1. 首页
  2. 问答
  3. Groovy摘要身份验证

Groovy摘要身份验证

2017-07-27 177 views
0

我想写一个groovy脚本(也欢迎java代码;))应该允许我执行摘要身份验证。需要的是能够在SOAPUI中使用摘要身份验证,因为SOAP不支持本地这种身份验证。Groovy摘要身份验证

为了测试我的剧本我用了一个网址:https://postman-echo.com/digest-auth

首先,我通过Web浏览器访问该页面以获取WWW验证报头。 文摘境界=“用户”,随机数=“81lEQmJGxRb3Us9jVJPYlDpjw11On7zW”,QOP =“AUTH”

然后我键入正确的用户口令+和检查由web浏览器计算出的授权报头。结果如下:

Digest username="postman", realm="Users", nonce="81lEQmJGxRb3Us9jVJPYlDpjw11On7zW", uri="/digest-auth", response="82884fe7c55a19e80e8c8dea7ba1aece", qop=auth, nc=00000001, cnonce="89aa538367b9069a"

然后我用相同的数据来执行使用我的脚本计算响应数据。结果如下:

Digest username="postman", realm="Users", nonce="81lEQmJGxRb3Us9jVJPYlDpjw11On7zW", uri="/digest-auth", response="a6767f0a78d17e0cab90df65ec2ace5c", qop=auth,nc="00000001",cnonce="03d476861afd384510f2cb80ccfa8511"

我的回答与Web浏览器计算的回答有差异。

我该怎么做?

这里是我的脚本:

import org.apache.commons.codec.digest.DigestUtils 
import com.eviware.soapui.impl.wsdl.actions.teststep.RunFromTestStepAction 


// URL: https://postman-echo.com/digest-auth 

wwwAuthHeader = "Digest realm=\"Users\", nonce=\"81lEQmJGxRb3Us9jVJPYlDpjw11On7zW\", qop=\"auth\"" 

def realmArray = wwwAuthHeader.split(",") 

def realm = realmArray[0].split("=")[1] 
def nonce = realmArray[1].split("=")[1] 
def qop = realmArray[2].split("=")[1] 

def uri = "/digest-auth" 
def user = "postman" 
def pass = "password" 
def method ="GET" 



def resp = md5(user,realm,pass,method,uri,nonce) 

log.info "resp: "+resp 

def cnonce = DigestUtils.md5Hex(user) 

def authorizationString = "Digest username=\"$user\", realm=$realm,   nonce=$nonce, uri=\"$uri\", response=\"$resp\", qop=auth,nc=\"00000001\",cnonce=\"$cnonce\"" 

log.info "authorizationString: " + authorizationString 

// methods 

def md5(user, realm, pass, method, String uri, nonce) { 

    def A1 = DigestUtils.md5Hex ("$user:$realm:$pass") 
    def A2 = DigestUtils.md5Hex ("$method:$uri") 

    return DigestUtils.md5Hex ("$A1:$nonce:$A2") 
}

来源

2017-07-27 Marcin Sanecki

回答

1

如果你只是想编写一个Groovy脚本(Java代码是值得欢迎的好,因为你的问题读取),它可以让你执行摘要式身份验证,这里是东西供大家参考:

@Grab(group='org.apache.httpcomponents', module='httpclient', version='4.5.3') 

import org.apache.http.auth.UsernamePasswordCredentials; 
import org.apache.http.client.CredentialsProvider; 
import org.apache.http.impl.client.CloseableHttpClient; 
import org.apache.http.impl.client.BasicCredentialsProvider; 
import org.apache.http.auth.AuthScope; 
import org.apache.http.HttpResponse; 
import org.apache.http.impl.client.HttpClients; 
import org.apache.http.client.methods.HttpGet; 
import org.apache.http.util.EntityUtils; 

CredentialsProvider credsProvider = new BasicCredentialsProvider(); 
credsProvider.setCredentials(
     new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT), 
     new UsernamePasswordCredentials("postman", "password")); 

CloseableHttpClient httpClient = HttpClients.custom() 
     .setDefaultCredentialsProvider(credsProvider) 
     .build(); 

HttpGet httpGet = new HttpGet("https://postman-echo.com/digest-auth"); 
HttpResponse httpResponse = httpClient.execute(httpGet); 
String content = EntityUtils.toString(httpResponse.getEntity()); 
println content;

运行它,并输出看起来是这样的:

{"authenticated":true}

来源

2017-10-03 14:38:42 Yuci

相关问题

 相关问题