0
我想寫一個groovy腳本(也歡迎java代碼;))應該允許我執行摘要身份驗證。需要的是能夠在SOAPUI中使用摘要身份驗證,因爲SOAP不支持本地這種身份驗證。Groovy摘要身份驗證
爲了測試我的劇本我用了一個網址:https://postman-echo.com/digest-auth
首先,我通過Web瀏覽器訪問該頁面以獲取WWW驗證報頭。 文摘境界=「用戶」,隨機數=「81lEQmJGxRb3Us9jVJPYlDpjw11On7zW」,QOP =「AUTH」
然後我鍵入正確的用戶口令+和檢查由web瀏覽器計算出的授權報頭。結果如下:
Digest username="postman", realm="Users", nonce="81lEQmJGxRb3Us9jVJPYlDpjw11On7zW", uri="/digest-auth", response="82884fe7c55a19e80e8c8dea7ba1aece", qop=auth, nc=00000001, cnonce="89aa538367b9069a"
然後我用相同的數據來執行使用我的腳本計算響應數據。結果如下:
Digest username="postman", realm="Users", nonce="81lEQmJGxRb3Us9jVJPYlDpjw11On7zW", uri="/digest-auth", response="a6767f0a78d17e0cab90df65ec2ace5c", qop=auth,nc="00000001",cnonce="03d476861afd384510f2cb80ccfa8511"
我的回答與Web瀏覽器計算的回答有差異。
我該怎麼做?
這裏是我的腳本:
import org.apache.commons.codec.digest.DigestUtils
import com.eviware.soapui.impl.wsdl.actions.teststep.RunFromTestStepAction
// URL: https://postman-echo.com/digest-auth
wwwAuthHeader = "Digest realm=\"Users\", nonce=\"81lEQmJGxRb3Us9jVJPYlDpjw11On7zW\", qop=\"auth\""
def realmArray = wwwAuthHeader.split(",")
def realm = realmArray[0].split("=")[1]
def nonce = realmArray[1].split("=")[1]
def qop = realmArray[2].split("=")[1]
def uri = "/digest-auth"
def user = "postman"
def pass = "password"
def method ="GET"
def resp = md5(user,realm,pass,method,uri,nonce)
log.info "resp: "+resp
def cnonce = DigestUtils.md5Hex(user)
def authorizationString = "Digest username=\"$user\", realm=$realm, nonce=$nonce, uri=\"$uri\", response=\"$resp\", qop=auth,nc=\"00000001\",cnonce=\"$cnonce\""
log.info "authorizationString: " + authorizationString
// methods
def md5(user, realm, pass, method, String uri, nonce) {
def A1 = DigestUtils.md5Hex ("$user:$realm:$pass")
def A2 = DigestUtils.md5Hex ("$method:$uri")
return DigestUtils.md5Hex ("$A1:$nonce:$A2")
}