|
Topics: |
This section provides code examples that demonstrate how to parse the XML response of a SignOn request to obtain the Cross-Site Request Forgery (CSRF) name and value. The CSRF name and value can then be sent to subsequent POST requests.
|
Topics: |
import java.awt.Desktop;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.File;
import java.io.FileOutputStream;
import java.io.PrintWriter;
import java.net.URI;
import java.net.URISyntaxException;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpException;
import org.apache.commons.httpclient.methods.PostMethod;
import org.xml.sax.SAXException;
/**
* @author
*
*/
public class runReport
{
/**
* @param args
* @throws IOException
* @throws HttpException
* @throws SAXException
* @throws ParserConfigurationException
* @throws URISyntaxException
*/
public static void main(String[] args) throws HttpException, IOException, ParserConfigurationException, SAXException, URISyntaxException
{
String request = "http://localhost:8080/ibi_apps/rs/ibfs";
HttpClient client = new HttpClient();
PostMethod method = new PostMethod(request);
method.addParameter("IBIRS_action", "signOn");
method.addParameter("IBIRS_userName", "admin");
method.addParameter("IBIRS_password", "admin"); client.executeMethod(method);
Header[] cookies = null;
InputStream rstream = null;
rstream = method.getResponseBodyAsStream();
cookies = method.getResponseHeaders("Set-Cookie");
/* parse rstream XML for csrf token */
SAXParserFactory factory = SAXParserFactory.newInstance();
SAXParser parser = factory.newSAXParser();
SaxHandler handler = new SaxHandler();
parser.parse(rstream, handler);
String csrfName = SaxHandler.results[0];
String csrfValue = SaxHandler.results[1];
System.out.println("csrfName = " + csrfName);
System.out.println("csrfValue = " + csrfValue);
String request2 = "http://localhost:8080/ibi_apps/rs/ibfs/WFC/Repository/Tests/car_param.fex";
PostMethod method_report = new PostMethod(request2);
method_report.addParameter("IBIRS_action","run");
method_report.addParameter("COUNTRY","ENGLAND");
method_report.addParameter("CAR","JAGUAR");
method_report.addParameter("MODEL","XJ12L AUTO");
method_report.addParameter(csrfName,csrfValue);
// cookies is defined as Header[] in the Signing-On to WebFOCUS example
for(int h=0; h<cookies.length; h++){
System.out.println(cookies[h]);
method_report.addRequestHeader(cookies[h].getName(), cookies[h].getValue());
}
// client is defined as HttpClient in the Signing-On to WebFOCUS example
int statusCode2 = client.executeMethod(method_report);
InputStream rstream2 = null;
rstream2 = method_report.getResponseBodyAsStream();
File tempfile = new File("c:\\temp\\Report.htm");
FileOutputStream fos = new FileOutputStream(tempfile);
PrintWriter out=new PrintWriter(fos);
BufferedReader br2 = new BufferedReader(new InputStreamReader(rstream2));
String line2;
String newOutput = null;
while ((line2 = br2.readLine()) != null) {
newOutput = line2;
out.println(newOutput);
System.out.println(line2);
}
// bring up the HTML report in the default browser
URI xtempfile = new URI ("file:/c:/temp/Report.htm");
Desktop.getDesktop().browse(xtempfile);
br2.close();
out.close();
}
}The XML Parser class is called SaxHandler and is in a separate class file
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;
public class SaxHandler extends DefaultHandler {
static String[] results = new String[2];
public void startElement(String uri, String localName, String qName, Attributes attributes)
throws SAXException {
if (qName.equals("entry")) {
String keyName = attributes.getValue("key");
if (keyName.equals("IBI_CSRF_Token_Name")) {
String tokenNameKeyValue =
attributes.getValue("value");
System.out.println("key value is " +
tokenNameKeyValue);
results[0] = tokenNameKeyValue;
}
if (keyName.equals("IBI_CSRF_Token_Value")) {
String tokenValueKeyValue =
attributes.getValue("value");
System.out.println("key value is " +
tokenValueKeyValue)
results[1] = tokenValueKeyValue;
}
}
}
}|
Topics: |
Imports System.Net
Imports System.Text
Imports System.IO
Module Module1
Sub Main()
Dim cookies As New CookieContainer
Dim webStream As Stream
Dim webResponse As String = ""
Dim request As HttpWebRequest
Dim response As HttpWebResponse
Dim postData As String
Dim csrf(2) As String
request = WebRequest.Create("http://localhost:8080/ibi_apps/rs/ibfs")
request.Method = "POST"
postData = "IBIRS_action=signOn&IBIRS_userName=admin&IBIRS_password=admin"
request.CookieContainer = cookies
Dim byteArray As Byte() = Encoding.UTF8.GetBytes(postData)
request.ContentType = "application/x-www-form-urlencoded"
request.ContentLength = byteArray.Length
Dim dataStream As Stream = request.GetRequestStream()
dataStream.Write(byteArray, 0, byteArray.Length)
dataStream.Close()
response = request.GetResponse()
webStream = response.GetResponseStream()
Dim webStreamReader As New StreamReader(webStream)
While webStreamReader.Peek >= 0
webResponse = webStreamReader.ReadToEnd()
End While
csrf = XMLParse.XMLParseCSRF.doParseXML(webResponse)
Console.WriteLine("csrf token name is " + csrf(0))
Console.WriteLine("csrf key value is " + csrf(1))
Console.ReadKey()
Dim request2 As HttpWebRequest
Dim response2 As HttpWebResponse
Dim webStream2 As Stream
Dim webResponse2 As String = ""
request2 = WebRequest.Create("http://localhost:8080/ibi_apps/rs/ibfs/WFC/Repository/Tests/car_param.fex")
request2.Method = "POST"
'cookies is defined as CookieContainer in the Signing-On to WebFOCUS example
request2.CookieContainer = cookies
postData = "IBIRS_action=run&COUNTRY=ENGLAND&CAR=JAGUAR&MODEL=XJ12L%20AUTO" + "&" + csrf(0) + "=" + csrf(1)
Dim byteArray2 As Byte() = Encoding.UTF8.GetBytes(postData)
request2.ContentType = "application/x-www-form-urlencoded"
request2.ContentLength = byteArray2.Length Dim dataStream2 As Stream = request2.GetRequestStream()
dataStream2.Write(byteArray2, 0, byteArray2.Length)
dataStream2.Close()
response2 = request2.GetResponse()
webStream2 = response2.GetResponseStream()
'Write to disk
Dim fs As New FileStream("c:\temp\output.htm", FileMode.Create)
Dim read As Byte() = New Byte(255) {}
Dim count As Integer = webStream2.Read(read, 0, read.Length)
While count > 0
fs.Write(read, 0, count)
count = webStream2.Read(read, 0, read.Length)
End While
'Close everything
fs.Close()
webStream2.Close()
Process.Start("c:\temp\output.htm")
End Sub
End ModuleThe XML Parser function is called doParseXML and is located in a separate class file named XMLParseCSRF.vb, which is located in a separate project for reusability.
Imports System.IO
Imports System.Xml
Public Class XMLParseCSRF
Public Shared Function doParseXML(inResponse As String) As String()
Dim results(2) As String
Dim m_xmlr As XmlTextReader = New XmlTextReader(New StringReader(inResponse))
While m_xmlr.Read()
If (m_xmlr.NodeType = XmlNodeType.Element) Then
If m_xmlr.Name = "entry" Then
Dim keyName As String = m_xmlr.GetAttribute("key")
If (keyName = "IBI_CSRF_Token_Name") Then
Dim tokenKeyNameValue As String = m_xmlr.GetAttribute("value")
Console.WriteLine("tokenKeyName value is " + tokenKeyNameValue)
results(0) = tokenKeyNameValue
End If
If (keyName = "IBI_CSRF_Token_Value") Then
Dim tokenValueKeyValue As String = m_xmlr.GetAttribute("value")
Console.WriteLine("tokenValueKey value is " +
tokenValueKeyValue)
results(1) = tokenValueKeyValue
End If
End If
End If
End While
'close the reader
m_xmlr.Close()
Return results
End Function
End Class| WebFOCUS | |
|
Feedback |