我们尝试在一个HttpClient(一个会话)中向目标服务器发送多个请求。目标服务器将首先使用摘要式身份验证(基于MD5-sess)对所有请求进行身份验证。结果表明只有首次访问成功。以下访问被服务器拒绝,因为服务器将稍后访问视为重播攻击,因为“nc”值始终为“00000001”。Android HttpClient摘要身份验证授权标头“nc”硬编码
看来Android的HttpClient的硬编码的消化授权头attirbute “NC” 到 “00000001”?
当新的请求被发送时,客户端有什么办法增加这个值?谢谢。
公共类HttpService的{
private static final HttpService instance = new HttpService();
private HttpService() {
client = getHttpClient();
}
public static HttpService getInstance() {
return instance;
}
private DefaultHttpClient getHttpClient() {
HttpParams params = new BasicHttpParams();
HttpConnectionParams.setStaleCheckingEnabled(params, false);
HttpConnectionParams.setConnectionTimeout(params, 15 * 1000);
HttpConnectionParams.setSoTimeout(params, 15 * 1000);
HttpConnectionParams.setSocketBufferSize(params, 8192);
HttpProtocolParams.setUserAgent(params, USER_AGENT);
SchemeRegistry schemeRegistry = new SchemeRegistry();
Scheme httpScheme = new Scheme("http", PlainSocketFactory.getSocketFactory(), 80);
Scheme httpsScheme = new Scheme("https", SSLCertificateSocketFactory.getHttpSocketFactory(30 * 1000, null), 443);
schemeRegistry.register(httpScheme);
schemeRegistry.register(httpsScheme);
ClientConnectionManager manager = new ThreadSafeClientConnManager(params, schemeRegistry);
//create client
DefaultHttpClient httpClient = new DefaultHttpClient(manager, params);
httpClient.getCredentialsProvider().setCredentials(new AuthScope(address, port),
new UsernamePasswordCredentials(username, password));
}
}
你是如何初始化你的HttpClient的?发布一些代码。 – 2012-03-23 08:02:54
初始化非常普遍。我在原始文章中添加示例代码。谢谢 – lyobwon 2012-03-23 08:31:26