Zootool API授权
我正在尝试通过 api ( http://zootool.com/api 添加一个页面到我的 Zootool 页面/docs/add )与 java.为此,我需要使用摘要身份验证。
给出了一个获取页面授权的php示例:
<?php
$username = 'username';
$password = 'password';
$api_url = 'http://zootool.com/api/users/items/?username='
. $username . '&apikey=###';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $api_url);
// HTTP Digest Authentication
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
curl_setopt($ch, CURLOPT_USERPWD, strtolower($username) . ':' . sha1($password));
curl_setopt($ch, CURLOPT_USERAGENT, 'My PHP Script');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
curl_close($ch);
$data = json_decode($result, true);
print_r($data);
?>
但是在Java中如何添加页面呢?搜索后,我发现 apache commons HttpClient 可能有用,但我似乎无法理解它。
我尝试过:
String url = "http://zootool.com/api/add/?url=http://www.google.com
&title=Google&apikey=###";
DigestScheme authscheme = new DigestScheme();
HttpClient httpclient = new DefaultHttpClient();
HttpGet httpget = new HttpGet(url);
HttpResponse authResponse = httpclient.execute(httpget);
Header challenge = authResponse.getHeaders("WWW-Authenticate")[0];
authscheme.processChallenge(challenge);
Header solution = authscheme.authenticate(
new UsernamePasswordCredentials("username", "password"),
new BasicHttpRequest(HttpPost.METHOD_NAME,
new URL(url).getPath()));
HttpResponse goodResponse = httpclient.execute(httpget);
我尝试过对密码进行 sh1 哈希(如 api 手册中所述),但没有成功。看来我的代码找不到任何可以响应的挑战。
API 密钥、用户名和密码正确。
更新 我现在相对确定我需要使用抢占式摘要授权,但是当尝试使用 apache 给出的解决方法时,我仍然收到 401 和“身份验证错误:预期摘要授权挑战,但未找到” - 来自 java 的警告。我使用的代码是:
HttpHost targetHost = new HttpHost("www.zootool.com", 80, "http");
DefaultHttpClient httpclient = new DefaultHttpClient();
try {
httpclient.getCredentialsProvider().setCredentials(
new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT),
new UsernamePasswordCredentials("username", "sha1-password"));
// Create AuthCache instance
AuthCache authCache = new BasicAuthCache();
// Generate DIGEST scheme object, initialize it and add it to the local
// auth cache
DigestScheme digestAuth = new DigestScheme();
// Suppose we already know the realm name
digestAuth.overrideParamter("realm", "www.zootool.com");
// Suppose we already know the expected nonce value
digestAuth.overrideParamter("nonce", "something");
authCache.put(targetHost, digestAuth);
// Add AuthCache to the execution context
BasicHttpContext localcontext = new BasicHttpContext();
localcontext.setAttribute(ClientContext.AUTH_CACHE, authCache);
HttpGet httpget = new HttpGet("/api/add/?url=http://www.google.com&title=Google&apikey=###");
System.out.println("executing request: " + httpget.getRequestLine());
System.out.println("to target: " + targetHost);
for (int i = 0; i < 3; i++) {
HttpResponse response = httpclient.execute(targetHost, httpget, localcontext);
HttpEntity entity = response.getEntity();
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
if (entity != null) {
System.out.println("Response content length: " + entity.getContentLength());
}
EntityUtils.consume(entity);
}
} finally {
// When HttpClient instance is no longer needed,
// shut down the connection manager to ensure
// immediate deallocation of all system resources
httpclient.getConnectionManager().shutdown();
}
}
我必须为 DigestScheme 参数提供有意义的值吗? 我是否走在正确的轨道上?
/安德烈
I'm trying to add a page to my zootool page via the api ( http://zootool.com/api/docs/add ) with java. For this i need to use digest authentication.
A php example is given for the authorization of getting pages:
<?php
$username = 'username';
$password = 'password';
$api_url = 'http://zootool.com/api/users/items/?username='
. $username . '&apikey=###';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $api_url);
// HTTP Digest Authentication
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
curl_setopt($ch, CURLOPT_USERPWD, strtolower($username) . ':' . sha1($password));
curl_setopt($ch, CURLOPT_USERAGENT, 'My PHP Script');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
curl_close($ch);
$data = json_decode($result, true);
print_r($data);
?>
But how is this done in Java to add pages? After searching I found that apache commons HttpClient might be of use, but I can't seem to wrap my head around it.
I tried:
String url = "http://zootool.com/api/add/?url=http://www.google.com
&title=Google&apikey=###";
DigestScheme authscheme = new DigestScheme();
HttpClient httpclient = new DefaultHttpClient();
HttpGet httpget = new HttpGet(url);
HttpResponse authResponse = httpclient.execute(httpget);
Header challenge = authResponse.getHeaders("WWW-Authenticate")[0];
authscheme.processChallenge(challenge);
Header solution = authscheme.authenticate(
new UsernamePasswordCredentials("username", "password"),
new BasicHttpRequest(HttpPost.METHOD_NAME,
new URL(url).getPath()));
HttpResponse goodResponse = httpclient.execute(httpget);
I have tried to sh1-hash the password (as stated in the api-manual), but no luck. It seems that my code can't find any challenges to respond to.
Api-key, username and password are correct.
UPDATE
I am now relatively certain that I need to use preemptive digest authorization, but when trying with the workaround given by apache I still get a 401 and a "Authentication error: digest authorization challenge expected, but not found"-warning from java. The code I use is:
HttpHost targetHost = new HttpHost("www.zootool.com", 80, "http");
DefaultHttpClient httpclient = new DefaultHttpClient();
try {
httpclient.getCredentialsProvider().setCredentials(
new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT),
new UsernamePasswordCredentials("username", "sha1-password"));
// Create AuthCache instance
AuthCache authCache = new BasicAuthCache();
// Generate DIGEST scheme object, initialize it and add it to the local
// auth cache
DigestScheme digestAuth = new DigestScheme();
// Suppose we already know the realm name
digestAuth.overrideParamter("realm", "www.zootool.com");
// Suppose we already know the expected nonce value
digestAuth.overrideParamter("nonce", "something");
authCache.put(targetHost, digestAuth);
// Add AuthCache to the execution context
BasicHttpContext localcontext = new BasicHttpContext();
localcontext.setAttribute(ClientContext.AUTH_CACHE, authCache);
HttpGet httpget = new HttpGet("/api/add/?url=http://www.google.com&title=Google&apikey=###");
System.out.println("executing request: " + httpget.getRequestLine());
System.out.println("to target: " + targetHost);
for (int i = 0; i < 3; i++) {
HttpResponse response = httpclient.execute(targetHost, httpget, localcontext);
HttpEntity entity = response.getEntity();
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
if (entity != null) {
System.out.println("Response content length: " + entity.getContentLength());
}
EntityUtils.consume(entity);
}
} finally {
// When HttpClient instance is no longer needed,
// shut down the connection manager to ensure
// immediate deallocation of all system resources
httpclient.getConnectionManager().shutdown();
}
}
Do i have to give meaningful values to the DigestScheme parameters?
Am I on the right track even?
/André
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
抢先授权码有效!错误是必须将 login=true 添加到 api url,如下所示:
此信息在 api 手册中不可用。
The preemptive authorization code works! The error was that login=true has to be added to the api url, like this:
This information was not available in the api manual.