主要参考百度AI生成的程序。
上次的例子用token带入了新的请求,请求成功,正确获取response.
我这里的例子是:
当请求不含token时,请求失败;当请求只含有token时,监控软件没有获取请求的用户名;当请求含有token和cookie时,监控软件能获取请求的用户名。我这里需要获取用户名,因此必须请求必须加上cookie.
1.用户打开baseUrl,此时请求的Request Headers和Response Headers均不含有token和cookie
2.用户输入正确的用户名和密码,点击登录。此时后台执行了
2a. getPublicKey,这个请求的Request Headers和Response Headers仍然不含有cookie,但是reponse中含有token。
2b. login, 这个请求中的Request Headers不含cookie,payload中含有token. Response Headers中含有cookie。有两个值,其中一个是JSESSIONID。这个JSESSIONID暂时忽略,我继续访问这个产品的其他功能,JSESSIONID会变化。
但是另一个cookie没变。因此重点关注另外一个。可能不同的产品cookie的名称也不同,这个名称必须已知。可以用以下方法获取cookie
Response response = client.target(loginUrl) // 第一个Request Header不含cookie但是Response Header含cookie的请求的url。
.request(MediaType.APPLICATION_JSON)
.post(Entity.entity(loginData, MediaType.APPLICATION_JSON), Response.class);
Map<String, NewCookie> cookies = response.getCookies();
cookies.forEach((key, value) -> System.out.println("Key: " + key + ", Value: " + value));
NewCookie cookie = response.getCookies().get(cookieName);
String cookieValue = cookie.getValue();
System.out.println(cookieValue);
然后用获取的token和cookie带入到新的请求中。此时监控软件中获取了用户名。
String cookiesValue = cookieName + "=" + cookieValue; // cookiename由产品决定,一般不变,可以Chrome F12 - network获取,cookieValue就是之前获取的值。
PolicyGroupHelper.GetPolicyGroupsResponse response = testClient.target(baseUrl + api)
.request(MediaType.APPLICATION_JSON)
.header("token", token)
.header("Cookie", cookiesValue)
.post(Entity.entity(filter, MediaType.APPLICATION_JSON), PolicyGroupHelper.GetPolicyGroupsResponse.class);
附完整可运行的程序
import cn.hutool.core.util.StrUtil;
import org.apache.commons.codec.binary.Base64;
import org.glassfish.jersey.client.ClientConfig;
import org.glassfish.jersey.client.ClientProperties;
import org.glassfish.jersey.jackson.JacksonFeature;
import javax.crypto.Cipher;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.ws.rs.ProcessingException;
import javax.ws.rs.client.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Response;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
public class SensLevelHelper {
public static void main(String[] args) throws Exception {
String baseUrl = "https://hostname:port/";
String api = "apiUrl不包含baseUrl";
String account = "******";
String password = "****";
String cookieName = "****"; // 这里的cookie的name,由server端提供的,根据产品的不同而不同。
getResponseWithTokenAndCookie(account, password, baseUrl, api, cookieName);
}
public static void getResponseWithTokenAndCookie(String account, String password, String baseUrl, String api, String cookieName) throws Exception {
List<String> tokenAndCookie = getClientTokenAndCookie(account, password, baseUrl, api, cookieName);
if (tokenAndCookie == null || tokenAndCookie.size() == 0) {
System.out.println("haven't gotten token or cookie");
return;
}
String token = tokenAndCookie.get(0);
String cookie = tokenAndCookie.get(1);
String cookiesValue = cookieName + "=" + cookie;
System.out.println(cookiesValue);
ClientConfig configuration = new ClientConfig();
configuration = configuration.property(ClientProperties.CONNECT_TIMEOUT, 30000);
configuration = configuration.property(ClientProperties.READ_TIMEOUT, 30000);
Client testClient = ClientBuilder.newBuilder().sslContext(createIgnoreVerifySSL()).withConfig(configuration).hostnameVerifier((s1, s2) -> true).register(new JacksonFeature()).build();
PolicyGroupHelper.SearchPolicyFilter filter = new PolicyGroupHelper.SearchPolicyFilter();
filter.setType(1);
PolicyGroupHelper.GetPolicyGroupsResponse response = testClient.target(baseUrl + api)
.request(MediaType.APPLICATION_JSON)
.header("token", token)
.header("Cookie", cookiesValue)
.post(Entity.entity(filter, MediaType.APPLICATION_JSON), PolicyGroupHelper.GetPolicyGroupsResponse.class);
System.out.println(response);
}
public static List<String> getClientTokenAndCookie(String account, String password, String baseUrl, String api, String cookieName) {
List<String> tokenAndCookie = new ArrayList<>();
String getKeyUrl = baseUrl + "getToken api 不包含baseUrl"; // 获取token 的API
String loginUrl = baseUrl + "login api 不包含baseUrl"; // 获取cookie的API
for (int i = 0; i < 3; i++) {
try {
Client client = ClientBuilder.newBuilder().sslContext(createIgnoreVerifySSL()).hostnameVerifier((s1, s2) -> true).register(new JacksonFeature()).build();
WebTarget webTarget = client.target(getKeyUrl);
Invocation.Builder invocationBuilder = webTarget.request(MediaType.APPLICATION_JSON);
LogInHelper.PubKey publicKey = invocationBuilder.get(LogInHelper.PubKey.class);
byte[] decoded = Base64.decodeBase64(publicKey.getData());
RSAPublicKey pubKey;
pubKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(decoded));
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, pubKey);
String outStr = Base64.encodeBase64String(cipher.doFinal(password.getBytes(StandardCharsets.UTF_8)));
LogInHelper.LoginData loginData = new LogInHelper.LoginData(account, outStr);
Response response = client.target(loginUrl)
.request(MediaType.APPLICATION_JSON)
.post(Entity.entity(loginData, MediaType.APPLICATION_JSON), Response.class);
LogInHelper.LoginResponse loginResponse = response.readEntity(LogInHelper.LoginResponse.class);
if (StrUtil.isNotEmpty(loginResponse.data.token)) {
tokenAndCookie.add(loginResponse.data.token);
}
Map<String, NewCookie> cookies = response.getCookies();
cookies.forEach((key, value) -> System.out.println("Key: " + key + ", Value: " + value));
NewCookie cookie = response.getCookies().get(cookieName);
String cookieValue = cookie.getValue();
if (StrUtil.isNotEmpty(cookieValue)) {
tokenAndCookie.add(cookieValue);
}
if (tokenAndCookie != null && tokenAndCookie.size() > 0) {
return tokenAndCookie;
}
} catch (ProcessingException ex) {
ex.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
return null;
}
private static SSLContext createIgnoreVerifySSL() throws Exception {
SSLContext sc = SSLContext.getInstance("TLSv1.3");
// 实现一个X509TrustManager接口,用于绕过验证,不用修改里面的方法
X509TrustManager trustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
String paramString) {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
String paramString) {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
};
sc.init(null, new TrustManager[]{trustManager}, null);
return sc;
}
}
标签:请求,baseUrl,token,cookie,https,import,tokenAndCookie,String
From: https://www.cnblogs.com/panda4671/p/18001991