- 浏览: 154205 次
- 性别:
- 来自: 杭州
文章分类
- 全部博客 (146)
- Android (1)
- SpringFramework (11)
- Maven (4)
- Flex (14)
- DesignPattern (10)
- JavaSE (29)
- Hibernate (0)
- JDBC (4)
- MySQL (16)
- JavaWeb (4)
- JavaScript (5)
- Lucene (7)
- Linux (14)
- Java-Logging (6)
- Miscellanies (5)
- Spring MVC (2)
- Vim (1)
- Java POI (4)
- Eclipse (3)
- Financial Terminology (1)
- Guava (5)
- Data Structure & Algorithm (1)
- Python (0)
最新评论
-
DavyJones2010:
knightdf 写道freezingsky 写道这年头代码和 ...
Java SE: How to Decompress File (.zip) -
knightdf:
freezingsky 写道这年头代码和内容都是copy来co ...
Java SE: How to Decompress File (.zip) -
freezingsky:
这年头代码和内容都是copy来copy去的,至少讲一讲过程分析 ...
Java SE: How to Decompress File (.zip)
曾经用Android开发过学校教务系统的登录功能(jsp/tomcat),能够成功模拟出Http请求. 但是WordPress的登录功能实现起来要绕一个弯子. 不能直接用HttpClient来得到cookie.
这位兄弟遇到的问题跟我是一样的 http://hi.baidu.com/xtitman/item/eeaef4c7d4a0e2bc0c0a7b69最后也是成功用socket方法把功能实现了. 其中为如何用socket模拟http的post/get请求消息头以及消息体纠结了几个小时。
My codes are as follows. Please ignore the animation part and focus on the method run() in class MyThread. It's just a demo and I didn't make any post-procession with the result. And if you have any question about this demo, please send an e-mail to davyjones2010@gmail.com which I would appreciate much.
package login.activities; import home.activities.R; import java.io.BufferedReader; import java.io.IOException; import java.io.InputStreamReader; import java.io.OutputStream; import java.net.Socket; import java.net.URLEncoder; import java.net.UnknownHostException; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.apache.http.client.methods.HttpGet; import org.apache.http.impl.client.DefaultHttpClient; import org.apache.http.util.EntityUtils; import system.standards.Standards; import android.os.Bundle; import android.util.DisplayMetrics; import android.util.Log; import android.view.View; import android.view.animation.AlphaAnimation; import android.view.animation.Animation; import android.view.animation.Animation.AnimationListener; import android.view.animation.TranslateAnimation; import android.widget.Button; import android.widget.EditText; import android.widget.LinearLayout; import android.widget.RelativeLayout; import android.widget.Toast; public class LoginActivity extends Standards { private Button leftBall = null; private Button rightBall = null; private Button submit = null; private EditText username = null; private String usernameText = null; private EditText password = null; private String passwordText = null; private DisplayMetrics metrics = null; private static final String serverIpAddress = "***.***.***.***"; private static final String encodedUsername = "wordpress_af8ad83c4c8ce7c7f7efddce117a5a74=admin%"; private static final String encodedPassword = "wordpress_logged_in_af8ad83c4c8ce7c7f7efddce117a5a74=admin%"; // private static final String LOGIN_URL = // "http://atom.student.utwente.nl/wp-login.php"; private static String encodedUsernameText = ""; private static String encodedPasswordText = ""; private boolean isAnimated = false; @Override protected void onCreate(Bundle savedInstanceState) { // TODO Auto-generated method stub super.onCreate(savedInstanceState); setContentView(R.layout.login); getAllWidgets(); submit.setOnClickListener(new Button.OnClickListener() { public void onClick(View arg0) { // TODO Auto-generated method stub usernameText = username.getText().toString(); passwordText = password.getText().toString(); Log.d("DEBUG", "USERNAME: " + usernameText); Log.d("DEBUG", "PASSWORD: " + passwordText); doLogin(usernameText, passwordText); } }); } private void doLogin(String usernameText, String passwordText) { MyLoginThread myLoginThread = new MyLoginThread(usernameText, passwordText); myLoginThread.start(); } private class MyLoginThread extends Thread { private String logUsername = null; private String logPassword = null; public MyLoginThread(String logUsername, String logPassword) { this.logUsername = logUsername; this.logPassword = logPassword; } @Override public void run() { // TODO Auto-generated method stub // 首先采用socket方式模拟浏览器发出第一个Post请求访问第一个网页(携带的参数是username和 password, 消息头以及消息体必须遵守post/get的严格格式) // 之后得到第一个网页的HttpResponse, 从中提取出由服务器加密之后的username和password // 第一个网页由于返回状态码302因而需要进行重定向到真正的DashBoard即登录成功页面 // 重定向是需要重新发送一个请求, 通过FireBug可以得知需要得到的是GET请求 // 并且携带的cookie是包含上次请求返回的加密之后username和password // 所以这次模拟的重定向可以直接使用HttpGet, 然后调用httpGet.addHeader("Cookie", 加密之后的用户名 + 加密之后的密码 + 其他信息(是静态的信息, 可以由FireBug探测得知)); // 從而得到真正的DashBoard页面 // 为什么第一次请求需要用底层的socket呢?而不直接使用HttpPost/HttpClient呢?可以通过使用相应方法(getHeaders()?getCookie()?)得到cookies, 而不需要自己来拼串 // 原因是发现第一次的请求返回的cookies, 是 httpOnly的, 采用HttpClient方式遍历headers可以发现是打印不出来的!也就是说不能用上层的这些方法了 // 所以之后采用socket方法模拟POST请求了, 得到的是未经过加工处理的response, 采用String的相应方法拼串可以提取出cookies try { Socket socket = new Socket(serverIpAddress, 80); BufferedReader br = new BufferedReader(new InputStreamReader( socket.getInputStream(), "UTF-8")); OutputStream os = socket.getOutputStream(); StringBuffer sb = new StringBuffer( "POST /wp-login.php HTTP/1.1\r\n"); sb.append("Host: atom.student.utwente.nl\r\n"); sb.append("Connection: keep-alive\r\n"); sb.append("Content-Length: 114\r\n"); sb.append("Cache-Control: max-age=0\r\n"); sb.append("Origin: http://atom.student.utwente.nl\r\n"); sb.append("User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1\r\n"); sb.append("Content-Type: application/x-www-form-urlencoded\r\n"); sb.append("Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"); sb.append("Referer: http://atom.student.utwente.nl/wp-login.php\r\n"); sb.append("Accept-Encoding: gzip,deflate,sdch"); sb.append("Accept-Language: en,en-US;q=0.8,zh;q=0.6,zh-CN;q=0.4,nl;q=0.2\r\n"); sb.append("Accept-Charset: UTF-8,*;q=0.5\r\n"); sb.append("Cookie: wordpress_polylang=en; wp-settings-1=imgsize%3Dfull%26editor%3Dhtml%26hidetb%3D1%26libraryContent%3Dbrowse; wp-settings-time-1=1357880535; wordpress_test_cookie=WP+Cookie+check\r\n"); sb.append("\r\n"); sb.append(URLEncoder.encode("log", "UTF-8")); sb.append("="); sb.append(URLEncoder.encode(logUsername, "UTF-8")); sb.append("&"); sb.append(URLEncoder.encode("pwd", "UTF-8")); sb.append("="); sb.append(URLEncoder.encode(logPassword, "UTF-8")); sb.append("&"); sb.append(URLEncoder.encode("wp-submit", "UTF-8")); sb.append("="); sb.append(URLEncoder.encode("Log In", "UTF-8")); sb.append("&"); sb.append(URLEncoder.encode("redirect_to", "UTF-8")); sb.append("="); sb.append(URLEncoder.encode( "http://atom.student.utwente.nl/wp-admin/", "UTF-8")); sb.append("&"); sb.append(URLEncoder.encode("testcookie", "UTF-8")); sb.append("="); sb.append(URLEncoder.encode("1", "UTF-8")); os.write(sb.toString().getBytes()); String tmp = ""; StringBuffer resultBuffer = new StringBuffer(); while ((tmp = br.readLine()) != null) { System.out.println(tmp); resultBuffer.append(tmp); } int usernameStartPosition = resultBuffer .indexOf(encodedUsername) + encodedUsername.length(); int passwordStartPosition = resultBuffer .indexOf(encodedPassword) + encodedPassword.length(); encodedUsernameText = resultBuffer.substring( usernameStartPosition, usernameStartPosition + 47); encodedPasswordText = resultBuffer.substring( passwordStartPosition, passwordStartPosition + 47); System.out.println("encodedUsernameText: " + encodedUsernameText); System.out.println("encodedPasswordText: " + encodedPasswordText); os.close(); br.close(); DefaultHttpClient httpClient = new DefaultHttpClient(); HttpGet httpGet = new HttpGet( "http://atom.student.utwente.nl/wp-admin/"); httpGet.addHeader( "Cookie", encodedUsername + encodedUsernameText + "; wordpress_polylang=en; wp-settings-1=imgsize%3Dfull%26editor%3Dhtml%26hidetb%3D1%26libraryContent%3Dbrowse; wp-settings-time-1=1357880535; wordpress_test_cookie=WP+Cookie+check; " + encodedPassword + encodedPasswordText); HttpResponse httpResponse = null; httpResponse = httpClient.execute(httpGet); HttpEntity httpEntity = null; String resultText = null; if (httpResponse.getStatusLine().getStatusCode() == 200) { System.out.println("LOGIN SUCCEED!"); Toast.makeText(LoginActivity.this, "LOGIN SUCCEED!", Toast.LENGTH_SHORT) .show(); httpEntity = httpResponse.getEntity(); resultText = EntityUtils.toString(httpEntity, "UTF-8"); System.out.println(resultText); } else { Toast.makeText(LoginActivity.this, "Invalid Username or Password!", Toast.LENGTH_SHORT) .show(); } } catch (UnknownHostException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (IOException e) { // TODO Auto-generated catch block e.printStackTrace(); } super.run(); } } private class MyAnimationMoveListener implements AnimationListener { @Override public void onAnimationEnd(Animation animation) { // TODO Auto-generated method stub // clear all animations leftBall.clearAnimation(); rightBall.clearAnimation(); findViewById(R.id.loginlay3).clearAnimation(); findViewById(R.id.loginlay4).clearAnimation(); findViewById(R.id.loginlay5).clearAnimation(); // widgets translations & invisiable RelativeLayout.LayoutParams params = new RelativeLayout.LayoutParams( leftBall.getWidth(), leftBall.getHeight()); // params.leftMargin = (screenWidth / 2 - leftBall.getWidth() - // screenWidth / 3); params.addRule(RelativeLayout.LEFT_OF, R.id.loginlay3); leftBall.setLayoutParams(params); RelativeLayout.LayoutParams params2 = new RelativeLayout.LayoutParams( rightBall.getWidth(), rightBall.getHeight()); params2.addRule(RelativeLayout.RIGHT_OF, R.id.loginlay3); rightBall.setLayoutParams(params2); System.out.println("rightSpace: " + rightBall.getRight()); // rightBall.setLayoutParams(params2); findViewById(R.id.loginlay3).setVisibility(View.VISIBLE); findViewById(R.id.loginlay4).setVisibility(View.VISIBLE); findViewById(R.id.loginlay5).setVisibility(View.VISIBLE); } @Override public void onAnimationRepeat(Animation animation) { // TODO Auto-generated method stub } @Override public void onAnimationStart(Animation animation) { // TODO Auto-generated method stub } } private class MyAnimationReturnListener implements AnimationListener { @Override public void onAnimationEnd(Animation animation) { // TODO Auto-generated method stub // clear all animations leftBall.clearAnimation(); rightBall.clearAnimation(); findViewById(R.id.loginlay3).clearAnimation(); findViewById(R.id.loginlay4).clearAnimation(); findViewById(R.id.loginlay5).clearAnimation(); // widgets translations & invisiable RelativeLayout.LayoutParams params = new RelativeLayout.LayoutParams( leftBall.getWidth(), leftBall.getHeight()); params.addRule(RelativeLayout.LEFT_OF, R.id.nothing); leftBall.setLayoutParams(params); RelativeLayout.LayoutParams params2 = new RelativeLayout.LayoutParams( rightBall.getWidth(), rightBall.getHeight()); params2.addRule(RelativeLayout.RIGHT_OF, R.id.left_ball); rightBall.setLayoutParams(params2); findViewById(R.id.loginlay3).setVisibility(View.INVISIBLE); findViewById(R.id.loginlay4).setVisibility(View.INVISIBLE); findViewById(R.id.loginlay5).setVisibility(View.INVISIBLE); } @Override public void onAnimationRepeat(Animation animation) { // TODO Auto-generated method stub } @Override public void onAnimationStart(Animation animation) { // TODO Auto-generated method stub } } private void startAllWidgetAnimation(boolean hasAnimated) { int leftBallTranslation = 0; int rightBallTranslation = 0; MyAnimationReturnListener returnListener = new MyAnimationReturnListener(); MyAnimationMoveListener moveListener = new MyAnimationMoveListener(); AlphaAnimation anim3 = null; Animation anim2 = null; Animation anim1 = null; if (false == hasAnimated) { leftBallTranslation = -findViewById(R.id.loginlay3).getWidth() / 2; System.out.println("R.id.loginlay3 width: " + findViewById(R.id.loginlay3).getWidth()); rightBallTranslation = -leftBallTranslation; anim3 = new AlphaAnimation(0.0f, 1.0f); anim3.setAnimationListener(moveListener); } else { leftBallTranslation = findViewById(R.id.loginlay3).getWidth() / 2; rightBallTranslation = -leftBallTranslation; anim3 = new AlphaAnimation(1.0f, 0.0f); anim3.setAnimationListener(returnListener); } anim1 = new TranslateAnimation(0, leftBallTranslation, 0, 0); anim1.setDuration(2000); anim1.setFillAfter(true); anim2 = new TranslateAnimation(0, rightBallTranslation, 0, 0); anim2.setDuration(2000); anim2.setFillAfter(true); // if (false == hasAnimated) // { // anim1.setAnimationListener(moveListener); // anim2.setAnimationListener(moveListener); // } else // { // anim1.setAnimationListener(returnListener); // anim2.setAnimationListener(returnListener); // } leftBall.startAnimation(anim1); rightBall.startAnimation(anim2); // edit text animation anim3.setStartOffset(1000); anim3.setDuration(1000); anim3.setFillAfter(true); // usernameTag & usernameText layer animation ((LinearLayout) findViewById(R.id.loginlay3)).startAnimation(anim3); // passwordTag & passwordText layer animation ((LinearLayout) findViewById(R.id.loginlay4)).startAnimation(anim3); // submit button animation ((LinearLayout) findViewById(R.id.loginlay5)).startAnimation(anim3); } public void myClickHandler(final View view) { int id = view.getId(); if ((id == R.id.left_ball || id == R.id.right_ball) && false == isAnimated) { // leftBall moves left, rightBall moves right, loginField turns // visible startAllWidgetAnimation(false); isAnimated = true; } else if (true == isAnimated) { // leftBall moves right, rightBall moves left, loginField turns // invisible, return to initial state startAllWidgetAnimation(true); isAnimated = false; } } private void getAllWidgets() { metrics = new DisplayMetrics(); getWindowManager().getDefaultDisplay().getMetrics(metrics); // screenWidth = metrics.widthPixels; leftBall = (Button) findViewById(R.id.left_ball); rightBall = (Button) findViewById(R.id.right_ball); submit = (Button) findViewById(R.id.login_submit); username = (EditText) findViewById(R.id.username); password = (EditText) findViewById(R.id.password); } }
相关推荐
### Cookie设置httpOnly和secure属性实现及问题 #### 一、引言 在现代Web开发中,保护用户的隐私和数据安全至关重要。其中一种常见的做法就是通过设置Cookie的`httpOnly`和`secure`属性来增强安全性。这两个属性...
当一个Cookie被设置为HttpOnly时,JavaScript无法通过Document.cookie API或其他方式访问到这个Cookie。这样一来,即使网页中存在XSS漏洞,恶意脚本也无法窃取到包含敏感信息的Cookie,从而降低了攻击者盗取用户身份...
在iOS开发中,为了实现WebView自动登录功能,通常会利用Cookie技术来保存用户的身份信息,以便用户下次打开应用时能够直接进入已登录状态,无需再次输入用户名和密码。本文将详细探讨Cookie与WebView的结合使用,...
完整获取webBrowser1的Cookie HttpOnly的Cookie
`HttpOnly`是服务器在设置cookie时可以添加的一个属性,其主要目的是防止客户端脚本(如JavaScript)访问或修改该cookie。这是因为很多跨站脚本攻击(XSS)都试图通过JavaScript获取或篡改用户的cookie信息,从而...
一、属性说明: 1 secure属性 ...也就是说两个属性,并不能解决cookie在本机出现的信息泄漏的问题(FireFox的插件FireBug能直接看到cookie的相关信息)。 二、实例 项目架构环境:jsp+servlet+applet
在移动应用开发中,尤其是Android应用,经常需要在原生应用程序(Native App)与嵌入的WebView之间实现用户登录状态的共享。这涉及到一个关键的技术点:如何保持和传递登录cookie,使得用户在原生应用登录后,...
实现这一功能的一种常见方法是通过在用户的浏览器中设置Cookie来保存登录状态。 #### 二、技术原理 Cookie是一种小型的数据文件,通常由服务器生成并发送到用户浏览器上。浏览器会将Cookie保存起来,并在后续请求...
1. Wordpress后台登录问题:文件标题“Wordpress后台登录不跳转.pdf”提示我们,这篇文档可能涉及到Wordpress后台登录功能故障的问题,即用户在输入正确的登录凭证后,系统没有按预期跳转到后台管理页面。...
Cookie 的 HttpOnly 设置详解 Cookie 是一种小型文本文件,由 Web 服务器保存在用户浏览器(客户端)上,用来存储用户信息。Cookie 通常用于辨别用户身份、进行 session 跟踪。Cookie 可以包含一些不敏感的信息,如...
在Web开发中,Cookie是服务器发送到客户端浏览器并存储的一小块数据,用于跟踪用户状态和存储相关信息。然而,有些Cookie被标记为`HttpOnly`,这意味着它们不能通过JavaScript等客户端脚本语言访问,以增加安全性,...
**标题解析:**“mvc中cookie安全”这个标题聚焦于在使用Model-View-Controller (MVC)架构的Web应用程序中处理Cookie的安全性问题。在Web开发中,Cookie常用于存储用户状态信息,如会话ID,但如果不妥善管理,可能会...
在Web开发中,Session和Cookie是两种常见的会话管理机制。Cookie主要负责在客户端和服务器之间传递信息,而Session则是服务器端存储用户状态的一种手段。本文重点讨论的是Cookie中的两个重要属性:`secure`和`...
"了解 .net 获取浏览器 Cookie(包括 HttpOnly)实例分享" 在本文中,我们将探讨如何在 .net 环境中获取浏览器 Cookie,包括 HttpOnly 类型的 Cookie。 HttpOnly Cookie 是一种特殊类型的 Cookie,用于保护用户的...
HttpOnly属性是一种安全特性,用于防止客户端脚本访问Cookie,从而降低某些类型的跨站脚本攻击(XSS)的风险。 在.NET中获取HttpOnly Cookie通常较为困难,因为HttpOnly属性就是用来防止脚本访问的。但是.NET ...
在Web开发中,Cookie是一种重要的技术,用于存储用户状态和信息。然而,随着网络安全问题的日益突出,Cookie的安全性成为了关注焦点。HTTPOnly属性的引入就是为了增强Cookie的安全性,防止恶意JavaScript代码通过...
然而,在某些情况下,如网站在登录验证成功后直接进行重定向操作时,可能会导致Cookie丢失的问题。这对于爬虫来说是个不小的挑战。 #### 一、问题分析 在登录验证成功后,服务器往往会将用户重定向到另一个页面,...
Cookie 路径属性安全设置 Cookie 是 HTTP 协议中的一种...从代码解决可以通过设置 Cookie 的路径属性来处理问题,而从容器本身解决可以通过配置容器的设置来处理问题。无论哪种思路,都是为了保护项目路径的安全。
在Java Web开发中,Cookie是客户端存储数据的一种方式,它用于在用户浏览器和服务器之间传递信息,实现会话管理、个性化设置等功能。本主题将详细讲解如何使用Java进行Cookie的读写操作,以及如何利用Cookie实现记住...
在Web开发中,用户登录是常见的功能之一,而使用Cookie技术可以有效地简化这一过程,提供更流畅的用户体验。本练习将探讨如何利用Cookie来管理用户的登录状态,从而避免频繁地发送登录请求。以下是对这个主题的详细...