模拟登陆CAS时 JSESSIONID无效

发布于 2022-09-11 23:29:51 字数 7486 浏览 19 评论 0

通过HttpClient向CAS服务端发送请求来实现模拟登陆,遇到一个问题:

在浏览器上,登录的请求头中有这样一个属性:
image.png

模拟登陆的代码如下

HttpPost httpPost = new HttpPost(("http://IP:端口/cas_service/login"));
    httpPost.setHeader(new BasicHeader("Content-type", "application/x-www-form-urlencoded"));
    httpPost.setHeader("Cookie", "JSESSIONID="+cookies.get("JSESSIONID"));
    httpPost.setHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36");
    httpPost.setHeader("Upgrade-Insecure-Requests","1");
    List<NameValuePair> list = new ArrayList<NameValuePair>();
    list.add(new BasicNameValuePair("username", id));
    list.add(new BasicNameValuePair("password", pass));
    list.add(new BasicNameValuePair("lt", ""));
    list.add(new BasicNameValuePair("execution", "e2s1"));
    list.add(new BasicNameValuePair("_eventId", "submit"));
    list.add(new BasicNameValuePair("submit1", "登录"));
    httpPost.setEntity(new UrlEncodedFormEntity(list, "utf-8"));
    HttpResponse response2 = httpClient.execute(httpPost,context);
    
    String result2 = EntityUtils.toString(response2.getEntity(), "utf-8");
    System.out.println(result2);

其中请求头中的Cookie:JSESSIONID=中的值,使用浏览器访问CAS时返回的值,模拟登陆成功

//使用浏览器访问CAS登录页,返回中有Set-Cookie
General
Request URL: http://IP:端口/cas_service/login
Request Method: GET
Status Code: 200 OK
Remote Address: IP:4930
Referrer Policy: no-referrer-when-downgrade
----------------------------------------------------
Response Headers
Cache-Control: no-cache
Cache-Control: no-store
Content-Type: text/html;charset=UTF-8
Date: Wed, 13 Nov 2019 09:47:40 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=072F4D7A6A3C3E4C6EA9B761721BEF10; Path=/cas_service/; HttpOnly
Transfer-Encoding: chunked

之后我使用以下代码获取JSESSIONID

    CloseableHttpClient httpClient = HttpClients.createDefault();
    HttpClientContext context = HttpClientContext.create();
    String userAgent = req.getHeader("User-Agent");
    
    HttpGet httpGet = new HttpGet("http://IP:端口/cas_service/login");
    httpGet.setHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36");
    httpGet.setHeader("Cache-Control", "max-age=0");
    httpGet.setHeader("Connection", "keep-alive");
    httpGet.setHeader("Host", "IP:端口");
    httpGet.setHeader("Upgrade-Insecure-Requests","1");
    HttpResponse response = httpClient.execute(httpGet,context);
    Header[] headers = response.getHeaders("Set-Cookie");//获取/login 返回的cookie
    HashMap<String, String> cookies = new HashMap<String, String>(2);
    for (Header header : headers) {
      if (header.getValue().contains("JSESSIONID")) {
        String uid = header.getValue()
            .substring(header.getValue().indexOf("=") + 1, header.getValue().indexOf(';'));
        cookies.put("JSESSIONID", uid);//保存JSESSIONID
      }
    }
    String result = EntityUtils.toString(response.getEntity(), "utf-8");
    System.out.println("返回值:");
//    System.out.println(result);
    try {
      System.out.println(">>>>>>headers:");
      Arrays.stream(response.getAllHeaders()).forEach(System.out::println);
      System.out.println(">>>>>>cookies:");
      context.getCookieStore().getCookies().forEach(System.out::println);
    } catch (Exception e) {
      // TODO Auto-generated catch block
      e.printStackTrace();
    }

之后使用该保存JSESSIONID进行模拟登陆却失败了

整个代码如下,使用Springboot,以接口形式触发

    //获取JSESSIONID
    CloseableHttpClient httpClient = HttpClients.createDefault();
    HttpClientContext context = HttpClientContext.create();
    String userAgent = req.getHeader("User-Agent");
    
    HttpGet httpGet = new HttpGet("http://IP:端口/cas_service/login");
    httpGet.setHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36");
    httpGet.setHeader("Cache-Control", "max-age=0");
    httpGet.setHeader("Connection", "keep-alive");
    httpGet.setHeader("Host", "IP:端口");
    httpGet.setHeader("Upgrade-Insecure-Requests","1");
    HttpResponse response = httpClient.execute(httpGet,context);
    Header[] headers = response.getHeaders("Set-Cookie");//获取/login 返回的cookie
    HashMap<String, String> cookies = new HashMap<String, String>(2);
    for (Header header : headers) {
      if (header.getValue().contains("JSESSIONID")) {
        String uid = header.getValue()
            .substring(header.getValue().indexOf("=") + 1, header.getValue().indexOf(';'));
        cookies.put("JSESSIONID", uid);//保存JSESSIONID
      }
    }
    String result = EntityUtils.toString(response.getEntity(), "utf-8");
    System.out.println("返回值:");
//    System.out.println(result);
    try {
      System.out.println(">>>>>>headers:");
      Arrays.stream(response.getAllHeaders()).forEach(System.out::println);
      System.out.println(">>>>>>cookies:");
      context.getCookieStore().getCookies().forEach(System.out::println);
    } catch (Exception e) {
      // TODO Auto-generated catch block
      e.printStackTrace();
    }
    
    //模拟登陆
    HttpPost httpPost = new HttpPost(("http://IP:端口/cas_service/login"));
    httpPost.setHeader(new BasicHeader("Content-type", "application/x-www-form-urlencoded"));
    httpPost.setHeader("Cookie", "JSESSIONID="+cookies.get("JSESSIONID"));
    httpPost.setHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36");
    httpPost.setHeader("Upgrade-Insecure-Requests","1");
    List<NameValuePair> list = new ArrayList<NameValuePair>();
    list.add(new BasicNameValuePair("username", id));
    list.add(new BasicNameValuePair("password", pass));
    list.add(new BasicNameValuePair("lt", ""));
    list.add(new BasicNameValuePair("execution", "e2s1"));
    list.add(new BasicNameValuePair("_eventId", "submit"));
    list.add(new BasicNameValuePair("submit1", "登录"));
    httpPost.setEntity(new UrlEncodedFormEntity(list, "utf-8"));
    HttpResponse response2 = httpClient.execute(httpPost,context);
    
    String result2 = EntityUtils.toString(response2.getEntity(), "utf-8");
    System.out.println("返回值2:");
    try {
      System.out.println(">>>>>>headers:");
      Arrays.stream(httpPost.getAllHeaders()).forEach(System.out::println);
      System.out.println(">>>>>>cookies:");
      context.getCookieStore().getCookies().forEach(System.out::println);
    } catch (Exception e) {
      // TODO Auto-generated catch block
      e.printStackTrace();
    }
    System.out.println(result2);
    
    //保持登录状态转向客户端
    HttpGet httpGet2 = new HttpGet("http://IP:端口/CASClient");
    HttpResponse response3 = httpClient.execute(httpGet2,context);
    httpGet2.setHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36");
    String result3 = EntityUtils.toString(response3.getEntity(), "utf-8");
    System.out.println("返回值3:");
    System.out.println(result3);

我觉得主要问题还是出在我获取JSESSIONID的时候,因为后续模拟登陆的代码我使用浏览器中返回的JSESSIONID已经测试登陆成功了

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

从此见与不见 2022-09-18 23:29:51

问题解决了嘛 我也遇到了同样的问题

牵你的手,一向走下去 2022-09-18 23:29:51

问题解决了嘛 我也遇到了同样的问题

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文