Android客户端登录到Django服务器,如何传递crsf:|
我正在构建一个Android客户端应用程序来连接到Django服务器。 这里的问题是我无法登录到我的服务器:(。有什么问题,请帮助我:| 这是我的登录函数()Android客户端登录到Django服务器,如何传递crsf:|,android,django,Android,Django,我正在构建一个Android客户端应用程序来连接到Django服务器。 这里的问题是我无法登录到我的服务器:(。有什么问题,请帮助我:| 这是我的登录函数() 创建DefaultHttpClient: DefaultHttpClient httpClientStatic = new DefaultHttpClient(); 从服务器获取crsf的函数: public String getCsrfFromUrl(String url) { HttpGet httpGet = new H
DefaultHttpClient httpClientStatic = new DefaultHttpClient();
public String getCsrfFromUrl(String url) {
HttpGet httpGet = new HttpGet(url);
HttpResponse httpResponse = httpClientStatic.execute(httpGet);
HttpEntity httpEntity = httpResponse.getEntity();
is = httpEntity.getContent();
List<Cookie> cookies = httpClientStatic.getCookieStore().getCookies();
if (cookies.isEmpty()) {
Log.e("COOKIES GET ", "Empty Cookies");
} else {
for (int i = 0; i < cookies.size(); i++) {
Log.e("COOKIES GET ", cookies.get(i).getName()+"--"+cookies.get(i).getValue());
}
}
return cookies.get(0).getValue();
}
公共字符串getCsrfFromUrl(字符串url){
HttpGet HttpGet=新的HttpGet(url);
HttpResponse HttpResponse=httpClientStatic.execute(httpGet);
HttpEntity HttpEntity=httpResponse.getEntity();
is=httpEntity.getContent();
List cookies=httpClientStatic.getCookieStore().getCookies();
if(cookies.isEmpty()){
Log.e(“COOKIES获取”、“空COOKIES”);
}否则{
对于(int i=0;ipublic JSONObject getJSONFromUrl(String url, List<NameValuePair> params) {
// Making HTTP GET request to get csrfmiddlewaretoken:
try {
HttpPost httpPost = new HttpPost(url);
httpPost.setEntity(new UrlEncodedFormEntity(params));
Log.e("JSON", "In login user 02.4");
HttpResponse httpResponse = httpClientStatic.execute(httpPost);
HttpEntity httpEntity = httpResponse.getEntity();
is = httpEntity.getContent();
.....
//Next is read respone, and return json type
}
publicJSONObject getJSONFromUrl(字符串url,列表参数){
//正在发出HTTP GET请求以获取csrfmiddlewaretoken:
试一试{
HttpPost HttpPost=新的HttpPost(url);
setEntity(新的UrlEncodedFormEntity(参数));
Log.e(“JSON”,“在登录用户02.4中”);
HttpResponse HttpResponse=httpClientStatic.execute(httpPost);
HttpEntity HttpEntity=httpResponse.getEntity();
is=httpEntity.getContent();
.....
//接下来是readrespone,返回json类型
}
public JSONObject loginUser(String username, String password){
// Building Parameters
List<NameValuePair> params = new ArrayList<NameValuePair>();
params.add(new BasicNameValuePair("username", username));
params.add(new BasicNameValuePair("password", password));
csrfmiddlewaretoken = new JSONParser().getCsrfFromUrl(loginURL);
params.add(new BasicNameValuePair("csrfmiddlewaretoken", csrfmiddlewaretoken));
JSONObject json = jsonParser.getJSONFromUrl(loginURL, params);
return json;
}
publicJSONObject登录用户(字符串用户名、字符串密码){
//建筑参数
List params=new ArrayList();
添加(新的BasicNameValuePair(“用户名”,用户名));
添加(新的BasicNameValuePair(“密码”,password));
csrfmiddlewaretoken=newjsonparser().getCsrfFromUrl(loginURL);
添加参数(新的BasicNameValuePair(“csrfmiddlewaretoken”,csrfmiddlewaretoken));
JSONObject json=jsonParser.getJSONFromUrl(loginURL,params);
返回json;
}
它仍然返回401错误anh 500状态:|。您是否应该通过csrf?您的android是否正在通过会话进行身份验证?如果您正在创建api,也许您应该查看不同的身份验证方案?您可以使用@csrf_豁免装饰器,因为android应用程序肯定是跨域的,所以您不应该在任何时候使用csrf不过,最佳实践似乎是使用Oauth(实际上是Oauth2)而不是基于cookie的会话。