【问题标题】:401 (Unauthorized) when accessing JIRA API with query string使用查询字符串访问 JIRA API 时出现 401(未经授权)
【发布时间】:2014-08-03 16:08:48
【问题描述】:

我正在按照找到 here 的教程创建 JWT 令牌以访问 JIRA 的 REST API。我在不传递 /rest/api/2/project/rest/api/2/issue/ISSUE-KEY 之类的查询字符串的情况下访问端点没有任何问题,但是在尝试传递查询字符串时得到 401 Unauthorized,比如 /rest/api/2/user/assignable/search?project=PROJECT-KEY

我猜我错过了一些东西,特别是规范 URL 的生成,

以下是生成 get 请求和 JWT 令牌的代码:

@Override
public CloseableHttpResponse get(String url) throws HttpException,
        IOException, NoSuchAlgorithmException, ParseException,
        JOSEException {
    CloseableHttpClient client = HttpClientBuilder.create()
            .setUserAgent("Kevin 6.9").build();
    String token = createToken(url, JIRAClient.Method.GET);
    HttpGet method = new HttpGet(jwt.getBaseUrl() + url);
    method.setHeader("Authorization", "JWT " + token);
    return client.execute(method);
}

/**
 * Create JWT token
 * 
 * @return
 * @throws UnsupportedEncodingException
 * @throws NoSuchAlgorithmException
 */
private String createToken(String apiPath, JIRAClient.Method method)
        throws UnsupportedEncodingException, NoSuchAlgorithmException {
    long issuedAt = System.currentTimeMillis() / 1000L;
    long expiresAt = issuedAt + 1000L;
    String httpMethod = method.toString();
    System.out.println(httpMethod);

    String contextPath = "/jira";

    JwtJsonBuilder jwtBuilder = new JsonSmartJwtJsonBuilder()
            .issuedAt(issuedAt).expirationTime(expiresAt)
            .issuer(jwt.getKey());

    HashMap<String, String[]> parameters = new HashMap<String, String[]>();
    CanonicalHttpUriRequest canonical = new CanonicalHttpUriRequest(
            httpMethod, apiPath, contextPath, parameters);
    System.out.println("Canonical : " + canonical.getRelativePath());
    JwtClaimsBuilder.appendHttpRequestClaims(jwtBuilder, canonical);

    JwtWriterFactory jwtWriterFactory = new NimbusJwtWriterFactory();
    String jwtbuilt = jwtBuilder.build();
    String jwtToken = jwtWriterFactory.macSigningWriter(
            SigningAlgorithm.HS256, jwt.getSharedSecret()).jsonToJwt(
            jwtbuilt);

    return jwtToken;
}

请注意,我将一个空的HashMap&lt;String, String[]&gt; 传递给CanonicalHttpUriRequest...这是正确的吗?

【问题讨论】:

    标签: jira jira-plugin canonical-link jwt jira-rest-api


    【解决方案1】:

    显然,Map&lt;String, String[]&gt; 是生成适当的规范 URI 所必需的。

    请注意,我将一个空的 HashMap&lt;String, String[]&gt; 传递给 CanonicalHttpUriRequest...这是正确的吗?

    我修改了我的方法签名,以便可以将其作为参数传递。注意:createQueryString 是我的类中的一个方法,它可以从参数映射中手动创建查询字符串。

    @Override
    public CloseableHttpResponse get(String url,
            @SuppressWarnings("rawtypes") Map parameters) throws Exception {
        CloseableHttpClient client = HttpClientBuilder.create()
                .setUserAgent("Kevin 5.0").build();
        String token = createToken(url, JIRAClient.Method.GET, parameters);
        HttpGet method = new HttpGet(jwt.getBaseUrl() + url
                + createQueryString(parameters));
        method.setHeader("Authorization", "JWT " + token);
        return client.execute(method);
    }
    

    而且它有效。

    @Test
    public void testJQL() throws Exception {
        HashMap param = new HashMap();
        param.put("jql", new String[] {"project=COR"});
        param.put("startAt", new String[] {"0"});
        HttpResponse response = client.get("/rest/api/2/search", param);
        Assert.assertTrue(response.getStatusLine().getStatusCode() == 200);
    }
    

    【讨论】:

      猜你喜欢
      • 2017-11-13
      • 1970-01-01
      • 2020-12-17
      • 1970-01-01
      • 1970-01-01
      • 2022-11-09
      • 2014-05-24
      • 2017-07-06
      • 1970-01-01
      相关资源
      最近更新 更多