为什么要进行抢先验证?
为什么需要抢先身份验证?
System.setProperty("httpclient.authentication.preemptive", "true");
我用java编写了访问客户端程序的Web服务。我们在调用对象中设置用户名和密码,并且运行良好。
最近,我们的服务提供商对其进行了一些更改,之后他们没有收到用户名和信息。来自我们的网络服务调用的密码,因为他们没有收到用户名和密码密码,因此我们无法连接到他们的(提供商)服务。
然后我进行了谷歌搜索并发现了抢占式身份验证。 在调用 Web 服务时,我们将 httpclient.authentication.preemptive 设置为 true:
System.setProperty("httpclient.authentication.preemptive", "true");
然后我们就能够接收来自服务提供商的响应。
当我们删除
System.setProperty("httpclient.authentication.preemptive", "true");
线路后,我们将无法连接到他们的服务。
Why is preemptive authentication required?
System.setProperty("httpclient.authentication.preemptive", "true");
I wrote web services that access client program in java. Where we were setting username and password in call object and that was working perfectly.
Recently, our service provider made some changes on their side and after that they were not receiving username & password from our web service calls and as they were not receiving username & password so we were not able to connect to their (provider) service.
Then I did googling and found about preemptive authentication.
While calling web services we set httpclient.authentication.preemptive to true:
System.setProperty("httpclient.authentication.preemptive", "true");
then we are able to receive responses from our service provider.
When we remove the
System.setProperty("httpclient.authentication.preemptive", "true");
line then we are not able to connect to their services.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
以下是常规身份验证的工作原理(也称为抢占式身份验证 - 例如 Curl 的工作方式):
Authorization: Basic dXNlcjpwYXNz以下是非抢占式身份验证的工作原理(例如 Apache 的 HttpClient 是如何做到这一点的):
WWW-Authenticate: Basic Realm="Default Realm"Authorization: Basic dXNlcjpwYXNz为什么我们应该使用第二种方法?它确保只有需要身份验证的服务器才能获取您的密码。但这确实意味着服务器必须以正确的方式响应(WWW-Authenticate 标头)。也许这就是您遇到的问题,也是您必须覆盖 HTTP 客户端以强制进行抢先身份验证的原因。
(如果您想更好地了解客户端和服务器之间实际发生的情况,我建议使用 Wireshark。您可以在此处阅读有关此主题的 Apache HTTP 客户端文档:https://hc.apache.org/httpcomponents-client-4.5.x/current/tutorial/html/authentication.html )
Here's how regular authentication works (aka preemptive authentication - e.g. how Curl does it):
Authorization: Basic dXNlcjpwYXNzHere's how non-pre-emptive authentication works (e.g. how Apache's HttpClient does it):
WWW-Authenticate: Basic realm="Default Realm"Authorization: Basic dXNlcjpwYXNzWhy should we use the second method? It ensures that only servers that need authentication get your password. But it does mean that the server has to respond in a correct way (the
WWW-Authenticateheader). Perhaps this is what broke in your case, and why you had to override your HTTP Client to force preemptive authentication.(I suggest using Wireshark if you want to get a better idea of what is actually going on between your client and server. And you can read the documentation here for Apache's HTTP Client on this topic: https://hc.apache.org/httpcomponents-client-4.5.x/current/tutorial/html/authentication.html )
当我们将 Transport Pivot="java:org.apache.axis.transport.http.HTTPSender" 更改为 Transport Pivot="java:org.apache.axis client-config.wsdd 文件中的.transport.http.CommonsHTTPSender”。这个问题在没有设置 System.setProperty("httpclient.authentication.preemptive", "true"); 的情况下得到了解决。
客户端配置.wsdd -
When we changed transport pivot="java:org.apache.axis.transport.http.HTTPSender" to transport pivot="java:org.apache.axis.transport.http.CommonsHTTPSender" in client-config.wsdd file. This issue got resolved whithout setting System.setProperty("httpclient.authentication.preemptive", "true"); .
client-config.wsdd -