android - 在 http 请求中将用户名和密码作为参数发送

Question

我在网上获得了一个使用 Restful api 进行简单登录和注册的示例代码。 我已经获得了外部 jar 文件并对其进行了编译，但是其中一种方法没有得到解决。
“invokeWS”方法出错，尽管 RequestParams 工作正常，请提出建议。 这是我用来获取 jar 文件的链接 --
http://loopj.com/android-async-http/

我把代码放在这里

包 com.example.dell.restful_demo;

import android.app.DownloadManager;
import android.app.ProgressDialog;
import android.os.Bundle;
import android.support.v7.app.AppCompatActivity;
import android.view.View;
import android.widget.EditText;
import android.widget.TextView;
import android.widget.Toast;

import com.loopj.android.http.RequestParams;
import com.loopj.android.http.AsyncHttpClient;
import com.loopj.android.http.AsyncHttpResponseHandler;


public class LoginActivity extends AppCompatActivity {

// Progress Dialog Object
ProgressDialog prgDialog;
// Error Msg TextView Object
TextView errorMsg;
// Email Edit View Object
EditText emailET;
// Passwprd Edit View Object
EditText pwdET;

@Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_login);

    // Find Error Msg Text View control by ID
    errorMsg = (TextView) findViewById(R.id.login_error);
    // Find Email Edit View control by ID
    emailET = (EditText) findViewById(R.id.loginEmail);
    // Find Password Edit View control by ID
    pwdET = (EditText) findViewById(R.id.loginPassword);
    // Instantiate Progress Dialog object
    prgDialog = new ProgressDialog(this);
    // Set Progress Dialog Text
    prgDialog.setMessage("Please wait...");
    // Set Cancelable as False
    prgDialog.setCancelable(false);

}


public void loginUser(View view) {
    // Get Email Edit View Value
    String email = emailET.getText().toString();
    // Get Password Edit View Value
    String password = pwdET.getText().toString();
    // Instantiate Http Request Param Object
    RequestParams params = new RequestParams();
    // When Email Edit View and Password Edit View have values other than Null
    if (Utility.isNotNull(email) && Utility.isNotNull(password)) {
        // When Email entered is Valid
        if (Utility.validate(email)) {
            // Put Http parameter username with value of Email Edit View control
            params.put("username", email);
            // Put Http parameter password with value of Password Edit Value control
            params.put("password", password);
            // Invoke RESTful Web Service with Http parameters
            invokeWS(params);
        }
        // When Email is invalid
        else {
            Toast.makeText(getApplicationContext(), "Please enter valid email", Toast.LENGTH_LONG).show();
        }
    }
    // When any of the Edit View control left blank
    else {
        Toast.makeText(getApplicationContext(), "Please fill the form, don't leave any field blank", Toast.LENGTH_LONG).show();
    }

}

Answer 1

如果您使用基本身份验证，则必须通过授权 header 而不是正文参数发送用户名和密码。

这是一个例子:

获取/securefiles/HTTP/1.1
主办方:www.httpwatch.com
授权:基本 aHR0cHdhdGNoOmY=

https://www.httpwatch.com/httpgallery/authentication/

凭据以 Base64 编码，您可以在此处查看解释:

https://security.stackexchange.com/questions/29916/why-does-http-basic-authentication-encode-the-username-and-password-with-base64