2017-07-27 238 views
0

我想寫一個groovy腳本(也歡迎java代碼;))應該允許我執行摘要身份驗證。需要的是能夠在SOAPUI中使用摘要身份驗證,因爲SOAP不支持本地這種身份驗證。Groovy摘要身份驗證

爲了測試我的劇本我用了一個網址:https://postman-echo.com/digest-auth

首先,我通過Web瀏覽器訪問該頁面以獲取WWW驗證報頭。 文摘境界=「用戶」,隨機數=「81lEQmJGxRb3Us9jVJPYlDpjw11On7zW」,QOP =「AUTH」

然後我鍵入正確的用戶口令+和檢查由web瀏覽器計算出的授權報頭。結果如下:

Digest username="postman", realm="Users", nonce="81lEQmJGxRb3Us9jVJPYlDpjw11On7zW", uri="/digest-auth", response="82884fe7c55a19e80e8c8dea7ba1aece", qop=auth, nc=00000001, cnonce="89aa538367b9069a" 

然後我用相同的數據來執行使用我的腳本計算響應數據。結果如下:

Digest username="postman", realm="Users", nonce="81lEQmJGxRb3Us9jVJPYlDpjw11On7zW", uri="/digest-auth", response="a6767f0a78d17e0cab90df65ec2ace5c", qop=auth,nc="00000001",cnonce="03d476861afd384510f2cb80ccfa8511" 

我的回答與Web瀏覽器計算的回答有差異。

我該怎麼做?

這裏是我的腳本:

import org.apache.commons.codec.digest.DigestUtils 
import com.eviware.soapui.impl.wsdl.actions.teststep.RunFromTestStepAction 


// URL: https://postman-echo.com/digest-auth 

wwwAuthHeader = "Digest realm=\"Users\", nonce=\"81lEQmJGxRb3Us9jVJPYlDpjw11On7zW\", qop=\"auth\"" 

def realmArray = wwwAuthHeader.split(",") 

def realm = realmArray[0].split("=")[1] 
def nonce = realmArray[1].split("=")[1] 
def qop = realmArray[2].split("=")[1] 

def uri = "/digest-auth" 
def user = "postman" 
def pass = "password" 
def method ="GET" 



def resp = md5(user,realm,pass,method,uri,nonce) 

log.info "resp: "+resp 

def cnonce = DigestUtils.md5Hex(user) 

def authorizationString = "Digest username=\"$user\", realm=$realm,   nonce=$nonce, uri=\"$uri\", response=\"$resp\", qop=auth,nc=\"00000001\",cnonce=\"$cnonce\"" 

log.info "authorizationString: " + authorizationString 

// methods 

def md5(user, realm, pass, method, String uri, nonce) { 

    def A1 = DigestUtils.md5Hex ("$user:$realm:$pass") 
    def A2 = DigestUtils.md5Hex ("$method:$uri") 

    return DigestUtils.md5Hex ("$A1:$nonce:$A2") 
} 

回答

1

如果你只是想編寫一個Groovy腳本(Java代碼是值得歡迎的好,因爲你的問題讀取),它可以讓你執行摘要式身份驗證,這裏是東西供大家參考:

@Grab(group='org.apache.httpcomponents', module='httpclient', version='4.5.3') 

import org.apache.http.auth.UsernamePasswordCredentials; 
import org.apache.http.client.CredentialsProvider; 
import org.apache.http.impl.client.CloseableHttpClient; 
import org.apache.http.impl.client.BasicCredentialsProvider; 
import org.apache.http.auth.AuthScope; 
import org.apache.http.HttpResponse; 
import org.apache.http.impl.client.HttpClients; 
import org.apache.http.client.methods.HttpGet; 
import org.apache.http.util.EntityUtils; 

CredentialsProvider credsProvider = new BasicCredentialsProvider(); 
credsProvider.setCredentials(
     new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT), 
     new UsernamePasswordCredentials("postman", "password")); 

CloseableHttpClient httpClient = HttpClients.custom() 
     .setDefaultCredentialsProvider(credsProvider) 
     .build(); 

HttpGet httpGet = new HttpGet("https://postman-echo.com/digest-auth"); 
HttpResponse httpResponse = httpClient.execute(httpGet); 
String content = EntityUtils.toString(httpResponse.getEntity()); 
println content; 

運行它,並輸出看起來是這樣的:

{"authenticated":true}