DavyJones2010
- 浏览: 154232 次
- 性别:
- 来自: 杭州
-
文章分类
- 全部博客 (146)
- Android (1)
- SpringFramework (11)
- Maven (4)
- Flex (14)
- DesignPattern (10)
- JavaSE (29)
- Hibernate (0)
- JDBC (4)
- MySQL (16)
- JavaWeb (4)
- JavaScript (5)
- Lucene (7)
- Linux (14)
- Java-Logging (6)
- Miscellanies (5)
- Spring MVC (2)
- Vim (1)
- Java POI (4)
- Eclipse (3)
- Financial Terminology (1)
- Guava (5)
- Data Structure & Algorithm (1)
- Python (0)
最新评论
-
DavyJones2010:
knightdf 写道freezingsky 写道这年头代码和 ...
Java SE: How to Decompress File (.zip) -
knightdf:
freezingsky 写道这年头代码和内容都是copy来co ...
Java SE: How to Decompress File (.zip) -
freezingsky:
这年头代码和内容都是copy来copy去的,至少讲一讲过程分析 ...
Java SE: How to Decompress File (.zip)
曾经用Android开发过学校教务系统的登录功能(jsp/tomcat),能够成功模拟出Http请求. 但是WordPress的登录功能实现起来要绕一个弯子. 不能直接用HttpClient来得到cookie.
这位兄弟遇到的问题跟我是一样的 http://hi.baidu.com/xtitman/item/eeaef4c7d4a0e2bc0c0a7b69最后也是成功用socket方法把功能实现了. 其中为如何用socket模拟http的post/get请求消息头以及消息体纠结了几个小时。
My codes are as follows. Please ignore the animation part and focus on the method run() in class MyThread. It's just a demo and I didn't make any post-procession with the result. And if you have any question about this demo, please send an e-mail to davyjones2010@gmail.com which I would appreciate much.
package login.activities;
import home.activities.R;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.Socket;
import java.net.URLEncoder;
import java.net.UnknownHostException;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.util.EntityUtils;
import system.standards.Standards;
import android.os.Bundle;
import android.util.DisplayMetrics;
import android.util.Log;
import android.view.View;
import android.view.animation.AlphaAnimation;
import android.view.animation.Animation;
import android.view.animation.Animation.AnimationListener;
import android.view.animation.TranslateAnimation;
import android.widget.Button;
import android.widget.EditText;
import android.widget.LinearLayout;
import android.widget.RelativeLayout;
import android.widget.Toast;
public class LoginActivity extends Standards
{
private Button leftBall = null;
private Button rightBall = null;
private Button submit = null;
private EditText username = null;
private String usernameText = null;
private EditText password = null;
private String passwordText = null;
private DisplayMetrics metrics = null;
private static final String serverIpAddress = "***.***.***.***";
private static final String encodedUsername = "wordpress_af8ad83c4c8ce7c7f7efddce117a5a74=admin%";
private static final String encodedPassword = "wordpress_logged_in_af8ad83c4c8ce7c7f7efddce117a5a74=admin%";
// private static final String LOGIN_URL =
// "http://atom.student.utwente.nl/wp-login.php";
private static String encodedUsernameText = "";
private static String encodedPasswordText = "";
private boolean isAnimated = false;
@Override
protected void onCreate(Bundle savedInstanceState)
{
// TODO Auto-generated method stub
super.onCreate(savedInstanceState);
setContentView(R.layout.login);
getAllWidgets();
submit.setOnClickListener(new Button.OnClickListener()
{
public void onClick(View arg0)
{
// TODO Auto-generated method stub
usernameText = username.getText().toString();
passwordText = password.getText().toString();
Log.d("DEBUG", "USERNAME: " + usernameText);
Log.d("DEBUG", "PASSWORD: " + passwordText);
doLogin(usernameText, passwordText);
}
});
}
private void doLogin(String usernameText, String passwordText)
{
MyLoginThread myLoginThread = new MyLoginThread(usernameText,
passwordText);
myLoginThread.start();
}
private class MyLoginThread extends Thread
{
private String logUsername = null;
private String logPassword = null;
public MyLoginThread(String logUsername, String logPassword)
{
this.logUsername = logUsername;
this.logPassword = logPassword;
}
@Override
public void run()
{
// TODO Auto-generated method stub
// 首先采用socket方式模拟浏览器发出第一个Post请求访问第一个网页(携带的参数是username和 password, 消息头以及消息体必须遵守post/get的严格格式)
// 之后得到第一个网页的HttpResponse, 从中提取出由服务器加密之后的username和password
// 第一个网页由于返回状态码302因而需要进行重定向到真正的DashBoard即登录成功页面
// 重定向是需要重新发送一个请求, 通过FireBug可以得知需要得到的是GET请求
// 并且携带的cookie是包含上次请求返回的加密之后username和password
// 所以这次模拟的重定向可以直接使用HttpGet, 然后调用httpGet.addHeader("Cookie", 加密之后的用户名 + 加密之后的密码 + 其他信息(是静态的信息, 可以由FireBug探测得知));
// 從而得到真正的DashBoard页面
// 为什么第一次请求需要用底层的socket呢?而不直接使用HttpPost/HttpClient呢?可以通过使用相应方法(getHeaders()?getCookie()?)得到cookies, 而不需要自己来拼串
// 原因是发现第一次的请求返回的cookies, 是 httpOnly的, 采用HttpClient方式遍历headers可以发现是打印不出来的!也就是说不能用上层的这些方法了
// 所以之后采用socket方法模拟POST请求了, 得到的是未经过加工处理的response, 采用String的相应方法拼串可以提取出cookies
try
{
Socket socket = new Socket(serverIpAddress, 80);
BufferedReader br = new BufferedReader(new InputStreamReader(
socket.getInputStream(), "UTF-8"));
OutputStream os = socket.getOutputStream();
StringBuffer sb = new StringBuffer(
"POST /wp-login.php HTTP/1.1\r\n");
sb.append("Host: atom.student.utwente.nl\r\n");
sb.append("Connection: keep-alive\r\n");
sb.append("Content-Length: 114\r\n");
sb.append("Cache-Control: max-age=0\r\n");
sb.append("Origin: http://atom.student.utwente.nl\r\n");
sb.append("User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1\r\n");
sb.append("Content-Type: application/x-www-form-urlencoded\r\n");
sb.append("Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n");
sb.append("Referer: http://atom.student.utwente.nl/wp-login.php\r\n");
sb.append("Accept-Encoding: gzip,deflate,sdch");
sb.append("Accept-Language: en,en-US;q=0.8,zh;q=0.6,zh-CN;q=0.4,nl;q=0.2\r\n");
sb.append("Accept-Charset: UTF-8,*;q=0.5\r\n");
sb.append("Cookie: wordpress_polylang=en; wp-settings-1=imgsize%3Dfull%26editor%3Dhtml%26hidetb%3D1%26libraryContent%3Dbrowse; wp-settings-time-1=1357880535; wordpress_test_cookie=WP+Cookie+check\r\n");
sb.append("\r\n");
sb.append(URLEncoder.encode("log", "UTF-8"));
sb.append("=");
sb.append(URLEncoder.encode(logUsername, "UTF-8"));
sb.append("&");
sb.append(URLEncoder.encode("pwd", "UTF-8"));
sb.append("=");
sb.append(URLEncoder.encode(logPassword, "UTF-8"));
sb.append("&");
sb.append(URLEncoder.encode("wp-submit", "UTF-8"));
sb.append("=");
sb.append(URLEncoder.encode("Log In", "UTF-8"));
sb.append("&");
sb.append(URLEncoder.encode("redirect_to", "UTF-8"));
sb.append("=");
sb.append(URLEncoder.encode(
"http://atom.student.utwente.nl/wp-admin/", "UTF-8"));
sb.append("&");
sb.append(URLEncoder.encode("testcookie", "UTF-8"));
sb.append("=");
sb.append(URLEncoder.encode("1", "UTF-8"));
os.write(sb.toString().getBytes());
String tmp = "";
StringBuffer resultBuffer = new StringBuffer();
while ((tmp = br.readLine()) != null)
{
System.out.println(tmp);
resultBuffer.append(tmp);
}
int usernameStartPosition = resultBuffer
.indexOf(encodedUsername) + encodedUsername.length();
int passwordStartPosition = resultBuffer
.indexOf(encodedPassword) + encodedPassword.length();
encodedUsernameText = resultBuffer.substring(
usernameStartPosition, usernameStartPosition + 47);
encodedPasswordText = resultBuffer.substring(
passwordStartPosition, passwordStartPosition + 47);
System.out.println("encodedUsernameText: "
+ encodedUsernameText);
System.out.println("encodedPasswordText: "
+ encodedPasswordText);
os.close();
br.close();
DefaultHttpClient httpClient = new DefaultHttpClient();
HttpGet httpGet = new HttpGet(
"http://atom.student.utwente.nl/wp-admin/");
httpGet.addHeader(
"Cookie",
encodedUsername
+ encodedUsernameText
+ "; wordpress_polylang=en; wp-settings-1=imgsize%3Dfull%26editor%3Dhtml%26hidetb%3D1%26libraryContent%3Dbrowse; wp-settings-time-1=1357880535; wordpress_test_cookie=WP+Cookie+check; "
+ encodedPassword + encodedPasswordText);
HttpResponse httpResponse = null;
httpResponse = httpClient.execute(httpGet);
HttpEntity httpEntity = null;
String resultText = null;
if (httpResponse.getStatusLine().getStatusCode() == 200)
{
System.out.println("LOGIN SUCCEED!");
Toast.makeText(LoginActivity.this,
"LOGIN SUCCEED!", Toast.LENGTH_SHORT)
.show();
httpEntity = httpResponse.getEntity();
resultText = EntityUtils.toString(httpEntity, "UTF-8");
System.out.println(resultText);
} else
{
Toast.makeText(LoginActivity.this,
"Invalid Username or Password!", Toast.LENGTH_SHORT)
.show();
}
} catch (UnknownHostException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
super.run();
}
}
private class MyAnimationMoveListener implements AnimationListener
{
@Override
public void onAnimationEnd(Animation animation)
{
// TODO Auto-generated method stub
// clear all animations
leftBall.clearAnimation();
rightBall.clearAnimation();
findViewById(R.id.loginlay3).clearAnimation();
findViewById(R.id.loginlay4).clearAnimation();
findViewById(R.id.loginlay5).clearAnimation();
// widgets translations & invisiable
RelativeLayout.LayoutParams params = new RelativeLayout.LayoutParams(
leftBall.getWidth(), leftBall.getHeight());
// params.leftMargin = (screenWidth / 2 - leftBall.getWidth() -
// screenWidth / 3);
params.addRule(RelativeLayout.LEFT_OF, R.id.loginlay3);
leftBall.setLayoutParams(params);
RelativeLayout.LayoutParams params2 = new RelativeLayout.LayoutParams(
rightBall.getWidth(), rightBall.getHeight());
params2.addRule(RelativeLayout.RIGHT_OF, R.id.loginlay3);
rightBall.setLayoutParams(params2);
System.out.println("rightSpace: " + rightBall.getRight());
// rightBall.setLayoutParams(params2);
findViewById(R.id.loginlay3).setVisibility(View.VISIBLE);
findViewById(R.id.loginlay4).setVisibility(View.VISIBLE);
findViewById(R.id.loginlay5).setVisibility(View.VISIBLE);
}
@Override
public void onAnimationRepeat(Animation animation)
{
// TODO Auto-generated method stub
}
@Override
public void onAnimationStart(Animation animation)
{
// TODO Auto-generated method stub
}
}
private class MyAnimationReturnListener implements AnimationListener
{
@Override
public void onAnimationEnd(Animation animation)
{
// TODO Auto-generated method stub
// clear all animations
leftBall.clearAnimation();
rightBall.clearAnimation();
findViewById(R.id.loginlay3).clearAnimation();
findViewById(R.id.loginlay4).clearAnimation();
findViewById(R.id.loginlay5).clearAnimation();
// widgets translations & invisiable
RelativeLayout.LayoutParams params = new RelativeLayout.LayoutParams(
leftBall.getWidth(), leftBall.getHeight());
params.addRule(RelativeLayout.LEFT_OF, R.id.nothing);
leftBall.setLayoutParams(params);
RelativeLayout.LayoutParams params2 = new RelativeLayout.LayoutParams(
rightBall.getWidth(), rightBall.getHeight());
params2.addRule(RelativeLayout.RIGHT_OF, R.id.left_ball);
rightBall.setLayoutParams(params2);
findViewById(R.id.loginlay3).setVisibility(View.INVISIBLE);
findViewById(R.id.loginlay4).setVisibility(View.INVISIBLE);
findViewById(R.id.loginlay5).setVisibility(View.INVISIBLE);
}
@Override
public void onAnimationRepeat(Animation animation)
{
// TODO Auto-generated method stub
}
@Override
public void onAnimationStart(Animation animation)
{
// TODO Auto-generated method stub
}
}
private void startAllWidgetAnimation(boolean hasAnimated)
{
int leftBallTranslation = 0;
int rightBallTranslation = 0;
MyAnimationReturnListener returnListener = new MyAnimationReturnListener();
MyAnimationMoveListener moveListener = new MyAnimationMoveListener();
AlphaAnimation anim3 = null;
Animation anim2 = null;
Animation anim1 = null;
if (false == hasAnimated)
{
leftBallTranslation = -findViewById(R.id.loginlay3).getWidth() / 2;
System.out.println("R.id.loginlay3 width: "
+ findViewById(R.id.loginlay3).getWidth());
rightBallTranslation = -leftBallTranslation;
anim3 = new AlphaAnimation(0.0f, 1.0f);
anim3.setAnimationListener(moveListener);
} else
{
leftBallTranslation = findViewById(R.id.loginlay3).getWidth() / 2;
rightBallTranslation = -leftBallTranslation;
anim3 = new AlphaAnimation(1.0f, 0.0f);
anim3.setAnimationListener(returnListener);
}
anim1 = new TranslateAnimation(0, leftBallTranslation, 0, 0);
anim1.setDuration(2000);
anim1.setFillAfter(true);
anim2 = new TranslateAnimation(0, rightBallTranslation, 0, 0);
anim2.setDuration(2000);
anim2.setFillAfter(true);
// if (false == hasAnimated)
// {
// anim1.setAnimationListener(moveListener);
// anim2.setAnimationListener(moveListener);
// } else
// {
// anim1.setAnimationListener(returnListener);
// anim2.setAnimationListener(returnListener);
// }
leftBall.startAnimation(anim1);
rightBall.startAnimation(anim2);
// edit text animation
anim3.setStartOffset(1000);
anim3.setDuration(1000);
anim3.setFillAfter(true);
// usernameTag & usernameText layer animation
((LinearLayout) findViewById(R.id.loginlay3)).startAnimation(anim3);
// passwordTag & passwordText layer animation
((LinearLayout) findViewById(R.id.loginlay4)).startAnimation(anim3);
// submit button animation
((LinearLayout) findViewById(R.id.loginlay5)).startAnimation(anim3);
}
public void myClickHandler(final View view)
{
int id = view.getId();
if ((id == R.id.left_ball || id == R.id.right_ball)
&& false == isAnimated)
{
// leftBall moves left, rightBall moves right, loginField turns
// visible
startAllWidgetAnimation(false);
isAnimated = true;
} else if (true == isAnimated)
{
// leftBall moves right, rightBall moves left, loginField turns
// invisible, return to initial state
startAllWidgetAnimation(true);
isAnimated = false;
}
}
private void getAllWidgets()
{
metrics = new DisplayMetrics();
getWindowManager().getDefaultDisplay().getMetrics(metrics);
// screenWidth = metrics.widthPixels;
leftBall = (Button) findViewById(R.id.left_ball);
rightBall = (Button) findViewById(R.id.right_ball);
submit = (Button) findViewById(R.id.login_submit);
username = (EditText) findViewById(R.id.username);
password = (EditText) findViewById(R.id.password);
}
}
0
顶
顶
0
踩
踩
分享到:
发表评论
相关推荐
### Cookie设置httpOnly和secure属性实现及问题 #### 一、引言 在现代Web开发中,保护用户的隐私和数据安全至关重要。其中一种常见的做法就是通过设置Cookie的`httpOnly`和`secure`属性来增强安全性。这两个属性...
当一个Cookie被设置为HttpOnly时,JavaScript无法通过Document.cookie API或其他方式访问到这个Cookie。这样一来,即使网页中存在XSS漏洞,恶意脚本也无法窃取到包含敏感信息的Cookie,从而降低了攻击者盗取用户身份...
在iOS开发中,为了实现WebView自动登录功能,通常会利用Cookie技术来保存用户的身份信息,以便用户下次打开应用时能够直接进入已登录状态,无需再次输入用户名和密码。本文将详细探讨Cookie与WebView的结合使用,...
完整获取webBrowser1的Cookie HttpOnly的Cookie
`HttpOnly`是服务器在设置cookie时可以添加的一个属性,其主要目的是防止客户端脚本(如JavaScript)访问或修改该cookie。这是因为很多跨站脚本攻击(XSS)都试图通过JavaScript获取或篡改用户的cookie信息,从而...
一、属性说明: 1 secure属性 ...也就是说两个属性,并不能解决cookie在本机出现的信息泄漏的问题(FireFox的插件FireBug能直接看到cookie的相关信息)。 二、实例 项目架构环境:jsp+servlet+applet
在移动应用开发中,尤其是Android应用,经常需要在原生应用程序(Native App)与嵌入的WebView之间实现用户登录状态的共享。这涉及到一个关键的技术点:如何保持和传递登录cookie,使得用户在原生应用登录后,...
实现这一功能的一种常见方法是通过在用户的浏览器中设置Cookie来保存登录状态。 #### 二、技术原理 Cookie是一种小型的数据文件,通常由服务器生成并发送到用户浏览器上。浏览器会将Cookie保存起来,并在后续请求...
1. Wordpress后台登录问题:文件标题“Wordpress后台登录不跳转.pdf”提示我们,这篇文档可能涉及到Wordpress后台登录功能故障的问题,即用户在输入正确的登录凭证后,系统没有按预期跳转到后台管理页面。...
Cookie 的 HttpOnly 设置详解 Cookie 是一种小型文本文件,由 Web 服务器保存在用户浏览器(客户端)上,用来存储用户信息。Cookie 通常用于辨别用户身份、进行 session 跟踪。Cookie 可以包含一些不敏感的信息,如...
在Web开发中,Cookie是服务器发送到客户端浏览器并存储的一小块数据,用于跟踪用户状态和存储相关信息。然而,有些Cookie被标记为`HttpOnly`,这意味着它们不能通过JavaScript等客户端脚本语言访问,以增加安全性,...
**标题解析:**“mvc中cookie安全”这个标题聚焦于在使用Model-View-Controller (MVC)架构的Web应用程序中处理Cookie的安全性问题。在Web开发中,Cookie常用于存储用户状态信息,如会话ID,但如果不妥善管理,可能会...
在Web开发中,Session和Cookie是两种常见的会话管理机制。Cookie主要负责在客户端和服务器之间传递信息,而Session则是服务器端存储用户状态的一种手段。本文重点讨论的是Cookie中的两个重要属性:`secure`和`...
"了解 .net 获取浏览器 Cookie(包括 HttpOnly)实例分享" 在本文中,我们将探讨如何在 .net 环境中获取浏览器 Cookie,包括 HttpOnly 类型的 Cookie。 HttpOnly Cookie 是一种特殊类型的 Cookie,用于保护用户的...
HttpOnly属性是一种安全特性,用于防止客户端脚本访问Cookie,从而降低某些类型的跨站脚本攻击(XSS)的风险。 在.NET中获取HttpOnly Cookie通常较为困难,因为HttpOnly属性就是用来防止脚本访问的。但是.NET ...
在Web开发中,Cookie是一种重要的技术,用于存储用户状态和信息。然而,随着网络安全问题的日益突出,Cookie的安全性成为了关注焦点。HTTPOnly属性的引入就是为了增强Cookie的安全性,防止恶意JavaScript代码通过...
然而,在某些情况下,如网站在登录验证成功后直接进行重定向操作时,可能会导致Cookie丢失的问题。这对于爬虫来说是个不小的挑战。 #### 一、问题分析 在登录验证成功后,服务器往往会将用户重定向到另一个页面,...
Cookie 路径属性安全设置 Cookie 是 HTTP 协议中的一种...从代码解决可以通过设置 Cookie 的路径属性来处理问题,而从容器本身解决可以通过配置容器的设置来处理问题。无论哪种思路,都是为了保护项目路径的安全。
在Java Web开发中,Cookie是客户端存储数据的一种方式,它用于在用户浏览器和服务器之间传递信息,实现会话管理、个性化设置等功能。本主题将详细讲解如何使用Java进行Cookie的读写操作,以及如何利用Cookie实现记住...
在Web开发中,用户登录是常见的功能之一,而使用Cookie技术可以有效地简化这一过程,提供更流畅的用户体验。本练习将探讨如何利用Cookie来管理用户的登录状态,从而避免频繁地发送登录请求。以下是对这个主题的详细...