0

I'm using Tomcat JDBCRealm to authenticated users when they follow a protected page. The authentication works properly when reaching a protected page. Now I'd like to automate this process using cURL. I've written the code below but it doesn't work :

$domainUrl = "http://mydomain.com/protectedArea?j_username=john&j_password=doe";
$ch = curl_init ();
curl_setopt ( $ch, CURLOPT_URL, $domainUrl );
//curl_setopt ( $ch, CURLOPT_POST, true );
//curl_setopt ( $ch, CURLOPT_POSTFIELDS, $post );
curl_setopt ( $ch, CURLOPT_RETURNTRANSFER, 1 );
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); 
curl_setopt($ch, CURLOPT_FRESH_CONNECT, true); 
curl_setopt ( $ch, CURLOPT_TIMEOUT, 7 );

$output = curl_exec ( $ch );
curl_close ( $ch );

In tomcat log we can see only http GET :

[07/Aug/2012:11:51:24 +0200] GET http://mydomain.com/protectedArea?j_username=john&j_password=doe HTTP/1.1 200 1618

whereas we should have something like that : 

[07/Aug/2012:11:57:06 +0200] GET http://mydomain.com/protectedArea?j_username=john&j_password=doe HTTP/1.1 200 1516
[07/Aug/2012:11:57:06 +0200] POST http://mydomain.com/j_security_check HTTP/1.1 302 -

Does someone have any idea?

Thanks for your help

Regards

4

1 回答 1

0

看起来您只有一个curl_exec调用...您是否期​​望一个调用会导致对服务器的两个单独请求?您必须执行以下操作才能将基于表单的登录脚本编写到符合规范的服务器:

  1. 向受保护的资源发出请求。任何人都会做。
  2. 发出请求j_security_check并包含j_usernamej_password请求参数。POST避免 Web 服务器记录凭据是一个好主意。如果认证成功,你应该得到#1中最初请求的资源。
  3. 向您真正想要访问的受保护资源发出请求。
于 2012-08-07T14:12:03.807 回答