Groovy Digest authentication
I am trying to write a groovy script (java code is welcome as well ;)) which should allow me to perform the Digest authentication. The need being it is to be able to use Digest auth in SOAPUI becauer SOAP doesn't support native this kind of authentication.
To test my script I used an URL: https://postman-echo.com/digest-auth
First I access the page via web browser to get the WWW-Authenticate header. Digest realm="Users", nonce="81lEQmJGxRb3Us9jVJPYlDpjw11On7zW", qop="auth"
Then I type the correct user+password and check the Authorization header computed by the web browser. Here is the result:
Digest username="postman", realm="Users", nonce="81lEQmJGxRb3Us9jVJPYlDpjw11On7zW", uri="/digest-auth", response="82884fe7c55a19e80e8c8dea7ba1aece", qop=auth, nc=00000001, cnonce="89aa538367b9069a"
Then I used the same data to perform the computation of the response data using my script. Here is the result:
Digest username="postman", realm="Users", nonce="81lEQmJGxRb3Us9jVJPYlDpjw11On7zW", uri="/digest-auth", response="a6767f0a78d17e0cab90df65ec2ace5c", qop=auth,nc="00000001",cnonce="03d476861afd384510f2cb80ccfa8511"
My response is differen than the response computed by the web browser.
What do I do wrong?
Here is my script:
import org.apache.commons.codec.digest.DigestUtils
import com.eviware.soapui.impl.wsdl.actions.teststep.RunFromTestStepAction
// URL: https://postman-echo.com/digest-auth
wwwAuthHeader = "Digest realm="Users", nonce="81lEQmJGxRb3Us9jVJPYlDpjw11On7zW", qop="auth""
def realmArray = wwwAuthHeader.split(",")
def realm = realmArray[0].split("=")[1]
def nonce = realmArray[1].split("=")[1]
def qop = realmArray[2].split("=")[1]
def uri = "/digest-auth"
def user = "postman"
def pass = "password"
def method ="GET"
def resp = md5(user,realm,pass,method,uri,nonce)
log.info "resp: "+resp
def cnonce = DigestUtils.md5Hex(user)
def authorizationString = "Digest username="$user", realm=$realm, nonce=$nonce, uri="$uri", response="$resp", qop=auth,nc="00000001",cnonce="$cnonce""
log.info "authorizationString: " + authorizationString
// methods
def md5(user, realm, pass, method, String uri, nonce) {
def A1 = DigestUtils.md5Hex ("$user:$realm:$pass")
def A2 = DigestUtils.md5Hex ("$method:$uri")
return DigestUtils.md5Hex ("$A1:$nonce:$A2")
}
If you just would like to write a groovy script (java code is welcome as well, as your question reads) which allows you to perform the Digest authentication, here is something for your reference:
@Grab(group='org.apache.httpcomponents', module='httpclient', version='4.5.3')
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.auth.AuthScope;
import org.apache.http.HttpResponse;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.util.EntityUtils;
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(
new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT),
new UsernamePasswordCredentials("postman", "password"));
CloseableHttpClient httpClient = HttpClients.custom()
.setDefaultCredentialsProvider(credsProvider)
.build();
HttpGet httpGet = new HttpGet("https://postman-echo.com/digest-auth");
HttpResponse httpResponse = httpClient.execute(httpGet);
String content = EntityUtils.toString(httpResponse.getEntity());
println content;
Run it and the output looks like this:
{"authenticated":true}
链接地址: http://www.djcxy.com/p/22320.html
上一篇: XMLHttpRequest状态0(responseText为空)
下一篇: Groovy摘要认证