Java 使用Apache的HttpClient进行基于表单的JBoss身份验证

我试图使用apache中的示例代码登录到我的JBoss webapp，但没有成功。JBoss AS配置为基于表单的身份验证。有人知道为什么它不起作用吗

public class ClientFormLogin {

    public static void main(String[] args) throws Exception {

        System.out.println("started with login...");

        DefaultHttpClient httpclient = new DefaultHttpClient();
        try {
            HttpGet httpget = new HttpGet("url to requested website");


            HttpResponse response = httpclient.execute(httpget);
            HttpEntity entity = response.getEntity();

            System.out.println("Login form get: " + response.getStatusLine());
            EntityUtils.consume(entity);

            System.out.println("Initial set of cookies:");
            List<Cookie> cookies = httpclient.getCookieStore().getCookies();
            if (cookies.isEmpty()) {
                System.out.println("None");
            } else {
                for (int i = 0; i < cookies.size(); i++) {
                    System.out.println("- " + cookies.get(i).toString());
                }
            }

            HttpPost httpost = new HttpPost("url to the j_security_check page");

            List <NameValuePair> nvps = new ArrayList <NameValuePair>();
            nvps.add(new BasicNameValuePair("j_username", "my_username"));
            nvps.add(new BasicNameValuePair("j_password", "my_password!"));

            httpost.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));

            response = httpclient.execute(httpost);
            entity = response.getEntity();

            System.out.println("Login form get: " + response.getStatusLine());
            EntityUtils.consume(entity);

            System.out.println("Post logon cookies:");
            cookies = httpclient.getCookieStore().getCookies();
            if (cookies.isEmpty()) {
                System.out.println("None");
            } else {
                for (int i = 0; i < cookies.size(); i++) {
                    System.out.println("- " + cookies.get(i).toString());
                }
            }

        } finally {
            // When HttpClient instance is no longer needed,
            // shut down the connection manager to ensure
            // immediate deallocation of all system resources
            httpclient.getConnectionManager().shutdown();
        }
    }
}

这就是解决方案：

添加新类：

import java.io.IOException;
import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import org.apache.http.client.HttpClient;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.impl.client.DefaultHttpClient;

/*
 This code is public domain: you are free to use, link and/or modify it in any way you want, for all purposes including commercial applications.
 */
public class WebClientDevWrapper {

    @SuppressWarnings("deprecation")
    public static HttpClient wrapClient(HttpClient base) {
        try {
            SSLContext ctx = SSLContext.getInstance("TLS");
            X509TrustManager tm = new X509TrustManager() {

                public void checkClientTrusted(X509Certificate[] xcs,
                        String string) {
                }

                public void checkServerTrusted(X509Certificate[] xcs,
                        String string) {
                }

                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            };
            X509HostnameVerifier verifier = new X509HostnameVerifier() {

                @Override
                public void verify(String string, SSLSocket ssls)
                        throws IOException {
                }

                @Override
                public void verify(String string, X509Certificate xc)
                        throws SSLException {
                }

                @Override
                public void verify(String string, String[] strings,
                        String[] strings1) throws SSLException {
                }

                @Override
                public boolean verify(String string, SSLSession ssls) {
                    return true;
                }
            };
            ctx.init(null, new TrustManager[] { tm }, null);
            SSLSocketFactory ssf = new SSLSocketFactory(ctx);
            ssf.setHostnameVerifier(verifier);
            ClientConnectionManager ccm = base.getConnectionManager();
            SchemeRegistry sr = ccm.getSchemeRegistry();
            sr.register(new Scheme("https", ssf, 443));
            return new DefaultHttpClient(ccm, base.getParams());
        } catch (Exception ex) {
            ex.printStackTrace();
            return null;
        }
    }
}

现在在httpClient周围添加包装器：

DefaultHttpClient httpclient = new DefaultHttpClient();
httpclient = (DefaultHttpClient) WebClientDevWrapper.wrapClient(httpclient);

现在，您如何确定登录是否成功

    boolean loginSuccess = false;

    Header[] locationHeader = response.getHeaders("Location");
    if (locationHeader.length > 0) {
            if (response.getStatusLine().toString().contains("302") && locationHeader[0].toString().endsWith(requestURL)) {
                loginSuccess=true;
            }
    }
    System.out.println("Login Success: " + loginSuccess);

如果位置标头等于您请求的URL，并且登录表单Get包含302，则登录成功。如果您设置了错误的用户或密码，您可以检查此项，然后登录将失败

希望这有帮助

    boolean loginSuccess = false;

    Header[] locationHeader = response.getHeaders("Location");
    if (locationHeader.length > 0) {
            if (response.getStatusLine().toString().contains("302") && locationHeader[0].toString().endsWith(requestURL)) {
                loginSuccess=true;
            }
    }
    System.out.println("Login Success: " + loginSuccess);