gpt4 book ai didi

java - Android 应用程序的 JWT 身份验证

转载 作者:行者123 更新时间:2023-12-02 05:16:48 25 4
gpt4 key购买 nike

我对 Android 开发相当陌生,需要调用 HTTP 服务器来上传图像。在此之前,用户使用用户名和密码登录,并返回 JWT token 和用户 ID。在图像上传功能中,我需要提供 token 和ID,以便服务器在验证 session 后接受图像,这就是我遇到问题的地方。

我不确定问题是否在于图像上传或 session 验证,但从错误消息来看似乎是第二种情况。

函数如下:

public String sendPostMult(String myurl, String token, List<ValuePair> params, Bitmap bm) throws Exception {

try {

HttpClient client = new DefaultHttpClient();

HttpPost post = new HttpPost(myurl);
post.addHeader("Authorization", "Token token=\"" + token + "\"");
MultipartEntityBuilder postEntity = MultipartEntityBuilder.create();

ByteArrayOutputStream bao = new ByteArrayOutputStream();

bm.compress(Bitmap.CompressFormat.PNG, 90, bao);

byte[] ba = bao.toByteArray();

String ba1 = Base64.encodeToString(ba, Base64.DEFAULT);

// File file = new File("Your File path on SD card");
// postEntity.addPart("fileupload", new FileBody(file, "image/jpeg"));
for (ValuePair param : params) {
postEntity.addTextBody(param.getValue(), param.getName());
Log.d(param.getValue(), param.getName());
}

postEntity.addTextBody("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");


postEntity.addTextBody("client_assertion", token);

postEntity.addTextBody("picture", ba1);
// Log.d("YY", getBytesFromBitmap(bm).toString());
post.setEntity(postEntity.build());

HttpResponse response = client.execute(post);

int responseCode = response.getStatusLine().getStatusCode();


BufferedReader reader = new BufferedReader(new InputStreamReader(
response.getEntity().getContent(), "UTF-8"));

String sResponse = reader.readLine();

return sResponse;

}catch(Exception e)
{
e.printStackTrace();
return "ERROR";
}
}

给出的错误如下(请看最后一个):

11-11 10:51:09.780  11762-12135/team13.foods I/APACHE HTTP (thCr=686) - NafHttpAuthStrategyDefault﹕ (thUse=686) NafHttpAuthStrategyDefault()

11-11 10:51:09.780 11762-12135/team13.foods I/APACHE HTTP (thCr=686) - KeeperManager﹕ (thUse=686) INITIALIZATION of shared resources

11-11 10:51:09.780 11762-12135/team13.foods I/APACHE HTTP (thCr=686) - AndroidContextProviderImpl﹕ (thUse=686) currentActivityThread=android.app.ActivityThread@420899a8
11-11 10:51:09.830 11762-12135/team13.foods I/APACHE HTTP (thCr=686) - GbaSupportIndicatorRequestUpdaterDefault﹕ (thUse=686) GbaSupportIndicatorRequestUpdaterAbstract() userHeaderPredefined=Apache-HttpClient/UNAVAILABLE (java 1.4)

11-11 10:51:09.940 11762-11769/team13.foods I/dalvikvm﹕ Total arena pages for JIT: 11
11-11 10:51:09.940 11762-11769/team13.foods I/dalvikvm﹕ Total arena pages for JIT: 12
11-11 10:51:09.940 11762-11769/team13.foods I/dalvikvm﹕ Total arena pages for JIT: 13
11-11 10:51:09.940 11762-11769/team13.foods I/dalvikvm﹕ Total arena pages for JIT: 14
11-11 10:51:09.950 11762-11769/team13.foods I/dalvikvm﹕ Total arena pages for JIT: 15

11-11 10:51:09.960 11762-12135/team13.foods D/dalvikvm﹕ DexOpt: couldn't find static field Lorg/apache/http/message/BasicHeaderValueParser;.INSTANCE

11-11 10:51:09.960 11762-12135/team13.foods W/dalvikvm﹕ VFY: unable to resolve static field 1921 (INSTANCE) in Lorg/apache/http/message/BasicHeaderValueParser;

11-11 10:51:09.960 11762-12135/team13.foods D/dalvikvm﹕ VFY: replacing opcode 0x62 at 0x001b

11-11 10:51:09.960 11762-12135/team13.foods D/dalvikvm﹕ DexOpt: couldn't find static field Lorg/apache/http/message/BasicHeaderValueFormatter;.INSTANCE

11-11 10:51:09.960 11762-12135/team13.foods W/dalvikvm﹕ VFY: unable to resolve static field 1915 (INSTANCE) in Lorg/apache/http/message/BasicHeaderValueFormatter;

11-11 10:51:09.960 11762-12135/team13.foods D/dalvikvm﹕ VFY: replacing opcode 0x62 at 0x0015
11-11 10:51:09.970 11762-12135/team13.foods D/name﹕ djt
11-11 10:51:09.970 11762-12135/team13.foods D/description﹕ test
11-11 10:51:09.970 11762-12135/team13.foods D/tags﹕ hft
11-11 10:51:09.970 11762-12135/team13.foods D/id﹕ 545a7b69ed2f9c0200dfc995
11-11 10:51:10.000 11762-12135/team13.foods D/dalvikvm﹕ GC_FOR_ALLOC freed 799K, 16% free 7878K/9336K, paused 27ms, total 27ms

11-11 10:51:10.020 11762-12135/team13.foods I/APACHE HTTP (thCr=686) - NafHttpAuthStrategyDefault﹕ (thUse=686) cached value : gbaSupportIsPossible=null

11-11 10:51:10.020 11762-12135/team13.foods I/APACHE HTTP (thCr=686) - NafHttpAuthStrategyDefault﹕ (thUse=686) The current context is NOT a context of GBA service.

11-11 10:51:10.020 11762-12135/team13.foods I/APACHE HTTP (thCr=686) - GbaSupportPermissionRequestCheckerImpl﹕ (thUse=686) isCurrentProcessRequestedGba()#finished result=false

11-11 10:51:10.020 11762-12135/team13.foods I/APACHE HTTP (thCr=686) - GbaSupportPermissionRequestCheckerImpl﹕ (thUse=686) isCurrentProcessAllowedToUseGba()#started result=false

11-11 10:51:10.020 11762-12135/team13.foods I/APACHE HTTP (thCr=686) - NafHttpAuthStrategyDefault﹕ (thUse=686) The GBA permission wasn't requested for this process.

11-11 10:51:10.020 11762-12135/team13.foods I/APACHE HTTP (thCr=686) - NafHttpAuthStrategyDefault﹕ (thUse=686) It is impossible to support GBA now (many possible reasons: no Android Context, current client is GBA service, etc.), then it will be just usual HTTP.

11-11 10:51:10.020 11762-12135/team13.foods I/APACHE HTTP (thCr=686) - NafRequestExecutorWrapperRedirectionHandler﹕ (thUse=686) It isn't GBA flow, redirection responses are not handled.

11-11 10:51:11.280 11762-12135/team13.foods W/DefaultRequestDirector﹕ Authentication error: Unable to respond to any of these challenges: {}

11-11 10:51:11.280 11762-12135/team13.foods I/APACHE HTTP (thCr=686) - NafHttpAuthStrategyDefault﹕ (thUse=686) cached value : gbaSupportIsPossible=false

11-11 10:51:11.280 11762-11762/team13.foods I/System.out﹕ UnauthorizedError: jwt must be provided

看来确实是jwt错误。如果我删除

post.addHeader("Authorization", "Token token=\"" + token + "\"");

行,错误提示:必须提供授权 header 。

所以我的问题是:

1) 授权 header 是否正确?或者应该采用其他格式?

2) 如何通过 JWT?我收到了字符串形式的 token ,我认为这就是我需要传递的。然而,确实,当我收到 token 时,它包含几个字段,我将这些字段解析为不同的字符串, token 就是其中之一。那么也许我应该保存整个内容并将其完全发送到客户端断言字段中?但是我仍然应该只在授权 header 中发送 token 吗?

3)虽然有点不相关,但我是否以错误的格式发送图像?

非常感谢您抽出时间。我真的很感激!

最佳答案

看看 JWT,你的问题就在那里。它不是 JWT token 。

JWT 由三部分组成:<header>.<claims/payload>.<signature> 。你的只包含<payload>.<signature> 。我怀疑您有 JWS(JSON Web 签名)而不是 JWT(JSON Web token )。

您可以在规范中阅读有关格式的信息:http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#ExampleJWT

如果您需要对 token 进行故障排除,这是一个有用的工具:http://kjur.github.io/jsjws/mobile/tool_jwt.html

此外,像您一样在声明中发送密码似乎是一种倒退的事情,即使它是加密的。 JWT 不是向每个服务发送密码。服务通过验证签名来信任内容。

关于java - Android 应用程序的 JWT 身份验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/26869187/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com