模拟登陆CAS时 JSESSIONID无效

Question

通过HttpClient向CAS服务端发送请求来实现模拟登陆，遇到一个问题：

在浏览器上，登录的请求头中有这样一个属性：

模拟登陆的代码如下

HttpPost httpPost = new HttpPost(("http://IP:端口/cas_service/login"));
    httpPost.setHeader(new BasicHeader("Content-type", "application/x-www-form-urlencoded"));
    httpPost.setHeader("Cookie", "JSESSIONID="+cookies.get("JSESSIONID"));
    httpPost.setHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36");
    httpPost.setHeader("Upgrade-Insecure-Requests","1");
    List<NameValuePair> list = new ArrayList<NameValuePair>();
    list.add(new BasicNameValuePair("username", id));
    list.add(new BasicNameValuePair("password", pass));
    list.add(new BasicNameValuePair("lt", ""));
    list.add(new BasicNameValuePair("execution", "e2s1"));
    list.add(new BasicNameValuePair("_eventId", "submit"));
    list.add(new BasicNameValuePair("submit1", "登录"));
    httpPost.setEntity(new UrlEncodedFormEntity(list, "utf-8"));
    HttpResponse response2 = httpClient.execute(httpPost,context);
    
    String result2 = EntityUtils.toString(response2.getEntity(), "utf-8");
    System.out.println(result2);

其中请求头中的Cookie:JSESSIONID=中的值，使用浏览器访问CAS时返回的值，模拟登陆成功

//使用浏览器访问CAS登录页，返回中有Set-Cookie
General
Request URL: http://IP:端口/cas_service/login
Request Method: GET
Status Code: 200 OK
Remote Address: IP:4930
Referrer Policy: no-referrer-when-downgrade
----------------------------------------------------
Response Headers
Cache-Control: no-cache
Cache-Control: no-store
Content-Type: text/html;charset=UTF-8
Date: Wed, 13 Nov 2019 09:47:40 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=072F4D7A6A3C3E4C6EA9B761721BEF10; Path=/cas_service/; HttpOnly
Transfer-Encoding: chunked

之后我使用以下代码获取JSESSIONID

    CloseableHttpClient httpClient = HttpClients.createDefault();
    HttpClientContext context = HttpClientContext.create();
    String userAgent = req.getHeader("User-Agent");
    
    HttpGet httpGet = new HttpGet("http://IP:端口/cas_service/login");
    httpGet.setHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36");
    httpGet.setHeader("Cache-Control", "max-age=0");
    httpGet.setHeader("Connection", "keep-alive");
    httpGet.setHeader("Host", "IP:端口");
    httpGet.setHeader("Upgrade-Insecure-Requests","1");
    HttpResponse response = httpClient.execute(httpGet,context);
    Header[] headers = response.getHeaders("Set-Cookie");//获取/login 返回的cookie
    HashMap<String, String> cookies = new HashMap<String, String>(2);
    for (Header header : headers) {
      if (header.getValue().contains("JSESSIONID")) {
        String uid = header.getValue()
            .substring(header.getValue().indexOf("=") + 1, header.getValue().indexOf(';'));
        cookies.put("JSESSIONID", uid);//保存JSESSIONID
      }
    }
    String result = EntityUtils.toString(response.getEntity(), "utf-8");
    System.out.println("返回值：");
//    System.out.println(result);
    try {
      System.out.println(">>>>>>headers:");
      Arrays.stream(response.getAllHeaders()).forEach(System.out::println);
      System.out.println(">>>>>>cookies:");
      context.getCookieStore().getCookies().forEach(System.out::println);
    } catch (Exception e) {
      // TODO Auto-generated catch block
      e.printStackTrace();
    }

之后使用该保存JSESSIONID进行模拟登陆却失败了

整个代码如下，使用Springboot，以接口形式触发

    //获取JSESSIONID
    CloseableHttpClient httpClient = HttpClients.createDefault();
    HttpClientContext context = HttpClientContext.create();
    String userAgent = req.getHeader("User-Agent");
    
    HttpGet httpGet = new HttpGet("http://IP:端口/cas_service/login");
    httpGet.setHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36");
    httpGet.setHeader("Cache-Control", "max-age=0");
    httpGet.setHeader("Connection", "keep-alive");
    httpGet.setHeader("Host", "IP:端口");
    httpGet.setHeader("Upgrade-Insecure-Requests","1");
    HttpResponse response = httpClient.execute(httpGet,context);
    Header[] headers = response.getHeaders("Set-Cookie");//获取/login 返回的cookie
    HashMap<String, String> cookies = new HashMap<String, String>(2);
    for (Header header : headers) {
      if (header.getValue().contains("JSESSIONID")) {
        String uid = header.getValue()
            .substring(header.getValue().indexOf("=") + 1, header.getValue().indexOf(';'));
        cookies.put("JSESSIONID", uid);//保存JSESSIONID
      }
    }
    String result = EntityUtils.toString(response.getEntity(), "utf-8");
    System.out.println("返回值：");
//    System.out.println(result);
    try {
      System.out.println(">>>>>>headers:");
      Arrays.stream(response.getAllHeaders()).forEach(System.out::println);
      System.out.println(">>>>>>cookies:");
      context.getCookieStore().getCookies().forEach(System.out::println);
    } catch (Exception e) {
      // TODO Auto-generated catch block
      e.printStackTrace();
    }
    
    //模拟登陆
    HttpPost httpPost = new HttpPost(("http://IP:端口/cas_service/login"));
    httpPost.setHeader(new BasicHeader("Content-type", "application/x-www-form-urlencoded"));
    httpPost.setHeader("Cookie", "JSESSIONID="+cookies.get("JSESSIONID"));
    httpPost.setHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36");
    httpPost.setHeader("Upgrade-Insecure-Requests","1");
    List<NameValuePair> list = new ArrayList<NameValuePair>();
    list.add(new BasicNameValuePair("username", id));
    list.add(new BasicNameValuePair("password", pass));
    list.add(new BasicNameValuePair("lt", ""));
    list.add(new BasicNameValuePair("execution", "e2s1"));
    list.add(new BasicNameValuePair("_eventId", "submit"));
    list.add(new BasicNameValuePair("submit1", "登录"));
    httpPost.setEntity(new UrlEncodedFormEntity(list, "utf-8"));
    HttpResponse response2 = httpClient.execute(httpPost,context);
    
    String result2 = EntityUtils.toString(response2.getEntity(), "utf-8");
    System.out.println("返回值2：");
    try {
      System.out.println(">>>>>>headers:");
      Arrays.stream(httpPost.getAllHeaders()).forEach(System.out::println);
      System.out.println(">>>>>>cookies:");
      context.getCookieStore().getCookies().forEach(System.out::println);
    } catch (Exception e) {
      // TODO Auto-generated catch block
      e.printStackTrace();
    }
    System.out.println(result2);
    
    //保持登录状态转向客户端
    HttpGet httpGet2 = new HttpGet("http://IP:端口/CASClient");
    HttpResponse response3 = httpClient.execute(httpGet2,context);
    httpGet2.setHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36");
    String result3 = EntityUtils.toString(response3.getEntity(), "utf-8");
    System.out.println("返回值3：");
    System.out.println(result3);

我觉得主要问题还是出在我获取JSESSIONID的时候，因为后续模拟登陆的代码我使用浏览器中返回的JSESSIONID已经测试登陆成功了

Answer 1

问题解决了嘛 我也遇到了同样的问题

Answer 2

问题解决了嘛 我也遇到了同样的问题