DefaultHttpClient) WebClientDevWrapper.wrapClient(httpclient);

现在如何确定登录是否成功? 

    boolean loginSuccess = false;

    Header[] locationHeader = response.getHeaders("Location");
    if (locationHeader.length > 0) {
            if (response.getStatusLine().toString().contains("302") && locationHeader[0].toString().endsWith(requestURL)) {
                loginSuccess=true;
            }
    }
    System.out.println("Login Success: " + loginSuccess);

如果“位置标题”等于您请求的URL,并且“登录表单获取”中包含302,则表明登录成功。 如果您设置了错误的用户或密码,您可以检查一下,然后登录将失败。

希望这可以帮助。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 自动基于JBoss Form的身份验证 基于JBoss表单的身份验证失败 来自Apache Commons的httpclient在jboss上不起作用 使用HttpClient进行基于表单的身份验证 - j_security_check apache httpclient + ntlm身份验证 Apache HttpClient 摘要身份验证 使用Java和Apache HttpClient进行Apache Shiro authcBasic身份验证 如何在使用基于表单的Spring安全性对Java应用程序进行身份验证后使用Apache HttpClient来持久化cookie SHA-1哈希无法在使用自定义REALM的基于jboss表单的身份验证中工作 Java Apache HttpClient基于表单的登录MySpace
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM