Bonita Web API - 401未授權錯誤

Question

我正在嘗試使用Bonita Web API。我的代碼如下。正如你所看到的，我在調用任何其他API服務之前調用loginservice。它登錄到OK 200.但是，當我進行後續調用以獲取進程列表時，出現401錯誤。您從第一次調用中獲得JSESSIONID，並且您想將它傳遞給後續調用來驗證您的身份。

var baseAddress = new Uri(<base address>); 
var cookieContainer = new CookieContainer(); 
using (var handler = new HttpClientHandler() { CookieContainer = cookieContainer }) 
using (var client = new HttpClient(handler) { BaseAddress = baseAddress }) 
    { 
      HttpResponseMessage result = client.PostAsync("/bonita/loginservice", new StringContent("login=<username>,password=<password>,redirect=false")).Result; 
      client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); 
      HttpResponseMessage result2 = client.GetAsync("/bonita/API/bpm/process").Result; 
      result2.EnsureSuccessStatusCode(); 
    } 

Answer 1

這適用於.Net 2.0 C＃，但有一些有趣的事情要檢查。

WebClient wc = new WebClient(); 
wc.Proxy = WebRequest.GetSystemWebProxy(); 
//wc.Headers[HttpRequestHeader.AcceptEncoding] = "gzip, deflate"; 
string strLogin = wc.DownloadString("http://localhost:8080/bonita/loginservice?username=walter.bates&password=bpm&redirect=false"); 

wc.Headers[HttpRequestHeader.Cookie] = wc.ResponseHeaders[HttpResponseHeader.SetCookie].ToString(); 
string strCookie = wc.ResponseHeaders[HttpResponseHeader.SetCookie].ToString(); 

string strProcesses = wc.DownloadString("http://localhost:8080/bonita/API/bpm/process?p=0"); 

首先，你應該知道如何確定所進行的操作是成功（登錄，getProcesses和其他）當您嘗試登錄，你總是會得到頭（例如"JSESSIONID=50E509D37AC28E2D725CBD45A8112FA7; Path=/bonita; HttpOnly"），並確定200即使您在Bonita的登錄嘗試是不成功的。

對於前面的示例

1）在成功登錄，您必須通過強制性的表單數據：用戶名，密碼和重定向您還必須確保通過重定向小寫。 "False"將不起作用，"false"將工作。因此，對於.Net，假設您有一個property-> Boolean重定向。你必須用redirect.ToString().ToLower()來使它小寫，因爲價值將會是"False"而你不想要。

假設您嘗試僅使用用戶名和密碼登錄而不通過重定向。結果是你會得到OK 200和頭部，但你也會得到一個錯誤的響應（響應必須是空的），所以在下一個請求（即getProcesses）你會得到（401）未授權。如果您通過redirect=False而不是redirect=false，則猜測結果。一模一樣。

2）你必須得到：strLogin="" // the body of the response must be empty strCookie="JSESSIONID=4F67F134840A2C72DBB968D53772FB22; Path=/bonita; HttpOnly"

對於成功getProcesses你通過你的登錄

wc.Headers[HttpRequestHeader.Cookie] = wc.ResponseHeaders[HttpResponseHeader.SetCookie].ToString(); 

拿到了頭前面的例子中，然後調用進程並獲得JSON字符串例如格式

"[{\"id\":\"6996906669894804403\",\"icon\":\"\",\"displayDescription\":\"\",\"deploymentDate\":\"2014-11-19 17:57:40.893\",\"description\":\"\",\"activationState\":\"ENABLED\",\"name\":\"Travel request\",\"deployedBy\":\"22\",\"displayName\":\"Travel request\",\"actorinitiatorid\":\"4\",\"last_update_date\":\"2014-11-19 17:57:41.753\",\"configurationState\":\"RESOLVED\",\"version\":\"1.0\"}]" 

（或[]，這意味着空JSON）

如果cookie未正確傳遞，您將再次遇到401錯誤。

解決方案對於.NET 4.5.1

using System; 
using System.Collections.Generic; 
using System.Diagnostics; 
using System.IO; 
using System.Linq; 
using System.Net; 
using System.Net.Http; 
using System.Net.Http.Headers; 
using System.Text; 
using System.Threading.Tasks; 
using System.Web; 


namespace BonitaRestApi 
{ 
    class BonitaApi 
    { 
     private CookieCollection collection; 
     string strCookietoPass; 
     string sessionID; 

     static void Main(string[] args) 
     { 
      BonitaApi obj = new BonitaApi(); 
      Task login = new Task(obj.Login); 
      login.Start(); 
      login.Wait(); 
      Console.ReadLine(); 

      Task GetProcesses = new Task(obj.GetProcesses); 
      GetProcesses.Start(); 
      GetProcesses.Wait(); 
      Console.ReadLine(); 

      Task logout = new Task(obj.Logout); 
      logout.Start(); 
      logout.Wait(); 
      Console.ReadLine(); 

     } 

     public async void Login() 
     { 
      const string url = "http://localhost:8080/bonita/"; 

      var cookies = new CookieContainer(); 
      var handler = new HttpClientHandler(); 
      handler.CookieContainer = cookies; 

      using (var client = new HttpClient(handler)) 
      { 
       var uri = new Uri(url); 
       client.BaseAddress = uri; 
       //client.DefaultRequestHeaders.Accept.Clear(); 
       //client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); 

       var content = new FormUrlEncodedContent(new[] 
       { 
        new KeyValuePair<string, string>("username", "helen.kelly"), 
        new KeyValuePair<string, string>("password", "bpm"), 
        new KeyValuePair<string, string>("redirect", "false"), 
        new KeyValuePair<string, string>("redirectUrl", ""), 
       }); 

       HttpResponseMessage response = await client.PostAsync("loginservice", content); 

       if (response.IsSuccessStatusCode) 
       { 
        var responseBodyAsText = await response.Content.ReadAsStringAsync(); 

        if (!String.IsNullOrEmpty(responseBodyAsText)) 
        { 
         Console.WriteLine("Unsuccessful Login.Bonita bundle may not have been started, or the URL is invalid."); 
         return; 
        } 

        collection= cookies.GetCookies(uri); 
        strCookietoPass = response.Headers.GetValues("Set-Cookie").FirstOrDefault(); 

        sessionID = collection["JSESSIONID"].ToString(); 

        Console.WriteLine(string.Format("Successful Login Retrieved session ID {0}", sessionID)); 
         // Do useful work 
       } 
       else 
       { 
        Console.WriteLine("Login Error" + (int)response.StatusCode + "," + response.ReasonPhrase); 
       } 

      } 
     } 

     public async void Logout() 
     { 
      const string url = "http://localhost:8080/bonita/"; 

      var cookies = new CookieContainer(); 
      var handler = new HttpClientHandler(); 
      handler.CookieContainer = cookies; 

      using (var client = new HttpClient(handler)) 
      { 
       var uri = new Uri(url); 
       client.BaseAddress = uri; 

       var content = new FormUrlEncodedContent(new[] 
       { 
        new KeyValuePair<string, string>("redirect", "false") 
       }); 

       HttpResponseMessage response = await client.PostAsync("logoutservice", content); 

       if (response.IsSuccessStatusCode) 
       { 
        var responseBodyText = await response.Content.ReadAsStringAsync(); 

        if (!String.IsNullOrEmpty(responseBodyText)) 
        { 
         Console.WriteLine("Unsuccessful Logout.Bonita bundle may not have been started, or the URL is invalid."); 
         return; 
        } 

        Console.WriteLine("Successfully Logged out."); 
       } 
       else 
       { 
        Console.WriteLine("Logout Error" + (int)response.StatusCode + "," + response.ReasonPhrase); 
       } 

      } 
     } 

     public async void GetProcesses() 
     { 

      var handler = new HttpClientHandler(); 

      Cookie ok = new Cookie("Set-Cookie:",strCookietoPass); 

      handler.CookieContainer.Add(collection); 

      using (var client = new HttpClient(handler)) 
      { 

       var builder = new UriBuilder("http://localhost/bonita/API/bpm/process"); 
       builder.Port = 8080; 

       var query = HttpUtility.ParseQueryString(builder.Query); 
       query["p"] = "0"; 
       query["c"] = "10"; 
       builder.Query = query.ToString(); 

       Uri uri= new Uri(builder.ToString()); 
       client.BaseAddress = uri; 

       HttpResponseMessage response = await client.GetAsync(uri.ToString()); 

       if (response.IsSuccessStatusCode) 
       { 
        var responseBodyText = await response.Content.ReadAsStringAsync(); 

        if (String.IsNullOrEmpty(responseBodyText)) 
        { 
         Console.WriteLine("Unsuccessful GetProcesses.Bonita bundle may not have been started, or the URL is invalid."); 
         return; 
        } 

        Console.WriteLine("Successfully GetProcesses:" + responseBodyText); 

       } 
       else 
       { 
        Console.WriteLine("GetProcesses Error" + (int)response.StatusCode + "," + response.ReasonPhrase); 
       } 

      } 
     } 
    } 
} 

Answer 2

我必須爲每一個非GET請求同樣的問題（401錯誤）。

我終於通過這讓看的CSRF文檔： http://documentation.bonitasoft.com/7.4?page=csrf-security

（見「是否有關於REST API調用的影響？「一節）

succesfull登錄後，你必須把一個特殊的頭在你的要求：

key: X-Bonita-API-Token 

value: the one you got after your login (check the relevant cookie)