从嵌入式 Applet 进行 HTTP 调用时绕过内置浏览器身份验证
- 我有一个简单的网页,其中包含 嵌入式Java 小程序。
- 小程序 对不同的 Axis 进行 HTTP 调用 共享相同的相机 身份验证(例如用户名, 密码)。
- 我在启动小程序时将用户名和密码传递给 Java 代码 - 没问题。
- 当我使用小程序查看器从 NetBeans 中运行时,我可以完全访问摄像机并观看流视频 - 与广告中的完全一样。
- 当我在网络浏览器 (Firefox) 中打开 HTML 页面时,问题就出现了。
即使我的代码处理身份验证:
URL u = 新 URL(useMJPGStream ? mjpgURL : jpgURL); Huc = (HttpURLConnection) u.openConnection(); 字符串base64授权= securityMan.getAlias(this.securityAlias).getBase64authorization(); // 如果需要授权,则设置与编码的连接 // 授权信息 if(base64授权!= null) { huc.setDoInput(true); huc.setRequestProperty("授权",base64authorization); huc.connect(); } 输入流 = huc.getInputStream(); 连接=真; BufferedInputStream bis = new BufferedInputStream(is); dis= 新的 DataInputStream(bis);- 浏览器仍然会弹出身份验证弹出窗口,并分别请求每个摄像头的用户名和密码!
- 更糟糕的是,相机显示的图像被冻结且陈旧(从昨晚开始)。
- 如何绕过浏览器的身份验证?
- I have a simple web page with an
embedded Java applet. - The applet
makes HTTP calls to different Axis
Cameras who all share the same
authentication (e.g. username,
password). - I am passing the user name and password to the Java code upon launch of the applet - no problem.
- When I run from within NetBeans with the applet viewer, I get full access to the cameras and see streaming video - exactly as advertised.
- The problem begins when I open the HTML page in a web browser (Firefox).
Even though my code handles authentication:
URL u = new URL(useMJPGStream ? mjpgURL : jpgURL); huc = (HttpURLConnection) u.openConnection(); String base64authorization = securityMan.getAlias(this.securityAlias).getBase64authorization(); // if authorization is required set up the connection with the encoded // authorization-information if(base64authorization != null) { huc.setDoInput(true); huc.setRequestProperty("Authorization",base64authorization); huc.connect(); } InputStream is = huc.getInputStream(); connected = true; BufferedInputStream bis = new BufferedInputStream(is); dis= new DataInputStream(bis);- The browser still brings up an authentication pop-up and requests the username and password for each camera separately!
- To make things worse, the images displayed from the camera are frozen and old (from last night).
- How can I bypass the browser's authentication?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
已修复
添加了以下几行:
我在该行之后
。
Fixed
I added the following lines:
after the
line.
在浏览器中运行时
base64authorization不为 null,对吗?我不太确定
getBase64authorization应该返回什么,但是当您调用huc.setRequestProperty("Authorization", **autorization value**)它正在寻找 HTTP 基本身份验证值。意味着**授权值**需要采用用户名的基本**base 64编码:密码**格式,如此处。也许您只需将
Basic(注意尾随空格)字符串添加到您的属性中。When running in the browser
base64authorizationnot null, correct?I'm not really sure what
getBase64authorizationis supposed to return, but I'm fairly certain when you callhuc.setRequestProperty("Authorization", **autorization value**)it's looking for a HTTP Basic authentication value. Meaning**authorization value**needs to be in the formatBasic **base 64 encoding of username:password**as described here.Maybe you just need to add the
Basic(note the trailing space) string to your property.