2

我正在使用 spring 3,2 并使用来自仅需要基本身份验证的 rest api 的数据的应用程序中工作......问题是我无法登录到 api,我得到的只是 401。

配置如下:

一、凭证提供者

<bean id="credentialProvider" class="org.apache.http.impl.client.BasicCredentialsProvider" />

访问restful服务的授权范围。由于我们希望此模板可用于所有内容,因此我们将其设置为默认值

<bean id="authScope" class="org.apache.http.auth.AuthScope">
  <constructor-arg name="host"> <null /> </constructor-arg>
  <constructor-arg name="port"> <value>-1</value> </constructor-arg>
  <constructor-arg name="realm"> <null /> </constructor-arg>
  <constructor-arg name="scheme"> <null /> </constructor-arg>
</bean>

访问 api 服务的用户名和密码凭据

<bean id="credentials" class="org.apache.http.auth.UsernamePasswordCredentials">
  <constructor-arg name="userName" value="${dataApi.username}"></constructor-arg>
  <constructor-arg name="password" value="${dataApi.password}"></constructor-arg>
</bean>

创建凭据提供程序

<bean id="methodInvoke" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
  <property name="targetObject" ref="credentialProvider" />
  <property name="targetMethod" value="setCredentials" />
  <property name="arguments">
    <list>
      <ref local="authScope" />
      <ref local="credentials" />
    </list>
  </property>
</bean>

我们必须使用代理,所以...

<bean id="proxyHttpClient" class="com.cibbva.commerce360.utils.ProxyHttpClient">
  <constructor-arg name="host" value="${proxy.hostname}" />
  <constructor-arg name="port" value="${proxy.port}" />
  <constructor-arg name="user" value="${proxy.username}" />
  <constructor-arg name="pass" value="${proxy.password}" />
  <constructor-arg name="conman" ref="clientConnectionManager"></constructor-arg>
  <property name="credentialsProvider" ref="credentialProvider" />
</bean>

clientConnectionManager 定义为:

<bean id="clientConnectionManager" class="org.apache.http.impl.conn.PoolingClientConnectionManager">
  <property name="defaultMaxPerRoute" value="${dataAPi.connection.maxPerRoute}"></property>
  <property name="maxTotal" value="${dataAPi.connection.maxTotal}"></property>
</bean>

最后是 requestFactory 和 restTemplate:

<bean id="requestFactory" class="org.springframework.http.client.HttpComponentsClientHttpRequestFactory">
  <constructor-arg ref="proxyHttpClient" />
</bean>

<bean id="restTemplate" class="org.springframework.web.client.RestTemplate">
  <constructor-arg name="requestFactory" ref="requestFactory" />
</bean>

我认为问题是因为 Authorization 参数没有被添加到请求的标头中,在调试模式下查看,我看到以下内容:

DEBUG org.apache.http.headers - >> GET /xxxx/xxxxxx?xxxx HTTP/1.1
DEBUG org.apache.http.headers - >> Accept: application/json, application/*+json
DEBUG org.apache.http.headers - >> Host: hostname
DEBUG org.apache.http.headers - >> Connection: Keep-Alive
DEBUG org.apache.http.headers - >> User-Agent: Apache-HttpClient/4.2.3 (java 1.5)
DEBUG org.apache.http.wire - << "HTTP/1.1 401 No Autorizado[\r][\n]"

如您所见,标头中没有身份验证信息。为了排除用户名和密码错误的可能性,我使用 curl 发出相同的请求:

curl -v --user 'username:pasword' https://xxxx/xxxxxx?xxxx

输出是:

SSL certificate verify ok.
Server auth using Basic with user 'user'
GET xxxx/xxxxxx?xxxx HTTP/1.1
Authorization: Basic Y29tL....
User-Agent: curl/7.29.0
Host: hostname
Accept: */*
HTTP/1.1 404 No Encontrado

总而言之,如何将参数添加Authorization到请求的标头中?

非常感谢!

4

1 回答 1

1

好的,我终于找到了解决这个问题的方法。我所做的是创建一个实现ClientHttpRequestInterceptor的类,然后手动放置Authorization Header,代码如下:

public class RequestHeaderIntercepter implements ClientHttpRequestInterceptor{

  @Override
  public ClientHttpResponse intercept(HttpRequest request, byte[] body,
    ClientHttpRequestExecution execution) throws IOException {
    HttpRequestWrapper requestWrapper = new HttpRequestWrapper(request);
    requestWrapper.getHeaders().set("Authorization", "encoded username:password");
    return execution.execute(request, body);
  }
}

之后,您必须将侦听器注册到 restTemplate ,仅此而已!请求被截获,并且 Authorization 参数被添加到 header 中。

于 2013-10-07T14:31:10.287 回答