您需要從Set-Cookie
響應標頭中提取jsessionid
,並將其作爲URL屬性附加到後續請求中作爲http://example.com/path/page.jsf;jsessionid=XXX
。
這裏有一個開球例如與「普通的香草」 java.net.URLConnection
的幫助:
// Prepare stuff.
String loginurl = "http://example.com/login";
String username = "itsme";
String password = "youneverguess";
URLConnection connection = null;
InputStream response = null;
// First get jsessionid (do as if you're just opening the login page).
connection = new URL(loginurl).openConnection();
response = connection.getInputStream(); // This will actually send the request.
String cookie = connection.getHeaderField("Set-Cookie");
String jsessionid = cookie.split(";")[0].split("=")[1]; // This assumes JSESSIONID is first field (normal case), you may need to change/finetune it.
String jsessionidurl = ";jsessionid=" + jsessionid;
response.close(); // We're only interested in response header. Ignore the response body.
// Now do login.
String authurl = loginurl + "/j_security_check" + jsessionidurl;
connection = new URL(authurl).openConnection();
connection.setDoOutput(true); // Triggers POST method.
PrintWriter writer = new PrintWriter(new OutputStreamWriter(connection.getOutputStream()));
writer.write("j_username=" + URLEncoder.encode(username, "UTF-8")
+ "&j_password=" + URLEncoder.encode(password, "UTF-8"));
writer.close();
response = connection.getInputStream(); // This will actually send the request.
response.close();
// Now you can do any requests in the restricted area using jsessionid. E.g.
String downloadurl = "http://example.com/download/file.ext" + jsessionidurl;
InputStream download = new URL(downloadurl).openStream();
// ...
爲了實現用更少的臃腫的代碼相同,考慮Apache Commons HttpComponents Client。
可以肯定:使用基於表單的身份驗證,你的意思是說你正在使用'j_security_check'而不是一個本地的身份驗證? – BalusC 2010-02-04 18:20:25
是的...它使用j_security_check,我試着從sites.google.com下載一個文檔,再次使用基於表單的身份驗證,它正在工作。僅適用於本網站,它不起作用來自瀏覽器的請求將爲POST/Site/block/send-receive-updates – user266443 2010-02-05 07:23:07