Java 如何在Android中使用WebView获得身份验证令牌?
我需要在我的Android应用程序上接收令牌。我在Laravel上创建了和API,我需要接收身份验证令牌,但我不知道如何在Android上实现。 我做了一些代码,但不起作用Java 如何在Android中使用WebView获得身份验证令牌?,java,android,authentication,token,Java,Android,Authentication,Token,我需要在我的Android应用程序上接收令牌。我在Laravel上创建了和API,我需要接收身份验证令牌,但我不知道如何在Android上实现。 我做了一些代码,但不起作用 public class LoginActivity extends AppCompatActivity { WebView webView; private final String URL = "https://login.ipleiria.pt/adfs/ls/?client-request-id=5
public class LoginActivity extends AppCompatActivity {
WebView webView;
private final String URL = "https://login.ipleiria.pt/adfs/ls/?client-request-id=5d88995c-4405-40c7-985f-a02fd6d62749&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAY2RO2_TUABGc-PEbaMKKsTAgEQHpEpI176-14_YEhLOw2mihDRJCWCBKtuxEzdObPzIa2Pr2IEBOiHElJEBIf4AUsXQqUN_QcWEmBgYaMTCBmc4-ubz3aM4hlPuoj9guDJEjsNBy16tvwhv5LaevTl6ni19efD64C17fr5TPQHXRnPGDTzbDV2DCeIluDOI4yBSWNZPYs_3h4zvOK5lM5Y_Yv2pwX4C4AyAZVoSiZiX8rKABUw4TLBAGCKKHI-wDEWMLMjjngMNCROICTIkx-Z4yxQv0tebahIP8Ep-6C7sH-kNxw9HB4EfxSfUK1Cy4kIpqvbL5UIb1RO-3PcXjXqnPjuM-b6gNatoaFZQ7XBSRxGJZTnUO2Iv6DWTmdgtVrwGP2sN1HGguhW3PVet3eFcm-JW-2k3atSQqor7Lyb8UINDSCJnz8vbu16Xx9CR9Xwy6xgjTeppiVM3ySNB79RMW-C6e3BJ_VfjDxR91Wnkj08p2g_ssds7y4BvmU1EKevrua3UrdR26mcGvMteffH-csreXtspvZzYvz5ufk2dZlm2bZS1_mLgdcbF_ccto2BOpPzDqDEvPklCvWvpbWLwXpUvmf37ROGOaXBM05c0-E6Do7XU541_fXeRu4kRJ0NEIMdtc0hBSBGw_hs1&RedirectToIdentityProvider=http%3a%2f%2flogin.ipleiria.pt%2fadfs%2fservices%2ftrust";
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.login);
webView = findViewById(R.id.webView);
webView.setWebViewClient(new WebViewClient());
webView.loadUrl(URL);
// Cria problemas de XSS na aplicação. Usar com cuidado
webView.getSettings().setJavaScriptEnabled(true);
if (URL.length() == 0) {
getToken("https://login.ipleiria.pt/adfs/ls/?client-request-id=5d88995c-4405-40c7-985f-a02fd6d62749&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAY2RO2_TUABGc-PEbaMKKsTAgEQHpEpI176-14_YEhLOw2mihDRJCWCBKtuxEzdObPzIa2Pr2IEBOiHElJEBIf4AUsXQqUN_QcWEmBgYaMTCBmc4-ubz3aM4hlPuoj9guDJEjsNBy16tvwhv5LaevTl6ni19efD64C17fr5TPQHXRnPGDTzbDV2DCeIluDOI4yBSWNZPYs_3h4zvOK5lM5Y_Yv2pwX4C4AyAZVoSiZiX8rKABUw4TLBAGCKKHI-wDEWMLMjjngMNCROICTIkx-Z4yxQv0tebahIP8Ep-6C7sH-kNxw9HB4EfxSfUK1Cy4kIpqvbL5UIb1RO-3PcXjXqnPjuM-b6gNatoaFZQ7XBSRxGJZTnUO2Iv6DWTmdgtVrwGP2sN1HGguhW3PVet3eFcm-JW-2k3atSQqor7Lyb8UINDSCJnz8vbu16Xx9CR9Xwy6xgjTeppiVM3ySNB79RMW-C6e3BJ_VfjDxR91Wnkj08p2g_ssds7y4BvmU1EKevrua3UrdR26mcGvMteffH-csreXtspvZzYvz5ufk2dZlm2bZS1_mLgdcbF_ccto2BOpPzDqDEvPklCvWvpbWLwXpUvmf37ROGOaXBM05c0-E6Do7XU541_fXeRu4kRJ0NEIMdtc0hBSBGw_hs1&RedirectToIdentityProvider=http%3a%2f%2flogin.ipleiria.pt%2fadfs%2fservices%2ftrust");
}
}
private void getToken(String url) {
StringBuilder strBuild = new StringBuilder();
String authURL = "https://login.ipleiria.pt/adfs/ls/?client-request-id=5d88995c-4405-40c7-985f-a02fd6d62749&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAY2RO2_TUABGc-PEbaMKKsTAgEQHpEpI176-14_YEhLOw2mihDRJCWCBKtuxEzdObPzIa2Pr2IEBOiHElJEBIf4AUsXQqUN_QcWEmBgYaMTCBmc4-ubz3aM4hlPuoj9guDJEjsNBy16tvwhv5LaevTl6ni19efD64C17fr5TPQHXRnPGDTzbDV2DCeIluDOI4yBSWNZPYs_3h4zvOK5lM5Y_Yv2pwX4C4AyAZVoSiZiX8rKABUw4TLBAGCKKHI-wDEWMLMjjngMNCROICTIkx-Z4yxQv0tebahIP8Ep-6C7sH-kNxw9HB4EfxSfUK1Cy4kIpqvbL5UIb1RO-3PcXjXqnPjuM-b6gNatoaFZQ7XBSRxGJZTnUO2Iv6DWTmdgtVrwGP2sN1HGguhW3PVet3eFcm-JW-2k3atSQqor7Lyb8UINDSCJnz8vbu16Xx9CR9Xwy6xgjTeppiVM3ySNB79RMW-C6e3BJ_VfjDxR91Wnkj08p2g_ssds7y4BvmU1EKevrua3UrdR26mcGvMteffH-csreXtspvZzYvz5ufk2dZlm2bZS1_mLgdcbF_ccto2BOpPzDqDEvPklCvWvpbWLwXpUvmf37ROGOaXBM05c0-E6Do7XU541_fXeRu4kRJ0NEIMdtc0hBSBGw_hs1&RedirectToIdentityProvider=http%3a%2f%2flogin.ipleiria.pt%2fadfs%2fservices%2ftrust";
String redirect_uri = "urn:ietf:wg:oauth:2.0:oob";
strBuild.append("&redirect_uri=").append(redirect_uri);
try{
java.net.URL obj = new URL(authURL);
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setDoOutput(true);
con.setRequestMethod("POST");
con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
DataOutputStream wr = new DataOutputStream(con.getOutputStream());
wr.writeBytes(strBuild.toString());
wr.flush();
wr.close();
System.out.println(con.getResponseCode());
System.out.println(con.getResponseMessage());
}catch (Exception e)
{
System.out.println("Error.");
}
System.out.println(strBuild.toString());
}
}
好的,你有两个选择: 第一个
第一个更好。如果您有权访问Web前端的代码,则可以执行此操作。基本上,您只需添加一个
WebAppInterface
。文档对此进行了描述。您的android功能应接受令牌作为参数,并且在用户成功登录并获得令牌后,前端应调用该令牌
所以你的可能看起来像这样:
class WebAppInterface(private val mContext: Context) {
/** Show a toast from the web page */
@JavascriptInterface
fun consumeToken(token: String) {
//do whatever you want to do with the token.
}
}
您必须这样注册它:webView.addJavascriptInterface(WebAppInterface(this),“Android”)
然后您的Web前端(javascript端)可以调用如下函数:Android.consumeToken(令牌)代码>
第二个
这个有点复杂。像往常一样加载您的url,然后将WebViewClient设置为您的WebView
。像这样:
webView.webViewClient = object: WebViewClient() {
override fun onPageFinished(view: WebView?, url: String?) {
super.onPageFinished(view, url)
webView.evaluateJavascript("(function() { return JSON.stringify(localStorage); })();") { s ->
if (s != "\"{}\"") {
var jsonAsStr = s.substring(1, s.length - 1).replace("\\", "")
val obj = JSONObject(jsonAsStr)
val token = obj.getString("token")
}
}
}
}
webView.loadUrl("https://www.google.com/")
因此,当加载新站点时,会调用onPageFinished
。这样,您就知道用户完成了登录(如果有任何其他按钮或他可以单击这些按钮也会触发此功能,则为是)。但是,您可以通过检查onPageStarted
中的url来捕获这些错误,并查看该url是否与用户登录后应该看到的页面匹配。这样:onPageStarted
被调用->如果url与用户登录后应该看到的页面url匹配,那么它就是正确的,您可以调用evaluateJavascript
。但也许我的简单示例就足以满足您的用例
无论如何,evaluateJavascript
然后将javascript注入客户端,客户端将读取localStorage
。然后检查它是否为空,然后解析为jsonObject
。然后只需从jsonified localstorage中检索令牌。就这样:)
在Java中也是这样:
webView.setWebViewClient(new WebViewClient() {
@Override
public void onPageFinished(WebView view, String url) {
super.onPageFinished(view, url);
webView.evaluateJavascript("(function() { return JSON.stringify(localStorage); })();", new ValueCallback<String>() {
@Override
public void onReceiveValue(String s) {
if (s != "\"{}\"") {
String jsonAsStr = s.substring(1, s.length() - 1).replace("\\", "");
try {
JSONObject obj = new JSONObject(jsonAsStr);
String token = obj.getString("token");
} catch (JSONException e) {
}
}
}
});
}
});
webView.setWebViewClient(新的WebViewClient(){
@凌驾
公共void onPageFinished(WebView视图,字符串url){
super.onPageFinished(视图、url);
evaluateJavascript((function(){return JSON.stringify(localStorage);})(;”,new ValueCallback(){
@凌驾
公共void onReceiveValue(字符串s){
如果(s!=“\”{}\”){
字符串jsonAsStr=s.substring(1,s.length()-1);
试一试{
JSONObject obj=新的JSONObject(jsonAsStr);
字符串标记=obj.getString(“标记”);
}捕获(JSONException e){
}
}
}
});
}
});
如果用户登录,此身份验证令牌是否存储在localstorage或rahter wehre中?如果我理解正确:您正在加载WebView并在用户通过身份验证后获取身份验证令牌?很抱歉,我的第一个问题没有正确解释,我的意思是:您是通过普通浏览器登录的。然后,客户端从服务器获取令牌->该令牌存储在客户端的何处?我假设必须为每个授权请求发送令牌。令牌存储在我的本地存储中。。当我从webview登录时,我希望在一个变量中接收相应的令牌。