java - HTTP Post 到 API 返回 403 FORBIDDEN
问题描述
我必须将 XML 文件上传到 API。这是 API 由我从 API 的颁发者那里获得的签名证书保护。
现在,我有两个用例。首先,我必须从这个 API 下载一些文件。这与以下代码完美配合:
final Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(ip, port));
final URL url = new URL(linkToFile);
final HttpsURLConnection conn = (HttpsURLConnection) url.openConnection(proxy);
conn.setSSLSocketFactory(this.http.createSSLContext().getSocketFactory());
try (
InputStream inputStream = zipUrlConn.getInputStream();
ZipInputStream stream = new ZipInputStream(inputStream);) {
// Do stuff with ZipInputStream here
}
该createSSLContext()方法如下所示:
public SSLContext createSSLContext() throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException,
UnrecoverableKeyException, KeyManagementException {
final KeyStore clientStore = KeyStore.getInstance("PKCS12");
clientStore.load(new FileInputStream(this.certificateResource.getFile()), this.p12PW.toCharArray());
final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(clientStore, this.p12PW.toCharArray());
final KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
final KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream(this.trustStoreResource.getFile()), this.trustStorePW.toCharArray());
final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
final TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagers, trustManagers, new SecureRandom());
return sslContext;
}
我遵循了从发行人那里获得的指南,该指南显示了如何使用 cUrl 命令执行此操作:
curl --cert Certificate-<id>.pem[:pem_password] https://api.url.com/
所以我基本上是在尝试在 java 中重建这个命令,它正在工作。
现在对于不工作的部分,即文件上传。同样,我得到了一个 cUrl 命令,我必须重建它:
curl --cert Certificate-<id>.pem[:pem_password] -F upload=@<Path_to_file>\DS<PartnerId>_<Timestamp>.XML https://api.url.com/in/upload.php
我尝试了几件事来实现这一目标:
- “普通”Java
首先,我使用以下标准进行了尝试HttpsURLConnection:
final Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("192.168.1.25", 3128));
final HttpsURLConnection connection = (HttpsURLConnection) new URL(ARGE_UPLOAD_URL).openConnection(proxy);
connection.setSSLSocketFactory(this.http.createSSLContext().getSocketFactory());
connection.setDoOutput(true);
connection.setRequestProperty("Accept-Charset", "UTF-8");
connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded;charset=UTF-8");
try (OutputStream outputStream = connection.getOutputStream()) {
outputStream.write(Files.readAllBytes(new File("src/main/resources/XML/example.xml").toPath()));
}
final InputStream result = connection.getInputStream();
但这总是导致java.io.IOException: Server returned HTTP response code: 403 for URL: https://api.url.com/in/upload.php,即使我使用相同的配置,我可以从 API 下载。
- Apache HttpClient
我发现一些资源声称它HttpClient更容易配置和使用,所以我试了一下:
final CloseableHttpClient httpClient = HttpClientBuilder
.create()
.setSSLContext(this.http.createSSLContext())
.setProxy(new HttpHost(InetAddress.getByName(ip), port))
.build();
final HttpEntity requestEntity = MultipartEntityBuilder
.create()
.addBinaryBody("upload=@example.xml", new File("src/main/resources/XML/example.xml")) // Hardcoded for testing
.build();
final HttpPost post = new HttpPost(https://api.url.com/in/upload.php);
post.setEntity(requestEntity);
try (CloseableHttpResponse response = httpClient.execute(post)) {
this.logger.info(response.getStatusLine().toString());
EntityUtils.consume(response.getEntity());
}
导致HTTP/1.1 403 FORBIDDEN
- HttpClient(FileEntity 而不是 MultipartEntity)
作为最后一件事,我尝试了FileEntity:
final HttpPost httpPost = new HttpPost(https://api.url.com/in/upload.php);
httpPost.addHeader("content-type", "application/x-www-form-urlencoded;charset=utf-8");
final FileEntity fileEntity = new FileEntity(new File("src/main/resources/XML/example.xml"));
httpPost.setEntity(fileEntity);
System.out.println("executing request " + httpPost.getRequestLine() + httpPost.getConfig());
try (CloseableHttpResponse response = httpClient.execute(httpPost)) {
final HttpEntity responseEntity = response.getEntity();
System.out.println("Status: " + response.getStatusLine());
if (responseEntity != null) {
System.out.println("Entity: " + EntityUtils.toString(responseEntity));
}
}
导致Status: HTTP/1.1 403 FORBIDDEN
我只是不明白,尽管使用完全相同的配置,我如何能够从 API 下载,但不能上传到它。
如果您需要更多信息,我很乐意提供。
编辑
正如oli所建议的,我使用 Fiddler 来捕获 HTTPS 请求。这是方法 1(普通 Java)的结果:
POST https://hrbaxml.arbeitsagentur.de/in/upload.php HTTP/1.1
Accept-Charset: utf-8
Accept: */*
Content-Type: application/x-www-form-urlencoded;charset=utf-8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36
Host: hrbaxml.arbeitsagentur.de
Connection: keep-alive
Content-Length: 6738
这是通过 Google Chrome 手动上传的结果:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7
Cache-Control: max-age=0
Connection: keep-alive
Content-Length: 6948
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryxZxIJ5h19MEFbZQs
Cookie: cookie_consent=accepted
Host: hrbaxml.arbeitsagentur.de
Origin: https://hrbaxml.arbeitsagentur.de
Referer: https://hrbaxml.arbeitsagentur.de/in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36
编辑 2
补充一下,这是使用方法 2(带有 MultipartEntity 的 HttpClient)的结果:
POST https://hrbaxml.arbeitsagentur.de/in/upload.php HTTP/1.1
Content-Length: 7025
Content-Type: multipart/form-data; boundary=1sZvrqcGe-FuQ3r-_fFgt2SJtZ5_yo7Pfvq_
Host: hrbaxml.arbeitsagentur.de
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_161)
Accept-Encoding: gzip,deflate
--1sZvrqcGe-FuQ3r-_fFgt2SJtZ5_yo7Pfvq_
Content-Disposition: form-data; name="DSV000306700_2018-08-23_09-00-00.xml"; filename="DSV000306700_2018-08-23_09-00-00.xml"
Content-Type: application/octet-stream
Content-Transfer-Encoding: binary
编辑 3
我尝试从 Chrome 请求中复制所有 HTTP 标头,因此我的 Java 请求如下所示:
POST https://hrbaxml.arbeitsagentur.de/in/upload.php HTTP/1.1
Accept: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7
Cache-Control: max-age=0
Content-Type: multipart/form-data; boundary=1535095530678
Cookie: cookie_consent=accepted
Referer: https://hrbaxml.arbeitsagentur.de/in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36
Host: hrbaxml.arbeitsagentur.de
Connection: keep-alive
Content-Length: 6944
--1535095530678
Content-Disposition: form-data; name="uploadFile"; filename="DSV000306700_2018-08-23_09-00-00.xml"
Content-Type: application/xml
Content-Transfer-Encoding: binary
.. xml data ..
--1535095530678--
但是,仍然没有成功。还有其他可能的解决方案吗?也许这不是上传的问题,而是其他问题?
解决方案
我将捕获您使用 Java 应用程序发送到服务器的 HTTP 请求(使用 Wireshark),并将其与您从浏览器发送的 HTTP 请求进行比较(您可以使用内置浏览器工具轻松捕获它,尝试按 F12)。
我 100% 确信您会看到一些差异,这对我来说总是有效的。
编辑:
还有另一个可能的问题。请尝试添加
connection.addRequestProperty("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0");
或相同的,您的浏览器在您的第一个实现中发送。还要确保您的 SSL 证书和加密算法没有问题(您使用默认的一种,在您的情况下是哪一种)。此外(如果没有帮助)您还可以检查协商握手密钥的密钥长度。
推荐阅读
- css - 我应该参考哪个单位的宽度以及我应该使用什么单位进行响应式设计?(非自适应设计)
- c++ - OpenGL,C++ 我不断收到错误:'int main(int, char**)' 以前在 C++ 中定义
- reactjs - React 中的延迟加载和列表虚拟化有什么区别?
- python - pandas json规范化获取对象索引中的值
- mongodb - 在猫鼬中,当我想向已经创建的字段添加新内容时,save()、insertOne() 和 updateOne() 有什么区别?
- php - WordPress - 根据首字母列出类别
- r - 将多个因子列组合成 dplyr 中的单个因子
- c++ - 是否有一个 GCC 命令行选项,即使在将 64 位 long 显式转换为 32 位 int 时也能发出警告/错误?
- javascript - 试图使两段预制的javascript代码一起工作
- reactjs - 如何使用 react-codemirror2 使用自定义 CodeMirror 模式