我们尝试发送几个请求到目标服务器在一个HttpClient的（一个会话）。目标服务器将首先进行身份验证与摘要式身份验证（基于MD5-SESS）的所有请求。结果表明，只有第一接入是成功的。以下是访问服务器所拒绝，因为服务器将访问后的重放攻击为NC值始终为00000001。

We try to send several requests to target server in one HttpClient (one session). The target server will first authenticate all requests with digest authentication (based on MD5-sess). The result shows that only first access is successful. The following accesses are rejected by server because server treats later accesses as replay attack as the "nc" value is always "00000001".

看来Android的硬件的HttpClient codeD消化授权头attirbuteNC到00000001？

It seems Android HttpClient hard-coded digest authorization header attirbute "nc" to "00000001"?

任何方式在发送新的请求的客户端，以增加该值？谢谢你。

Any way for client to increase this value when new request is sent? Thanks.

公共类HttpService的{

public class HttpService {

private static final HttpService instance = new HttpService();
private HttpService() {
    client = getHttpClient();
}

public static HttpService getInstance() {
    return instance;
}

private DefaultHttpClient getHttpClient() {
    HttpParams params = new BasicHttpParams();
    HttpConnectionParams.setStaleCheckingEnabled(params, false);
    HttpConnectionParams.setConnectionTimeout(params, 15 * 1000);
    HttpConnectionParams.setSoTimeout(params, 15 * 1000);
    HttpConnectionParams.setSocketBufferSize(params, 8192);
    HttpProtocolParams.setUserAgent(params, USER_AGENT);

    SchemeRegistry schemeRegistry = new SchemeRegistry();
    Scheme httpScheme = new Scheme("http", PlainSocketFactory.getSocketFactory(), 80);
    Scheme httpsScheme = new Scheme("https", SSLCertificateSocketFactory.getHttpSocketFactory(30 * 1000, null), 443);
    schemeRegistry.register(httpScheme);
    schemeRegistry.register(httpsScheme);
    ClientConnectionManager manager = new ThreadSafeClientConnManager(params, schemeRegistry);

    //create client
    DefaultHttpClient httpClient = new DefaultHttpClient(manager, params);

    httpClient.getCredentialsProvider().setCredentials(new AuthScope(address, port),
                new UsernamePasswordCredentials(username, password));
}

}

推荐答案

Android的附带提供了Apache的HttpClient的一个非常过时的（pre-BETA）叉。目前已在现有版本的HttpClient变化的无数自4.0 ALPHA，也在文摘AUTH区域。

Android ships with an extremely outdated (pre-BETA) fork of Apache HttpClient. There has been a countless number of changes in the stock version of HttpClient since 4.0 ALPHA, also in the Digest auth area.

你能做的最好的事情是把DigestScheme从股市版本的Apache HttpClient的复制和配置应用程序使用的副本，而不是默认的实现。

The best thing you can do is to copy the DigestScheme from the stock version of Apache HttpClient and configure your application to use the copy instead of the default implementation.

http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/DigestScheme.java

有关这个目的，你将与权威性计划登记注册自定义DigestSchemeFactory实例。

For that end you will have to register a custom DigestSchemeFactory instance with the auth scheme registry.

http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/DigestSchemeFactory.java