如何使用android的httpURLconnection设置授权标头(how to set authorization header with android's httpURLconne

如何使用android的httpURLconnection设置授权标头(how to set authorization header with android's httpURLconnection)

我试图使用基本身份验证连接到我的服务器，但是当我设置Authorization标头时，它会导致getInputStream抛出fileNotFound异常。

这是相关的代码：

URL url = new URL(myurl); //set up the connection HttpURLConnection conn = (HttpURLConnection) url.openConnection(); conn.setReadTimeout(10000);//this is in milliseconds conn.setConnectTimeout(15000);//this is in milliseconds String authHeader = getAuthHeader(userID,pass); conn.setRequestMethod("GET"); conn.setDoInput(true); conn.setRequestProperty("authorization", authHeader); //starts the query conn.connect(); int response = conn.getResponseCode(); is = conn.getInputStream(); //throws the fileNotFound exception

这是抛出的异常：

java.io.FileNotFoundException: http://<myIPaddress>/login/

奇怪的是，我发现只有当我尝试将请求属性设置为“授权”或“授权”或该单词的任何变体时， 才会抛出fileNotFound异常。 如果我将它设置为“content-type”或“authosodifjsodfjs”（随机字符串），则不会抛出，如下所示：

conn.setRequestProperty("content-type",authHeader)//no exception thrown conn.setRequestProperty("authosodifjsodfjs",authHeader)//no exception thrown

如果我没有设置此标头，我可以使用此代码连接到服务器，并获得我期望的正确的访问被拒绝消息。 如果我使用python的“请求”模块，我也能够连接到服务器并正确登录，因此它不是服务器的问题。

所以我的问题如下：

1）在将请求属性设置为“授权”时，我做错了什么？ 如何正确设置auth标头？

2）如果这是HttpURLConnection的错误，我该如何提交错误报告？

谢谢。

编辑：建议切换：

conn.setRequestProperty("Authorization", authHeader);

至：

conn.addRequestProperty("Authorization", authHeader);

这并没有解决问题。 它仍然抛出同样的例外。

编辑：仍然不确定为什么“授权”和“授权”导致fileNotFounExceptions，但使用所有大写似乎工作正常。 这是闪亮的新工作代码：

conn.setRequestProperty("AUTHORIZATION",authHeader);

所以看起来它需要全部上限。 “HTTP_”将自动添加到此标头的前面，因此服务器将看到的标头是“HTTP_AUTHORIZATION”，它应该是它。

I am attempting to connect to my server using basic authentication, but when I set the Authorization header, it causes getInputStream to throw a fileNotFound exception.

Here is the relevant code:

URL url = new URL(myurl); //set up the connection HttpURLConnection conn = (HttpURLConnection) url.openConnection(); conn.setReadTimeout(10000);//this is in milliseconds conn.setConnectTimeout(15000);//this is in milliseconds String authHeader = getAuthHeader(userID,pass); conn.setRequestMethod("GET"); conn.setDoInput(true); conn.setRequestProperty("authorization", authHeader); //starts the query conn.connect(); int response = conn.getResponseCode(); is = conn.getInputStream(); //throws the fileNotFound exception

Here is the thrown exception:

java.io.FileNotFoundException: http://<myIPaddress>/login/

Weirdly enough, I have found that the fileNotFound exception is only thrown if I try to set the request property to "authorization" or "Authorization" or any variation of that word. it is not thrown if I set it to "content-type" or "authosodifjsodfjs" (a random string), as here:

conn.setRequestProperty("content-type",authHeader)//no exception thrown conn.setRequestProperty("authosodifjsodfjs",authHeader)//no exception thrown

If I don't set this header, I am able to connect to the server with this code and get the proper access-denied message that I am expecting. I am also able to connect to the server and login properly if I use python's "requests" module, so it is not a problem with the server.

so my question is as follows:

1) what, if anything, am I doing wrong when setting the request property as "authorization"? how do I set the auth header properly?

2) if this is a bug with HttpURLConnection, how do I file a bug report?

Thank you.

edit: it was recommended to switch from:

conn.setRequestProperty("Authorization", authHeader);

to:

conn.addRequestProperty("Authorization", authHeader);

This did not fix the problem. It is still throwing the same exception.

EDIT: still not sure why "Authorization" and "authorization" are causing fileNotFounExceptions, but using all caps seems to work properly. here is the shiny new working code:

conn.setRequestProperty("AUTHORIZATION",authHeader);

so it looks like it needs to be all caps. "HTTP_" will be automattically added to the front of this header, so the header that the server will see is "HTTP_AUTHORIZATION", which is what it should be.

最满意答案

以下是我的OAuth代码的一部分，它设置了Authorization标头：

httpUrlConnection.setUseCaches(false); httpUrlConnection.setRequestProperty("User-Agent", "MyAgent"); httpUrlConnection.setConnectTimeout(30000); httpUrlConnection.setReadTimeout(30000); String baseAuthStr = APIKEY + ":" + APISECRET; urlConnection.addRequestProperty("Authorization", "Basic " + baseAuthStr); urlConnection.addRequestProperty("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8"); httpUrlConnection.connect();

Here is part of my OAuth code which sets Authorization header:

httpUrlConnection.setUseCaches(false); httpUrlConnection.setRequestProperty("User-Agent", "MyAgent"); httpUrlConnection.setConnectTimeout(30000); httpUrlConnection.setReadTimeout(30000); String baseAuthStr = APIKEY + ":" + APISECRET; urlConnection.addRequestProperty("Authorization", "Basic " + baseAuthStr); urlConnection.addRequestProperty("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8"); httpUrlConnection.connect();