Java 使用Apache的HttpClient进行基于表单的JBoss身份验证
我试图使用apache中的示例代码登录到我的JBoss webapp,但没有成功。JBoss AS配置为基于表单的身份验证。有人知道为什么它不起作用吗Java 使用Apache的HttpClient进行基于表单的JBoss身份验证,java,authentication,apache-httpclient-4.x,Java,Authentication,Apache Httpclient 4.x,我试图使用apache中的示例代码登录到我的JBoss webapp,但没有成功。JBoss AS配置为基于表单的身份验证。有人知道为什么它不起作用吗 public class ClientFormLogin { public static void main(String[] args) throws Exception { System.out.println("started with login..."); DefaultHttpClient
public class ClientFormLogin {
public static void main(String[] args) throws Exception {
System.out.println("started with login...");
DefaultHttpClient httpclient = new DefaultHttpClient();
try {
HttpGet httpget = new HttpGet("url to requested website");
HttpResponse response = httpclient.execute(httpget);
HttpEntity entity = response.getEntity();
System.out.println("Login form get: " + response.getStatusLine());
EntityUtils.consume(entity);
System.out.println("Initial set of cookies:");
List<Cookie> cookies = httpclient.getCookieStore().getCookies();
if (cookies.isEmpty()) {
System.out.println("None");
} else {
for (int i = 0; i < cookies.size(); i++) {
System.out.println("- " + cookies.get(i).toString());
}
}
HttpPost httpost = new HttpPost("url to the j_security_check page");
List <NameValuePair> nvps = new ArrayList <NameValuePair>();
nvps.add(new BasicNameValuePair("j_username", "my_username"));
nvps.add(new BasicNameValuePair("j_password", "my_password!"));
httpost.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));
response = httpclient.execute(httpost);
entity = response.getEntity();
System.out.println("Login form get: " + response.getStatusLine());
EntityUtils.consume(entity);
System.out.println("Post logon cookies:");
cookies = httpclient.getCookieStore().getCookies();
if (cookies.isEmpty()) {
System.out.println("None");
} else {
for (int i = 0; i < cookies.size(); i++) {
System.out.println("- " + cookies.get(i).toString());
}
}
} finally {
// When HttpClient instance is no longer needed,
// shut down the connection manager to ensure
// immediate deallocation of all system resources
httpclient.getConnectionManager().shutdown();
}
}
}
这就是解决方案:
添加新类:
import java.io.IOException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.impl.client.DefaultHttpClient;
/*
This code is public domain: you are free to use, link and/or modify it in any way you want, for all purposes including commercial applications.
*/
public class WebClientDevWrapper {
@SuppressWarnings("deprecation")
public static HttpClient wrapClient(HttpClient base) {
try {
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs,
String string) {
}
public void checkServerTrusted(X509Certificate[] xcs,
String string) {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
X509HostnameVerifier verifier = new X509HostnameVerifier() {
@Override
public void verify(String string, SSLSocket ssls)
throws IOException {
}
@Override
public void verify(String string, X509Certificate xc)
throws SSLException {
}
@Override
public void verify(String string, String[] strings,
String[] strings1) throws SSLException {
}
@Override
public boolean verify(String string, SSLSession ssls) {
return true;
}
};
ctx.init(null, new TrustManager[] { tm }, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx);
ssf.setHostnameVerifier(verifier);
ClientConnectionManager ccm = base.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", ssf, 443));
return new DefaultHttpClient(ccm, base.getParams());
} catch (Exception ex) {
ex.printStackTrace();
return null;
}
}
}
现在在httpClient周围添加包装器:
DefaultHttpClient httpclient = new DefaultHttpClient();
httpclient = (DefaultHttpClient) WebClientDevWrapper.wrapClient(httpclient);
现在,您如何确定登录是否成功
boolean loginSuccess = false;
Header[] locationHeader = response.getHeaders("Location");
if (locationHeader.length > 0) {
if (response.getStatusLine().toString().contains("302") && locationHeader[0].toString().endsWith(requestURL)) {
loginSuccess=true;
}
}
System.out.println("Login Success: " + loginSuccess);
如果位置标头等于您请求的URL,并且登录表单Get包含302,则登录成功。如果您设置了错误的用户或密码,您可以检查此项,然后登录将失败
希望这有帮助
boolean loginSuccess = false;
Header[] locationHeader = response.getHeaders("Location");
if (locationHeader.length > 0) {
if (response.getStatusLine().toString().contains("302") && locationHeader[0].toString().endsWith(requestURL)) {
loginSuccess=true;
}
}
System.out.println("Login Success: " + loginSuccess);