1

我遇到了一个问题 - 当您已经登录并尝试访问另一个安全页面时返回 401 错误消息。对我来说,这个问题的神秘之处在于,如果通过 Firefox RestCLient 或 iOS 应用程序检查,我可以在您登录后访问另一个安全页面,但无法通过 Chrome Advanced Rest Client 和 Android 应用程序访问。但是,内容类型和其他必要参数在 Web 工具和应用程序中设置相同。我尝试使用编码的 login:pass 设置不同的身份验证标头,但它t help and it doesn不需要,因为我认为它应该可以在没有它的情况下工作(至少 FF 和 iOS 应用程序在没有这个标头的情况下工作)。会出什么问题?

Chrome的响应头:

401 Unauthorized

Loading time:
29
Request headers
Content-Type: application/x-www-form-urlencoded 
Response headers
Date: Mon, 04 Mar 2013 10:01:02 GMT 
Server: Apache/2.2.20 (Ubuntu) 
X-Powered-By: PHP/5.3.6-13ubuntu3.9
Set-Cookie: peachy=qg3mjvchjh1oionqlhhv0jrn71; path=/ 
Expires: Thu, 19 Nov 1981 08:52:00 GMT 
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 
Pragma: no-cache 
Vary: Accept-Encoding 
Content-Length: 96 
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

Firefox 的响应头:

Status Code: 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: Keep-Alive
Content-Length: 202
Content-Type: application/json
Date: Mon, 04 Mar 2013 09:51:09 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache/2.2.20 (Ubuntu)
X-Powered-By: PHP/5.3.6-13ubuntu3.9

这就是我在 Android 应用程序中的 Restful 代码:

public String serverRequest(int action, Bundle params) {
    if (action == 0) {
        if (Const.DEBUG_ENABLED)
            Log.e(TAG, "You did not pass action.");
        return "You did not pass action.";
    }

    try {
        HttpRequestBase request = null;
        HttpPost postRequest = null;
        switch (action) {
            case SIGN_IN:
                request = new HttpPost();
                request.setURI(new URI(SIGNIN_URL));
                request.setHeader("Content-Type", "application/x-www-form-urlencoded; charset=utf-8");

                 postRequest = (HttpPost) request;

                 if (params != null) {
                 UrlEncodedFormEntity formEntity = new
                 UrlEncodedFormEntity(paramsToList(params));
                 postRequest.setEntity(formEntity);
                 }
                break;

            case SIGN_OUT:
                request = new HttpPost();
                request.setURI(new URI(SIGNOUT_URL));
                request.setHeader("Content-Type", "application/x-www-form-urlencoded; charset=utf-8");
                break;

            case BANK_CARD_VERIFY:
                request = new HttpPost();
                request.setURI(new URI(BANK_CARD_VERIFY_URL));
                request.setHeader("Content-Type", "application/x-www-form-urlencoded; charset=utf-8");

                postRequest = (HttpPost) request;

                if (params != null) {
                    UrlEncodedFormEntity formEntity = new UrlEncodedFormEntity(paramsToList(params));
                    postRequest.setEntity(formEntity);
                }
                break;
        }

        if (request != null) {
            DefaultHttpClient client = new DefaultHttpClient();

            if (Const.DEBUG_ENABLED)
                Log.d(TAG, "Executing request: " + actionToString(action) + ": " + urlToString(action));

            HttpResponse response = client.execute(request);

            StatusLine responseStatus = response.getStatusLine();

            int statusCode = responseStatus != null ? responseStatus.getStatusCode() : 0;
            Log.d(TAG, "Status code: " + statusCode);
            }
            }

(登录和注销是公开的,bank_verify 是安全页面。Android 应用具有与 chrome 相同的响应标头)。会话或其他东西似乎有问题,但我不确定。

编辑: 看来我发现这里有什么问题。在 Android 应用程序中,我创建了一个新的 HttpCLient 对象,因为它丢失了所有旧数据。但另一个问题 - 如何使这个 HttpCLient 可重用?

4

1 回答 1

0

发现问题。我每次都重用httpClient,尽管每次只使用一个拥有所有会话数据的客户端。只需执行 if 语句来检查我是否已经有 httpclient 对象,否则它会创建一个新对象。

于 2013-03-11T09:46:15.170 回答