问题
In a browser's REST Client, when I post to this URL
https://rally1.rallydev.com/slm/webservice/v2.0/HierarchicalRequirement/create?key=123abc
with this request body:
{
"HierarchicalRequirement":
{"Name": "mystory"}
}
it works, but
curl -u 'user@co.com:password' -H "Content-Type: application/json" -d '{"HierarchicalRequirement": {"Name": "mystory"}}' https://rally1.rallydev.com/slm/webservice/v2.0/HierarchicalRequirement/create?key=123abc
produces an invalid key error:
{"CreateResult": {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "Errors": ["Not authorized to perform action: Invalid key"], "Warnings": []}}
I thought initially that the security key expires (does it ever?) but reused it again successfully in the REST client.
回答1:
An Authorization key is valid for as long as the HTTP session is valid. The difference between the browser REST client and your command-line curl is that the browser is automatically maintaining the HTTP session via a session cookie. Without session cookies, each curl request constitutes a new HTTP session.
You can tell curl to store a session cookie in order to persist the HTTP session. Here's how:
$ curl -u "user@company.com:topsecret" https://rally1.rallydev.com/slm/webservice/v2.0/security/authorize -c cookie.txt
Response:
{ "OperationResult" : { "Errors" : [ ],
"SecurityToken" : "fb34ea43-21b9-314f-e23d-1c8ad281b42b",
"Warnings" : [ ],
"_rallyAPIMajor" : "2",
"_rallyAPIMinor" : "0"
} }
Note the session ID information in the cookie:
$ more cookie.txt
# Netscape HTTP Cookie File
# http://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
#HttpOnly_rally1.rallydev.com FALSE / TRUE 0 JSESSIONID qs-app-tutewruthe4p3favagatR4qakat.qs-app-02
#HttpOnly_.rally1.rallydev.com TRUE / TRUE 0 ZSESSIONID thUZExetAxAj6JaquStaZaPresPe8He3aPhawAb2pU
#HttpOnly_.rally1.rallydev.com TRUE / TRUE 0 SUBBUCKETID 4343
Finally, issue the create command with curl, using the token you obtained via the authorize endpoint, and the -b flag for curl to specify the cookie file:
$ curl -u 'user@company.com:topsecret' -H "Content-Type: application/json" -d '{"HierarchicalRequirement": {"Name": "mystory"}}' https://rally1.rallydev.com/slm/webservice/v2.0/HierarchicalRequirement/create?key=fb34ea43-21b9-314f-e23d-1c8ad281b42b -b cookie.txt
Response:
{ "CreateResult" : { "Errors" : [ ],
"Object" : {
"CreationDate" : "2013-07-06T15:00:32.380Z",
"LastUpdateDate" : "2013-07-06T15:00:32.437Z",
"Name" : "mystory",
"ObjectID" : 12345678920,
"Project" : { "_rallyAPIMajor" : "2",
"_rallyAPIMinor" : "0",
"_ref" : "https://rally1.rallydev.com/slm/webservice/v2.0/project/12345678911",
"_refObjectName" : "My Project",
"_type" : "Project"
},
"Rank" : 10433947185.0,
"Subscription" : { "_rallyAPIMajor" : "2",
"_rallyAPIMinor" : "0",
"_ref" : "https://rally1.rallydev.com/slm/webservice/v2.0/subscription/12345678912",
"_refObjectName" : "My Subscription",
"_type" : "Subscription"
},
"Workspace" : { "_rallyAPIMajor" : "2",
"_rallyAPIMinor" : "0",
"_ref" : "https://rally1.rallydev.com/slm/webservice/v2.0/workspace/12345678913",
"_refObjectName" : "My Workspace",
"_type" : "Workspace"
},
"_CreatedAt" : "just now",
},
"Warnings" : [ ],
"_rallyAPIMajor" : "2",
"_rallyAPIMinor" : "0"
} }
来源:https://stackoverflow.com/questions/17498650/the-same-wsapi-v2-0-security-key-works-in-a-rest-client-but-produces-invalid-ke