下面是我送的WS握手完成发送GET HTTPS请求但获得403禁止响应,为什么?
"https://ekp.truefriend.com/COVIWeb/gate/AutoAuthentication.aspx?UserID=DP0001&BackUrl=http%3a%2f%2fgw.truefriendtest.com%2fCOVIWeb%2fApproval%2fForms%2fForm.aspx%3fmobileyn%3dY%26piid%3d96482621-6cc4-401c-a6f9-5ba6cb7ce26f%26wiid%3d425a9bc9-8607-4898-9158-ed9170da1d89%26fmpf%3dWF_A_DRAFT_PAPER01%26fmrv%3d0%26fiid%3d749526BE-B208-4987-B751-2DD0FC03F0F6%26fmid%3d24f6765d-69d1-429f-b0da-b540a064f0e2%26scid%3ddc4378f1-7edd-4d69-8fe4-5867ed32c8b9"
它应该做的是将浏览器重定向到URL中的给定BackUrl页之后的URL。它在IE8中显示正确的结果,即使证书有问题。在PC版Chrome中,它显示了HTML的一些代码。在Android中,我得到了403 Forbidden错误。
HTTP/1.1 403 Forbidden (The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. )
我用这个方法来流数据
try{
URL url = new URL(urlString);
HttpsURLConnection.setDefaultHostnameVerifier(new FakeHostVerifier());
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
Log.d("SSLDemo", "getAcceptedIssuers");
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
Log.d("SSLDemo", "Check Client Trusted");
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
Log.d("SSLDemo", "Check Server Trusted");
}
}
};
SSLContext sc = SSLContext.getInstance("TLS"); //"TLS"
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
int port = 443;
SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory();
socket = (SSLSocket)factory.createSocket(url.getHost(), port);
socket.startHandshake();
/**
* Connection Method
*/
String method = "GET";
String os = method + " "+urlString+" HTTP/1.0\r\n";
os += "Content-Length: 0";
os += "\r\n\r\n";
((SSLWeb)this.caller).updateRequest(urlString, method);
Log.i("TESTWEB", os);
BufferedWriter wout = new BufferedWriter(new OutputStreamWriter(socket.getOutputStream()));
wout.write(os);
wout.flush();
wout.close();
rd = new BufferedReader(new InputStreamReader(socket.getInputStream()));
//********* Not using thread
StringBuffer buff = new StringBuffer();
char[] buffer = new char[1024];
while(rd.read(buffer) > -1) {
buff.append(buffer);
Log.i("TESTWEB", "read buffer :" + String.valueOf(buffer));
}
Log.i("TESTWEB", "read line :" + buff.toString());
//**********
}catch(Exception e){
Log.e("TESTWEB", "Connecting error", e);
e.printStackTrace();
}
有什么错我的代码?我认为这个问题是与URL参数,但它在浏览器:(
我一直在寻找一种方法解决此问题的最后三天了,至今没有运气工作
编辑:这是用于跳过证书验证过程FakeHostVerifier类。是不是正确呢?
public class FakeHostVerifier implements HostnameVerifier {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
}
原因是什么? (你标记的答案,但它实际上包含几个建议。) – 2016-01-13 22:46:03
@JaroslavZáruba这是我的不好。我不知道该修复是什么。道歉不正确地记录解决方案。 – RobGThai 2016-01-14 12:03:40