https请求获取token和cookie,并用于未来其他请求
主要参考百度AI生成的程序。
上次的例子用token带入了新的请求,请求成功,正确获取response.
我这里的例子是:
当请求不含token时,请求失败;当请求只含有token时,监控软件没有获取请求的用户名;当请求含有token和cookie时,监控软件能获取请求的用户名。我这里需要获取用户名,因此必须请求必须加上cookie.
1.用户打开baseUrl,此时请求的Request Headers和Response Headers均不含有token和cookie
2.用户输入正确的用户名和密码,点击登录。此时后台执行了
2a. getPublicKey,这个请求的Request Headers和Response Headers仍然不含有cookie,但是reponse中含有token。
2b. login, 这个请求中的Request Headers不含cookie,payload中含有token. Response Headers中含有cookie。有两个值,其中一个是JSESSIONID。这个JSESSIONID暂时忽略,我继续访问这个产品的其他功能,JSESSIONID会变化。
但是另一个cookie没变。因此重点关注另外一个。可能不同的产品cookie的名称也不同,这个名称必须已知。可以用以下方法获取cookie
Response response = client.target(loginUrl) // 第一个Request Header不含cookie但是Response Header含cookie的请求的url。
.request(MediaType.APPLICATION_JSON)
.post(Entity.entity(loginData, MediaType.APPLICATION_JSON), Response.class);
Map<String, NewCookie> cookies = response.getCookies();
cookies.forEach((key, value) -> System.out.println("Key: " + key + ", Value: " + value));
NewCookie cookie = response.getCookies().get(cookieName);
String cookieValue = cookie.getValue();
System.out.println(cookieValue);
然后用获取的token和cookie带入到新的请求中。此时监控软件中获取了用户名。
String cookiesValue = cookieName + "=" + cookieValue; // cookiename由产品决定,一般不变,可以Chrome F12 - network获取,cookieValue就是之前获取的值。 PolicyGroupHelper.GetPolicyGroupsResponse response = testClient.target(baseUrl + api) .request(MediaType.APPLICATION_JSON) .header("token", token) .header("Cookie", cookiesValue) .post(Entity.entity(filter, MediaType.APPLICATION_JSON), PolicyGroupHelper.GetPolicyGroupsResponse.class);
附完整可运行的程序
import cn.hutool.core.util.StrUtil; import org.apache.commons.codec.binary.Base64; import org.glassfish.jersey.client.ClientConfig; import org.glassfish.jersey.client.ClientProperties; import org.glassfish.jersey.jackson.JacksonFeature; import javax.crypto.Cipher; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import javax.ws.rs.ProcessingException; import javax.ws.rs.client.*; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.NewCookie; import javax.ws.rs.core.Response; import java.nio.charset.StandardCharsets; import java.security.KeyFactory; import java.security.interfaces.RSAPublicKey; import java.security.spec.X509EncodedKeySpec; import java.util.ArrayList; import java.util.List; import java.util.Map; public class SensLevelHelper { public static void main(String[] args) throws Exception { String baseUrl = "https://hostname:port/"; String api = "apiUrl不包含baseUrl"; String account = "******"; String password = "****"; String cookieName = "****"; // 这里的cookie的name,由server端提供的,根据产品的不同而不同。 getResponseWithTokenAndCookie(account, password, baseUrl, api, cookieName); } public static void getResponseWithTokenAndCookie(String account, String password, String baseUrl, String api, String cookieName) throws Exception { List<String> tokenAndCookie = getClientTokenAndCookie(account, password, baseUrl, api, cookieName); if (tokenAndCookie == null || tokenAndCookie.size() == 0) { System.out.println("haven't gotten token or cookie"); return; } String token = tokenAndCookie.get(0); String cookie = tokenAndCookie.get(1); String cookiesValue = cookieName + "=" + cookie; System.out.println(cookiesValue); ClientConfig configuration = new ClientConfig(); configuration = configuration.property(ClientProperties.CONNECT_TIMEOUT, 30000); configuration = configuration.property(ClientProperties.READ_TIMEOUT, 30000); Client testClient = ClientBuilder.newBuilder().sslContext(createIgnoreVerifySSL()).withConfig(configuration).hostnameVerifier((s1, s2) -> true).register(new JacksonFeature()).build(); PolicyGroupHelper.SearchPolicyFilter filter = new PolicyGroupHelper.SearchPolicyFilter(); filter.setType(1); PolicyGroupHelper.GetPolicyGroupsResponse response = testClient.target(baseUrl + api) .request(MediaType.APPLICATION_JSON) .header("token", token) .header("Cookie", cookiesValue) .post(Entity.entity(filter, MediaType.APPLICATION_JSON), PolicyGroupHelper.GetPolicyGroupsResponse.class); System.out.println(response); } public static List<String> getClientTokenAndCookie(String account, String password, String baseUrl, String api, String cookieName) { List<String> tokenAndCookie = new ArrayList<>(); String getKeyUrl = baseUrl + "getToken api 不包含baseUrl"; // 获取token 的API String loginUrl = baseUrl + "login api 不包含baseUrl"; // 获取cookie的API for (int i = 0; i < 3; i++) { try { Client client = ClientBuilder.newBuilder().sslContext(createIgnoreVerifySSL()).hostnameVerifier((s1, s2) -> true).register(new JacksonFeature()).build(); WebTarget webTarget = client.target(getKeyUrl); Invocation.Builder invocationBuilder = webTarget.request(MediaType.APPLICATION_JSON); LogInHelper.PubKey publicKey = invocationBuilder.get(LogInHelper.PubKey.class); byte[] decoded = Base64.decodeBase64(publicKey.getData()); RSAPublicKey pubKey; pubKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(decoded)); Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.ENCRYPT_MODE, pubKey); String outStr = Base64.encodeBase64String(cipher.doFinal(password.getBytes(StandardCharsets.UTF_8))); LogInHelper.LoginData loginData = new LogInHelper.LoginData(account, outStr); Response response = client.target(loginUrl) .request(MediaType.APPLICATION_JSON) .post(Entity.entity(loginData, MediaType.APPLICATION_JSON), Response.class); LogInHelper.LoginResponse loginResponse = response.readEntity(LogInHelper.LoginResponse.class); if (StrUtil.isNotEmpty(loginResponse.data.token)) { tokenAndCookie.add(loginResponse.data.token); } Map<String, NewCookie> cookies = response.getCookies(); cookies.forEach((key, value) -> System.out.println("Key: " + key + ", Value: " + value)); NewCookie cookie = response.getCookies().get(cookieName); String cookieValue = cookie.getValue(); if (StrUtil.isNotEmpty(cookieValue)) { tokenAndCookie.add(cookieValue); }
if (tokenAndCookie != null && tokenAndCookie.size() > 0) {
return tokenAndCookie;
}
} catch (ProcessingException ex) {
ex.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
return null;
}
private static SSLContext createIgnoreVerifySSL() throws Exception {
SSLContext sc = SSLContext.getInstance("TLSv1.3");
// 实现一个X509TrustManager接口,用于绕过验证,不用修改里面的方法
X509TrustManager trustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
String paramString) {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
String paramString) {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
};
sc.init(null, new TrustManager[]{trustManager}, null);
return sc;
}
}
