我正在学习Apigility (Apigility文档-> REST服务教程),并试图通过cURL发送一个具有基本身份验证的POST请求:

$ curl -X POST -i -H "Content-Type: application/hal+json" -H "Authorization: Basic YXBpdXNlcjphcGlwd2Q=" http://apigilityhw.sandbox.loc/status

YXBpdXNlcjphcGlwd2Q=是基于64编码的字符串,具有我的凭据apiuser:apipwd。凭证保存在/data/htpasswd (apiuser:$apr1$3J4cyqEw$WKga3rQMkxvnevMuBaekg/)。

它是这样的:

HTTP/1.1 401 Unauthorized
Server: nginx/1.4.7
Date: Mon, 22 Sep 2014 07:48:47 GMT
Content-Type: application/problem+json
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.5.12-1~dotdeb.1
WWW-Authenticate: Basic realm="api"

这里的错误在哪里?如何让它工作?


当前回答

curl -u username:password http://
curl -u username http://

从文档页:

-u, --user <user:password> Specify the user name and password to use for server authentication. Overrides -n, --netrc and --netrc-optional. If you simply specify the user name, curl will prompt for a password. The user name and passwords are split up on the first colon, which makes it impossible to use a colon in the user name with this option. The password can, still. When using Kerberos V5 with a Windows based server you should include the Windows domain name in the user name, in order for the server to succesfully obtain a Kerberos Ticket. If you don't then the initial authentication handshake may fail. When using NTLM, the user name can be specified simply as the user name, without the domain, if there is a single domain and forest in your setup for example. To specify the domain name use either Down-Level Logon Name or UPN (User Principal Name) formats. For example, EXAMPLE\user and user@example.com respectively. If you use a Windows SSPI-enabled curl binary and perform Kerberos V5, Negotiate, NTLM or Digest authentication then you can tell curl to select the user name and password from your environment by specifying a single colon with this option: "-u :". If this option is used several times, the last one will be used.

http://curl.haxx.se/docs/manpage.html#-u

注意,你不需要——basic标志,因为它是默认的。

其他回答

curl -u username:password http://
curl -u username http://

从文档页:

-u, --user <user:password> Specify the user name and password to use for server authentication. Overrides -n, --netrc and --netrc-optional. If you simply specify the user name, curl will prompt for a password. The user name and passwords are split up on the first colon, which makes it impossible to use a colon in the user name with this option. The password can, still. When using Kerberos V5 with a Windows based server you should include the Windows domain name in the user name, in order for the server to succesfully obtain a Kerberos Ticket. If you don't then the initial authentication handshake may fail. When using NTLM, the user name can be specified simply as the user name, without the domain, if there is a single domain and forest in your setup for example. To specify the domain name use either Down-Level Logon Name or UPN (User Principal Name) formats. For example, EXAMPLE\user and user@example.com respectively. If you use a Windows SSPI-enabled curl binary and perform Kerberos V5, Negotiate, NTLM or Digest authentication then you can tell curl to select the user name and password from your environment by specifying a single colon with this option: "-u :". If this option is used several times, the last one will be used.

http://curl.haxx.se/docs/manpage.html#-u

注意,你不需要——basic标志,因为它是默认的。

作为标题

AUTH=$(echo -ne "$BASIC_AUTH_USER:$BASIC_AUTH_PASSWORD" | base64 --wrap 0)

curl \
  --header "Content-Type: application/json" \
  --header "Authorization: Basic $AUTH" \
  --request POST \
  --data  '{"key1":"value1", "key2":"value2"}' \
  https://example.com/

弄清楚授权头应该是什么样子的最简单的方法可能是首先运行curl和-u(或将凭证放在URL中)和-v,输出将显示请求头:

$ curl -v -u 'apiuser:apipwd' ... http://apigilityhw.sandbox.loc/status

# OR putting the credentials in the URL: 

$ curl -v ... http://apiuser:apipwd@apigilityhw.sandbox.loc/status
    
# copy and paste the "Authorization" header from the output:
    
$ curl -H 'Authorization: Basic YWRtaW46YXBpcHdk' ... http://apigilityhw.sandbox.loc/status