Groovy摘要认证

2018-06-07 06:39:55

我正在尝试编写一个groovy脚本（也欢迎java代码;）），它应该允许我执行摘要式身份验证。需要的是能够在SOAPUI中使用摘要身份验证，因为SOAP不支持本地这种身份验证。

为了测试我的脚本，我使用了一个URL：https：//postman-echo.com/digest-auth

首先，我通过网络浏览器访问该页面以获取WWW-Authenticate标题。 Digest realm =“Users”，nonce =“81lEQmJGxRb3Us9jVJPYlDpjw11On7zW”，qop =“auth”

然后输入正确的用户名和密码，并检查Web浏览器计算的授权标题。结果如下：

Digest username="postman", realm="Users", nonce="81lEQmJGxRb3Us9jVJPYlDpjw11On7zW", uri="/digest-auth", response="82884fe7c55a19e80e8c8dea7ba1aece", qop=auth, nc=00000001, cnonce="89aa538367b9069a"

然后，我使用相同的数据来使用我的脚本执行响应数据的计算。结果如下：

Digest username="postman", realm="Users", nonce="81lEQmJGxRb3Us9jVJPYlDpjw11On7zW", uri="/digest-auth", response="a6767f0a78d17e0cab90df65ec2ace5c", qop=auth,nc="00000001",cnonce="03d476861afd384510f2cb80ccfa8511"

我的回应与网页浏览器计算的回应不同。

我做错了什么？

这是我的脚本：

import org.apache.commons.codec.digest.DigestUtils
import com.eviware.soapui.impl.wsdl.actions.teststep.RunFromTestStepAction


// URL: https://postman-echo.com/digest-auth

wwwAuthHeader = "Digest realm="Users",    nonce="81lEQmJGxRb3Us9jVJPYlDpjw11On7zW", qop="auth""

def realmArray = wwwAuthHeader.split(",")

def realm = realmArray[0].split("=")[1]
def nonce = realmArray[1].split("=")[1]
def qop = realmArray[2].split("=")[1]

def uri = "/digest-auth"
def user = "postman"
def pass = "password"
def method ="GET"



def resp = md5(user,realm,pass,method,uri,nonce)

log.info "resp: "+resp

def cnonce = DigestUtils.md5Hex(user)

def authorizationString = "Digest username="$user", realm=$realm,         nonce=$nonce, uri="$uri", response="$resp", qop=auth,nc="00000001",cnonce="$cnonce""

log.info "authorizationString: " + authorizationString

// methods

def md5(user, realm, pass, method, String uri, nonce) {

    def A1 = DigestUtils.md5Hex ("$user:$realm:$pass")
    def A2 = DigestUtils.md5Hex ("$method:$uri")

    return DigestUtils.md5Hex ("$A1:$nonce:$A2")
}

如果你只是想编写一个groovy脚本（也欢迎java代码，正如你的问题所读），它允许你执行Digest认证，这里有一些供你参考的东西：

@Grab(group='org.apache.httpcomponents', module='httpclient', version='4.5.3')

import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.auth.AuthScope;
import org.apache.http.HttpResponse;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.util.EntityUtils;

CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(
        new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT),
        new UsernamePasswordCredentials("postman", "password"));

CloseableHttpClient httpClient = HttpClients.custom()
        .setDefaultCredentialsProvider(credsProvider)
        .build();

HttpGet httpGet = new HttpGet("https://postman-echo.com/digest-auth");
HttpResponse httpResponse = httpClient.execute(httpGet);
String content = EntityUtils.toString(httpResponse.getEntity());
println content;

运行它，输出如下所示：

{"authenticated":true}

链接地址: http://www.djcxy.com/p/22319.html

上一篇: Groovy Digest authentication

下一篇: Digest Authentication (Java/Android)