curl + jsecurity認證

Question

我有一個使用jsecurity插件進行認證的grails應用程序。

如何使用curl發送我的憑證？如果我只是做curl -u用戶名mysite

我得到一個提示輸入密碼，然後什麼都沒有。

我試圖做一個anyauth命令，這是我得到的網站。任何想法爲什麼它返回302？

dcole@DCOLE-L /cygdrive/c/dev 
$ curl --anyauth --verbose http://localhost:8080/SkillsDB 
* About to connect() to localhost port 8080 (#0) 
* Trying ::1... connected 
* Connected to localhost (::1) port 8080 (#0) 
> GET /SkillsDB HTTP/1.1 
> User-Agent: curl/7.20.1 (i686-pc-cygwin) libcurl/7.20.1 OpenSSL/0.9.8o zlib/1. 
2.5 libidn/1.18 libssh2/1.2.5 
> Host: localhost:8080 
> Accept: */* 
> 
< HTTP/1.1 302 Moved Temporarily 
< Server: Apache-Coyote/1.1 
< Location: http://localhost:8080/SkillsDB/ 
< Transfer-Encoding: chunked 
< Date: Thu, 07 Oct 2010 14:32:32 GMT 
< 
* Connection #0 to host localhost left intact 
* Closing connection #0 

這裏，在附加信息：

羅布是正確的，它是基於形式。當我去到地址

http://localhost:8080/SkillsDB/auth/initialLogin 

這是顯示錶單代碼：

<form action="/SkillsDB/auth/initialSignIn" method="post" name="logform" id="logform"> 
<input name="targetUri" value="" type="hidden"> 
<input value="" widgetid="username" tabindex="0" id="username" class="dijit dijitReset dijitLeft dijitTextBox" dojoattachpoint="textbox,focusNode" name="username" dojoattachevent="onmouseenter:_onMouse,onmouseleave:_onMouse,onfocus:_onMouse,onblur:_onMouse,onkeypress:_onKeyPress" autocomplete="off" type="text"></td> 
<input value="" widgetid="password" tabindex="0" id="password" class="dijit dijitReset dijitLeft dijitTextBox" dojoattachpoint="textbox,focusNode" name="password" dojoattachevent="onmouseenter:_onMouse,onmouseleave:_onMouse,onfocus:_onMouse,onblur:_onMouse,onkeypress:_onKeyPress" autocomplete="off" type="password"></td> 
<td style=""><span widgetid="dijit_form_Button_0" class="dijit dijitReset dijitLeft dijitInline dijitButton" dojoattachevent="ondijitclick:_onButtonClick,onmouseenter:_onMouse,onmouseleave:_onMouse,onmousedown:_onMouse"><span class="dijitReset dijitRight dijitInline"><span class="dijitReset dijitInline dijitButtonNode"><button style="-moz-user-select: none;" tabindex="0" value="Log In" id="dijit_form_Button_0" aria-labelledby="dijit_form_Button_0_label" role="button" class="dijitReset dijitStretch dijitButtonContents" dojoattachpoint="titleNode,focusNode" name="" type="submit" wairole="button" waistate="labelledby-dijit_form_Button_0_label"><span class="dijitReset dijitInline" dojoattachpoint="iconNode"><span class="dijitReset dijitToggleButtonIconChar">✓</span></span><span class="dijitReset dijitInline dijitButtonText" id="dijit_form_Button_0_label" dojoattachpoint="containerNode">Log In</span></button></span></span></span></td> 
    </form> 

Answer 1

如果您使用的是基於表單的認證方法，它可能是因爲您將不得不做一個HTTP POST請求你的登錄表單，沿着線的東西：

curl --data="username=foo&password=bar" http://localhost:8080/SkillsDB/login/auth 
# note that '--data' causes the request to be a POST 

我不記得JSecurity的登陸行動是什麼，但你必須更換login/auth（在curl命令一博弗）與它。查看登錄頁面提交的<form>的操作。

請注意，您將在此傳遞密碼爲純文本。您可能想要爲此事務使用HTTPS，但這是一個完全不同的問題。

除非JSecurity將其身份驗證擴展爲使用HTTP基本身份驗證，否則使用--anyauth不太可行，因爲我想curl會使用它來確定正確的HTTP身份驗證方法。

關於您對302的疑問，當您將捲曲參數添加--location會發生什麼？這應該使捲曲遵循響應中返回的Location標題。