- 服務端提供了兩個api:
一個是用於用戶認證,因為要傳輸密鑰,所以用了https方式 如何在服務端配置https請見另外一個博文
https://192.168.1.190:8443/api/auth 參數api_key=***&secret_key=*** [post 方式提交]
另外一個api,普通的http api,只有當通過第一個api的認證后,服務器下發一個cookie,之后的請求帶上cookie,才能訪問到內部頁面,當然cookie對應的session定期失效。
http://192.168.1.190:8081/api/inner [get 方式提交]
- 下面是客戶端(shell)部分:
[root@centos shell]# curl -v --insecure -d "api_key=test&secret_key=test" https://192.168.1.190:8443/api/auth * About to connect() to 192.168.1.190 port 8443 (#0) * Trying 192.168.1.190... connected * Connected to 192.168.1.190 (192.168.1.190) port 8443 (#0) * Initializing NSS with certpath: /etc/pki/nssdb * warning: ignoring value of ssl.verifyhost * skipping SSL peer certificate verification * SSL connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA * Server certificate: * subject: CN=free4lab,OU=free4lab,O=free4lab,L=beijing,ST=beijing,C=CN * start date: 10月 26 11:54:31 2013 GMT * expire date: 1月 24 11:54:31 2014 GMT * common name: free4lab * issuer: CN=free4lab,OU=free4lab,O=free4lab,L=beijing,ST=beijing,C=CN > POST /api/auth HTTP/1.1 > User-Agent: curl/7.19.7 (i686-pc-linux-gnu) libcurl/7.19.7 NSS/3.12.7.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2 > Host: 192.168.1.190:8443 > Accept: */* > Content-Length: 28 > Content-Type: application/x-www-form-urlencoded > < HTTP/1.1 200 OK < Server: Apache-Coyote/1.1 < Set-Cookie: JSESSIONID=84AB6E3414D8E639959745CBA5DA448F; Path=/; Secure < Set-Cookie: login_cookie=c7be27c2-fe79-4772-ae2b-dae485da47d8; Expires=Sat, 09-Nov-2013 14:48:17 GMT < Content-Type: text/html;charset=UTF-8 < Content-Length: 52 < Date: Sat, 26 Oct 2013 14:48:17 GMT < * Connection #0 to host 192.168.1.190 left intact * Closing connection #0 {"message":"Login succeeded!","status":0,"value":""}
可以看見,我提供正確的api_key和secret_key后,服務端發回兩個cookie並且返回json,提示認證成功。
其中: JSESSIONID是用來定位服務端的session的,簡單的說,客戶端發送http請求時,只有在cookie里帶上了正確的JSESSIONNID,java后端 HttpSession session = request.getSession(); 這樣的語句才能獲取到與之對應的session信息。
所以之后的請求我就都帶上以上兩個cookie信息即可!
[root@centos shell]# curl -v --cookie "login_cookie=c7be27c2-fe79-4772-ae2b-dae485da47d8;JSESSIONID=84AB6E3414D8E639959745CBA5DA448F" http://192.168.1.190:8081/api/inner * About to connect() to 192.168.1.190 port 8081 (#0) * Trying 192.168.1.190... connected * Connected to 192.168.1.190 (192.168.1.190) port 8081 (#0) > GET /api/inner HTTP/1.1 > User-Agent: curl/7.19.7 (i686-pc-linux-gnu) libcurl/7.19.7 NSS/3.12.7.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2 > Host: 192.168.1.190:8081 > Accept: */* > Cookie: login_cookie=c7be27c2-fe79-4772-ae2b-dae485da47d8;JSESSIONID=84AB6E3414D8E639959745CBA5DA448F > < HTTP/1.1 200 OK < Server: Apache-Coyote/1.1 < Content-Length: 81 < Date: Sat, 26 Oct 2013 14:52:53 GMT < * Connection #0 to host 192.168.1.190 left intact * Closing connection #0 {"message":"authentication succeeded!","status":0,"value":"welcome to home page"}
這樣,我們就用shell腳本實現了https的登錄!
- 用瀏覽器登錄就很簡單了,隨便寫一個html的post代碼
<form action="https://localhost:8443/api/auth" method="post"> <p>First name: <input type="text" name="api_key" /></p> <p>Last name: <input type="text" name="secret_key" /></p> <input type="submit" value="Submit" /> </form>
然后輸入api_key和secret_key就認證完成了
