文档首页/ IdeaHub/ API参考/ 开发指南/ 登录认证/ 登录Login
更新时间:2022-08-25 GMT+08:00
查看PDF
分享

登录Login

应用场景

校验用户名和密码。

前提条件

已请求并返回SessionID。

接口概述

该接口用于验证用户名和密码,验证成功后返回CSRF Token。在使用其他业务功能API时,必须携带CSRF Token。

请求URL

/action.cgi?ActionID=WEB_RequestCertificateAPI

 private static String login(String seesionId, String[] args) {
        String uri = baseUrl + "/action.cgi?ActionID=WEB_RequestCertificateAPI";
        JSONObject bodyParamsJsonObject = new JSONObject();
        bodyParamsJsonObject.put("user", args[args.length - 2]);
        bodyParamsJsonObject.put("password", args[args.length - 1]);

        Map<String, String> header = new HashMap<>();
        header.put("Cookie", seesionId);
        header.put("Content-type", "application/json; charset=UTF-8");
        JSONObject result = HttpClientUtil.post(uri, bodyParamsJsonObject, header);
        if (null != result) {
            try {
                JSONObject tokenObject =new JSONObject(result.get("data").toString());
                Object acCSRFToken = tokenObject.get("acCSRFToken");
                return acCSRFToken.toString();
            } catch (Exception e) {
                 return null;
            }
        } else {
            return null;
        }
    }

登录认证接口请求报文如下:

POST https://192.168.47.99/action.cgi?ActionID=WEB_RequestCertificateAPI HTTP/1.1
Host: 192.168.47.99
Connection: keep-alive
Content-Length: 120
Accept: application/json, text/plain, */*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36
Content-Type: application/json
Origin: https://192.168.47.99
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://192.168.47.99/
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: SessionID=161419d23001a280c8cab12b4c93b1cb1757c5e99243e470d17104aa7314b8ca

{"user":"api","password":"Change_Me"}

登录成功后则返回一个acCSRFToken,后续操作都必须携带该Token。返回的报文如下:

HTTP/1.1 200 OK
Connection: Keep-Alive
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains
Content-Security-Policy: script-src 'self' 'unsafe-eval' 'unsafe-inline' ;img-src 'self'
Content-Type: text/plain
Response-Result: 1
Content-Length: 109

{"success":1,"data":"{\"acCSRFToken\":\"714dc61225ec2babb7a57dabb2bcc2e126b0c8ea67a41c509c2bb77eae7391b6\"}"}
父主题: 登录认证

相关文档