Java-登錄到使用基於表單的身份驗證的網站

Question

我試圖登錄到使用基於表單的身份驗證的站點，以便我的應用程序可以進入，下載受保護的頁面然后退出（是的，我有一個有效的用戶名/密碼組合）。

我知道：
1.登錄頁面的URL
2.登錄身份驗證器的URL
3.方法（帖子）
4.我的信息（顯然）
5.用戶名和密碼字段（根據...而異。我已經寫了一種獲取名稱的方法）。

目前，我正在此dream.in.code頁上使用該代碼作為我所做工作的基礎。

每次我運行該應用程序時，它都會以“錯誤的用戶名/密碼”消息發送回登錄頁面。

碼：

import java.net.*;
import java.util.LinkedList;
import java.io.*;

import javax.swing.JOptionPane;

public class ConnectToURL
{

  // Variables to hold the URL object and its connection to that URL.
  private static URL URLObj;
  private static URLConnection connect;
  private static String loginField;
  private static String passwordField;

  private static void getFields()
  {
    try
    {
      URLObj = new URL("http://url.goes.here/login.jsp");
      connect = URLObj.openConnection();
      // Now establish a buffered reader to read the URLConnection's input
      // stream.
      BufferedReader reader = new BufferedReader(new InputStreamReader(
          connect.getInputStream()));

      String lineRead = "";
      LinkedList<String> lines = new LinkedList<String>();

      // Read all available lines of data from the URL and print them to
      // screen.
      while ((lineRead = reader.readLine()) != null)
      {
        lines.add(lineRead);
      }
      reader.close();

      while(lines.peekFirst().indexOf("<th>Username or E-mail:</th>") == -1)
      {
        lines.removeFirst();
      }
      String usernameCell = "";
      while (usernameCell.indexOf("</td>") == -1)
      {
        usernameCell = usernameCell + lines.removeFirst().trim();
      }
      usernameCell = usernameCell.substring(usernameCell.indexOf("name=\"") + 6);
      usernameCell = usernameCell.substring(0, usernameCell.indexOf("\""));
      loginField = usernameCell;

      while(lines.peekFirst().indexOf("<th>Password:</th>") == -1)
      {
        lines.removeFirst();
      }

      String passwordCell = "";
      while (passwordCell.indexOf("</td>") == -1)
      {
        passwordCell = passwordCell + lines.removeFirst().trim();
      }
      passwordCell = passwordCell.substring(passwordCell.indexOf("name=\"") + 6);
      passwordCell = passwordCell.substring(0, passwordCell.indexOf("\""));
      passwordField = passwordCell;
    }
    catch (MalformedURLException e)
    {
      // TODO Auto-generated catch block
      e.printStackTrace();
    }
    catch (IOException e)
    {
      // TODO Auto-generated catch block
      e.printStackTrace();
    }
  }

  public static void main(String[] args)
  {
    try
    {
      // getFields() grabs the names of the username and password fields and stores them into variables above
      getFields();
      // Establish a URL and open a connection to it. Set it to output
      // mode.
      URLObj = new URL("http://url.goes.here/login_submit.jsp");
      connect = URLObj.openConnection();
      HttpURLConnection.setFollowRedirects(true);
      connect.setDoOutput(true);
    }
    catch (MalformedURLException ex)
    {
      System.out
          .println("The URL specified was unable to be parsed or uses an invalid protocol. Please try again.");
      System.exit(1);
    }
    catch (Exception ex)
    {
      System.out.println("An exception occurred. " + ex.getMessage());
      System.exit(1);
    }

    try
    {
      // Create a buffered writer to the URLConnection's output stream and
      // write our forms parameters.
      BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(
          connect.getOutputStream()));
      // For obvious reasons, login info is editted.
      // The line begins with username=& because there's a username field that send no data and is set to display:none.
      // When I observed the request in Chrome, username was sent, but left blank. Without it, my request doesn't go through.
      writer.write("username=&" + loginField + "=" + URLEncoder.encode("Username", "UTF-8") + "&" + passwordField + "=" + URLEncoder.encode("myPassword", "UTF-8"));
      writer.close();

      // Now establish a buffered reader to read the URLConnection's input
      // stream.
      BufferedReader reader = new BufferedReader(new InputStreamReader(
          connect.getInputStream()));

      String lineRead = "";

      // Read all available lines of data from the URL and print them to
      // screen.
      while ((lineRead = reader.readLine()) != null)
      {
        System.out.println(lineRead);
      }

      reader.close();
    }
    catch (Exception ex)
    {
      System.out.println("There was an error reading or writing to the URL: "
          + ex.getMessage());
    }
  }
}

Answer 1

我會嘗試使用諸如HttpFox或Fiddler之類的東西來查看登錄過程中發送的確切內容，並嘗試進行模擬。 有時登錄頁面會對Javascript發送的內容進行按摩。

Answer 2

使用LiveHTTPHeaders可以檢查發布的所有內容。 您可能沒有傳遞給POST命令的cookie /會話數據。

另外，有時還會對引薦來源網址進行監控，並且還應通過傳遞標頭“ Referrer： http：//homepage.com.../login.html ”來偽造該網址。

Answer 3

您是否嘗試過使用Appache httpClient（http://hc.apache.org/httpcomponents-client-ga/）而不是在解析html並插入值的地方編寫自己的代碼？

我相信，您不必解析html。 你的步驟應該是

• 查看html，看看您的身份驗證請求要轉到哪個“ url”
• 打開您找到的URL的連接，而不是發送到“登錄頁面”並對其進行解析以進行查找。
• httpclient類可以幫助您管理會話以使會話保持活動狀態。 您可以自己做，但是會做很多工作