您需要从Set-Cookie
响应标头中提取jsessionid
,并将其作为URL属性附加到后续请求中作为http://example.com/path/page.jsf;jsessionid=XXX
。
这里有一个开球例如与“普通的香草” java.net.URLConnection
的帮助:
// Prepare stuff.
String loginurl = "http://example.com/login";
String username = "itsme";
String password = "youneverguess";
URLConnection connection = null;
InputStream response = null;
// First get jsessionid (do as if you're just opening the login page).
connection = new URL(loginurl).openConnection();
response = connection.getInputStream(); // This will actually send the request.
String cookie = connection.getHeaderField("Set-Cookie");
String jsessionid = cookie.split(";")[0].split("=")[1]; // This assumes JSESSIONID is first field (normal case), you may need to change/finetune it.
String jsessionidurl = ";jsessionid=" + jsessionid;
response.close(); // We're only interested in response header. Ignore the response body.
// Now do login.
String authurl = loginurl + "/j_security_check" + jsessionidurl;
connection = new URL(authurl).openConnection();
connection.setDoOutput(true); // Triggers POST method.
PrintWriter writer = new PrintWriter(new OutputStreamWriter(connection.getOutputStream()));
writer.write("j_username=" + URLEncoder.encode(username, "UTF-8")
+ "&j_password=" + URLEncoder.encode(password, "UTF-8"));
writer.close();
response = connection.getInputStream(); // This will actually send the request.
response.close();
// Now you can do any requests in the restricted area using jsessionid. E.g.
String downloadurl = "http://example.com/download/file.ext" + jsessionidurl;
InputStream download = new URL(downloadurl).openStream();
// ...
为了实现用更少的臃肿的代码相同,考虑Apache Commons HttpComponents Client。
可以肯定:使用基于表单的身份验证,你的意思是说你正在使用'j_security_check'而不是一个本地的身份验证? – BalusC 2010-02-04 18:20:25
是的...它使用j_security_check,我试着从sites.google.com下载一个文档,再次使用基于表单的身份验证,它正在工作。仅适用于本网站,它不起作用来自浏览器的请求将为POST/Site/block/send-receive-updates – user266443 2010-02-05 07:23:07