我正在编写一个用于发送和接收消息的基本 Android 应用程序。我也在使用 Tomcat 7.0.21 编写服务器端代码。我目前正在尝试实现“程序化 Web 应用程序安全性”(http://courses.coreservlets.com/Course-Materials/msajsp.html),其中显式执行客户端身份验证。
我现在已经完成了这个实现,当我使用 REST 客户端发送请求时它工作正常。但是,当我从 Android 设备/模拟器发送请求时,我收到 java.io.FileNotFoundException。当我检查 tomcat 访问日志时,似乎 tomcat 在我的 Servlet 代码执行之前发送了一个 400 Bad Request,从而产生了异常。
我不知道这个问题是客户端还是服务器端。任何关于如何实现这一点的见解或建议将不胜感激。谢谢。
Tomcat localhost_access_log:
192.168.1.2 - - [05/Dec/2012:12:20:39 +0100] "GET /CA/users/get_contacts?user_id=freespirit HTTP/1.1" 400 -
我扩展的 Servlet 类,我相信它们永远不会被执行:
package carter.server.conversations;
import java.io.IOException;
import java.sql.Connection;
import java.sql.SQLException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import sun.misc.BASE64Decoder;
import carter.sqlite.SQLiteUtilities;
import carter.sqlite.conversations.DatabaseHelper;
public class AuthorizationServlet extends HttpsServlet {
protected static final int SERVLET_EXCEPTION_UNAUTHORIZED = 1;
@Override
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
super.doGet(request, response);
String authorization = request.getHeader("Authorization");
if(authorization == null){
System.out.println("CAAuthorizationServlet: Authorization is null. Sending 401.");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
else{
String base64encodedDetails = authorization.substring(6).trim(); //remove "BASIC " prefix
BASE64Decoder decoder = new BASE64Decoder();
String unencodedDetails = new String(decoder.decodeBuffer(base64encodedDetails));
String[] userDetails = unencodedDetails.split(":");
//check database for given details
Connection databaseConnection = SQLiteUtilities.getConnection(Constants.databasePath);
try{
String password = DatabaseHelper.getPassword(userDetails[0], databaseConnection);
if(password.equals(userDetails[1]) == false){
//password does not match this user
System.out.println("CAAuthorizationServlet: password does not match this user. Sending 401.");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
}
catch(SQLException e){
// no such user found in database.
System.out.println("CAAuthorizationServlet: no such user exists in database. Sending 401.");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
finally{
SQLiteUtilities.closeConnection(databaseConnection);
}
}
}
@Override
protected void doPost(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
super.doPost(request, response);
doGet(request, response);
}
}
package carter.server.conversations;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class HttpsServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
System.out.println("CAHttpsServlet: checking request is secure");
if(request.isSecure() == false){
System.out.println("CAHttpsServlet: Request is NOT secure. Sending 400");
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
}
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
最佳答案
嗯,你在自己的代码中拒绝请求:
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
System.out.println("CAHttpsServlet: checking request is secure");
if(request.isSecure() == false){
System.out.println("CAHttpsServlet: Request is NOT secure. Sending 400");
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
}
}
关于java - Tomcat 在处理带有身份验证 header 的 android 请求之前发送 400s,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/13724125/