gpt4 book ai didi

java - Tomcat 在处理带有身份验证 header 的 android 请求之前发送 400s

转载 作者:行者123 更新时间:2023-11-30 11:38:09 26 4
gpt4 key购买 nike

我正在编写一个用于发送和接收消息的基本 Android 应用程序。我也在使用 Tomcat 7.0.21 编写服务器端代码。我目前正在尝试实现“程序化 Web 应用程序安全性”(http://courses.coreservlets.com/Course-Materials/msajsp.html),其中显式执行客户端身份验证。

我现在已经完成了这个实现,当我使用 REST 客户端发送请求时它工作正常。但是,当我从 Android 设备/模拟器发送请求时,我收到 java.io.FileNotFoundException。当我检查 tomcat 访问日志时,似乎 tomcat 在我的 Servlet 代码执行之前发送了一个 400 Bad Request,从而产生了异常。

我不知道这个问题是客户端还是服务器端。任何关于如何实现这一点的见解或建议将不胜感激。谢谢。

Tomcat localhost_access_log:

192.168.1.2 - - [05/Dec/2012:12:20:39 +0100] "GET /CA/users/get_contacts?user_id=freespirit HTTP/1.1" 400 -

我扩展的 Servlet 类,我相信它们永远不会被执行:

package carter.server.conversations;

import java.io.IOException;
import java.sql.Connection;
import java.sql.SQLException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import sun.misc.BASE64Decoder;
import carter.sqlite.SQLiteUtilities;
import carter.sqlite.conversations.DatabaseHelper;

public class AuthorizationServlet extends HttpsServlet {

protected static final int SERVLET_EXCEPTION_UNAUTHORIZED = 1;

@Override
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {

super.doGet(request, response);

String authorization = request.getHeader("Authorization");
if(authorization == null){
System.out.println("CAAuthorizationServlet: Authorization is null. Sending 401.");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
else{
String base64encodedDetails = authorization.substring(6).trim(); //remove "BASIC " prefix
BASE64Decoder decoder = new BASE64Decoder();
String unencodedDetails = new String(decoder.decodeBuffer(base64encodedDetails));
String[] userDetails = unencodedDetails.split(":");
//check database for given details
Connection databaseConnection = SQLiteUtilities.getConnection(Constants.databasePath);
try{
String password = DatabaseHelper.getPassword(userDetails[0], databaseConnection);
if(password.equals(userDetails[1]) == false){
//password does not match this user
System.out.println("CAAuthorizationServlet: password does not match this user. Sending 401.");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
}
catch(SQLException e){
// no such user found in database.
System.out.println("CAAuthorizationServlet: no such user exists in database. Sending 401.");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
finally{
SQLiteUtilities.closeConnection(databaseConnection);
}
}
}

@Override
protected void doPost(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {

super.doPost(request, response);
doGet(request, response);
}

}


package carter.server.conversations;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class HttpsServlet extends HttpServlet {

@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {

System.out.println("CAHttpsServlet: checking request is secure");
if(request.isSecure() == false){
System.out.println("CAHttpsServlet: Request is NOT secure. Sending 400");
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
}
}

@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {

doGet(request, response);
}

}

最佳答案

嗯,你在自己的代码中拒绝请求:

protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {

System.out.println("CAHttpsServlet: checking request is secure");
if(request.isSecure() == false){
System.out.println("CAHttpsServlet: Request is NOT secure. Sending 400");
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
}
}

关于java - Tomcat 在处理带有身份验证 header 的 android 请求之前发送 400s,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/13724125/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com