ApacheからのHttpClientを使用したフォームベースのJBoss認証

Question

Apacheのサンプルコードを使用してJBoss webappにログインしようとしていますが、成功しません。 JBoss ASはフォームベース認証用に設定されています。なぜそれが動作しないのか考えている人はいますか？

public class ClientFormLogin { 

    public static void main(String[] args) throws Exception { 

     System.out.println("started with login..."); 

     DefaultHttpClient httpclient = new DefaultHttpClient(); 
     try { 
      HttpGet httpget = new HttpGet("url to requested website"); 


      HttpResponse response = httpclient.execute(httpget); 
      HttpEntity entity = response.getEntity(); 

      System.out.println("Login form get: " + response.getStatusLine()); 
      EntityUtils.consume(entity); 

      System.out.println("Initial set of cookies:"); 
      List<Cookie> cookies = httpclient.getCookieStore().getCookies(); 
      if (cookies.isEmpty()) { 
       System.out.println("None"); 
      } else { 
       for (int i = 0; i < cookies.size(); i++) { 
        System.out.println("- " + cookies.get(i).toString()); 
       } 
      } 

      HttpPost httpost = new HttpPost("url to the j_security_check page"); 

      List <NameValuePair> nvps = new ArrayList <NameValuePair>(); 
      nvps.add(new BasicNameValuePair("j_username", "my_username")); 
      nvps.add(new BasicNameValuePair("j_password", "my_password!")); 

      httpost.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8)); 

      response = httpclient.execute(httpost); 
      entity = response.getEntity(); 

      System.out.println("Login form get: " + response.getStatusLine()); 
      EntityUtils.consume(entity); 

      System.out.println("Post logon cookies:"); 
      cookies = httpclient.getCookieStore().getCookies(); 
      if (cookies.isEmpty()) { 
       System.out.println("None"); 
      } else { 
       for (int i = 0; i < cookies.size(); i++) { 
        System.out.println("- " + cookies.get(i).toString()); 
       } 
      } 

     } finally { 
      // When HttpClient instance is no longer needed, 
      // shut down the connection manager to ensure 
      // immediate deallocation of all system resources 
      httpclient.getConnectionManager().shutdown(); 
     } 
    } 
} 

エラーメッセージ：

Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated 
    at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source) 
    at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) 
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397) 
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148) 
    at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:150) 
    at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121) 
    at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:575) 
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425) 
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820) 
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754) 
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732) 
    at com.sicap.ssis.client.ClientFormLogin.main(ClientFormLogin.java:57) 

Answer 1

これが解決策です：

は、新しいクラスを追加します。

import java.io.IOException; 
import java.security.cert.X509Certificate; 

import javax.net.ssl.SSLContext; 
import javax.net.ssl.SSLException; 
import javax.net.ssl.SSLSession; 
import javax.net.ssl.SSLSocket; 
import javax.net.ssl.TrustManager; 
import javax.net.ssl.X509TrustManager; 

import org.apache.http.client.HttpClient; 
import org.apache.http.conn.ClientConnectionManager; 
import org.apache.http.conn.scheme.Scheme; 
import org.apache.http.conn.scheme.SchemeRegistry; 
import org.apache.http.conn.ssl.SSLSocketFactory; 
import org.apache.http.conn.ssl.X509HostnameVerifier; 
import org.apache.http.impl.client.DefaultHttpClient; 

/* 
This code is public domain: you are free to use, link and/or modify it in any way you want, for all purposes including commercial applications. 
*/ 
public class WebClientDevWrapper { 

    @SuppressWarnings("deprecation") 
    public static HttpClient wrapClient(HttpClient base) { 
     try { 
      SSLContext ctx = SSLContext.getInstance("TLS"); 
      X509TrustManager tm = new X509TrustManager() { 

       public void checkClientTrusted(X509Certificate[] xcs, 
         String string) { 
       } 

       public void checkServerTrusted(X509Certificate[] xcs, 
         String string) { 
       } 

       public X509Certificate[] getAcceptedIssuers() { 
        return null; 
       } 
      }; 
      X509HostnameVerifier verifier = new X509HostnameVerifier() { 

       @Override 
       public void verify(String string, SSLSocket ssls) 
         throws IOException { 
       } 

       @Override 
       public void verify(String string, X509Certificate xc) 
         throws SSLException { 
       } 

       @Override 
       public void verify(String string, String[] strings, 
         String[] strings1) throws SSLException { 
       } 

       @Override 
       public boolean verify(String string, SSLSession ssls) { 
        return true; 
       } 
      }; 
      ctx.init(null, new TrustManager[] { tm }, null); 
      SSLSocketFactory ssf = new SSLSocketFactory(ctx); 
      ssf.setHostnameVerifier(verifier); 
      ClientConnectionManager ccm = base.getConnectionManager(); 
      SchemeRegistry sr = ccm.getSchemeRegistry(); 
      sr.register(new Scheme("https", ssf, 443)); 
      return new DefaultHttpClient(ccm, base.getParams()); 
     } catch (Exception ex) { 
      ex.printStackTrace(); 
      return null; 
     } 
    } 
} 

は今のHttpClientのラッパーを追加します。

DefaultHttpClient httpclient = new DefaultHttpClient(); 
httpclient = (DefaultHttpClient) WebClientDevWrapper.wrapClient(httpclient); 

を

ログインが成功したかどうかはどのように判断できますか？

boolean loginSuccess = false; 

    Header[] locationHeader = response.getHeaders("Location"); 
    if (locationHeader.length > 0) { 
      if (response.getStatusLine().toString().contains("302") && locationHeader[0].toString().endsWith(requestURL)) { 
       loginSuccess=true; 
      } 
    } 
    System.out.println("Login Success: " + loginSuccess); 

場所ヘッダーはあなたの要求されたURLに等しく、ログインフォームの取得に302が含まれている場合は、ログインが成功した場合。間違ったユーザーまたはパスワードを設定した場合、これを確認するとログインが失敗します。

これが役に立ちます。