我有https设置弹簧安全。卷发授权
当我试图以安全的方式在URL上运行curl GET时,我看到了一个意外的行为。
当curl首先向服务器发送请求时,它会在没有授权数据的情况下执行此操作(为什么?我专门添加了它)。然后,服务器回复认证错误(401)。 然后客户端重新发送请求,这次是授权数据,服务器正确回复所需的数据。
任何想法为什么发生这种情况?
卷曲命令:
卷曲-v --insecure --anyauth --user用户名:密码-H “接受:应用/ JSON” -H “内容类型:应用/ JSON” -X GET本地主机:8443/myresource
请求1:
> GET /myresource HTTP/1.1
> User-Agent: curl/7.21.3 (x86_64-redhat-linux-gnu) libcurl/7.21.3 NSS/3.13.1.0 zlib/1.2.5 libidn/1.19 libssh2/1.2.7
> Host: localhost:8443
> Accept: application/json
> Content-Type: application/json
响应1:
< HTTP/1.1 401 Unauthorized
< Server: Apache-Coyote/1.1
< Set-Cookie: JSESSIONID=B56A7F49E715795B5D1158DB192710AA; Path=/myresource ; Secure; HttpOnly
< WWW-Authenticate: Digest realm="Protected", qop="auth", nonce="MTM0Njg2MjYwMjY0ODozNDk5ZDkxNTYxNjMxMDJmNDA4MWQ1NTBmZjk5OGQ5Nw=="
< Content-Type: text/html;charset=utf-8
< Content-Length: 1119
< Date: Wed, 05 Sep 2012 16:29:52 GMT
请求2:
> GET /myresource HTTP/1.1
> Authorization: Digest username="username", realm="Protected", nonce="MTM0Njg2MjYwMjY0ODozNDk5ZDkxNTYxNjMxMDJmNDA4MWQ1NTBmZjk5OGQ5Nw==", uri="/myresource", cnonce="ODczNjg0", nc=00000001, qop="auth", response="58faded9ae5f639ba0056fb86edca71f"
> User-Agent: curl/7.21.3 (x86_64-redhat-linux-gnu) libcurl/7.21.3 NSS/3.13.1.0 zlib/1.2.5 libidn/1.19 libssh2/1.2.7
> Host: localhost:8443
> Accept: application/json
> Content-Type: application/json
响应2:
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< Set-Cookie: JSESSIONID=37F375C5663C4A049D95D49C7C1CF0FD; Path=/myresource ; Secure; HttpOnly
< Content-Type: application/json
< Transfer-Encoding: chunked
< Date: Wed, 05 Sep 2012 16:29:52 GMT
请分享你的curl命令和相关输出。您还可以使用-v选项获取更多信息。 – Kylos