4

应用说明

行为不当的APP是一个Android APP,它允许用户从手机中拍照,然后上传到Sharepoint CMS。

详细问题描述

在 Java 应用程序上,我正在向 IIS 上托管的 SOAP WebService 发送一个包含图像字节的 POST HTTP 请求作为 base64。此 WebService 使用 Windows 身份验证进行保护。我已将 Java 程序配置为在发出请求时发送凭据。当我检查 HTTP 响应代码时,它是HTTP 401 Unauthorized。我无法检查响应内容。

注意事项

Java 调试器没有按应有的方式进入Authenticator类的getPasswordAuthentication方法。

应用规格

  • 编程语言:Java
  • 应用类型:安卓APP
  • 代码位置:AsyncTask 内部
  • 端点类型:SOAP WebService
  • 端点身份验证:Windows 身份验证

相关代码

连接设置

URL url = new URL(ENDPOINT_URL);
HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
// Enable POST
httpURLConnection.setDoOutput(true);
httpURLConnection.setRequestMethod("POST");
httpURLConnection.setRequestProperty("Content-Type", "text/xml");

身份验证器设置始终发送存储的凭据

Authenticator.setDefault(new NTLMAuthenticator());

NTLMAuthenticator 类

public class NTLMAuthenticator extends Authenticator {
    @Override
    public PasswordAuthentication getPasswordAuthentication() {
        return new PasswordAuthentication("USER_NAME", "PASSWORD".toCharArray());
    }
}

请求 POST 内容设置

try (OutputStream outputStream = httpURLConnection.getOutputStream()) {
    String baseRequest = "<?xml version=\"1.0\" encoding=\"utf-8\"?><soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"><soap:Body><Upload xmlns=\"http://schemas.microsoft.com/sharepoint/soap/ois/\"><strListName>%s</strListName><strFolder /><bytes>%s</bytes><fileName>%s</fileName><fOverWriteIfExist>true</fOverWriteIfExist></Upload></soap:Body></soap:Envelope>";
    File f = new File(PATH_TO_FILE);
    byte[] fileBytes = FileUtils.readFileToByteArray(f);
    String fileBase64 = android.util.Base64.encodeToString(fileBytes, 0);
    outputStream.write(String.format(baseRequest, LIST_NAME, fileBase64, FILE_NAME).getBytes());
    outputStream.flush();
} catch (Exception e) {
    e.printStackTrace();
}

响应读取

int response_code = httpURLConnection.getResponseCode();
if (response_code == HttpURLConnection.HTTP_OK) {
    // **response_code IS HTTP_UNAUTHORIZED**
    try (BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()))) {
        // **Unreachable code**
        String line;
        while ((line = bufferedReader.readLine()) != null) {
            // Read response line by line
        }
    } catch (Exception e) {
        e.printStackTrace();
    }
}
4

0 回答 0