commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ol...@bluewin.ch
Subject RE: [HttpClient] How to use HttpClient with Form-based Authentication?
Date Wed, 08 Sep 2004 10:24:47 GMT
>The authentification POST method was removed from the source because 
> the login form page is auto-submited when called from the browser.
>The LoginForm.html uses javascript to complete submit on page load the 
>login form, the form inputs are filled by default with Tomcat admin user
>and password, you will have to edit this file to perform a correct 
>authentication by providing the correct credentials.
>

HttpClient is not a browser. It is just, well, an HTTP client. It is completely
content agnostic and thus cannot (and is not supposed to) parse the HTML
content and execute the embedded javascript. No wonder the web application
always bounces you back to the logon page, because  the authentication has
never taken place. You still need to execute the logon POST in order to be
authenticated and authorized to access the secure content.

Hope this helps

Oleg



>The problem still remains, I can't get any page except the login form page



>-- Original Message --
>Reply-To: "Jakarta Commons Users List" <commons-user@jakarta.apache.org>
>To: commons-user@jakarta.apache.org
>Subject: [HttpClient] How to use HttpClient with Form-based Authentication?
>From: rportan@saguaro.ro
>Date: Wed, 8 Sep 2004 10:56:54 +0300
>
>
>----- Forwarded by Rares Portan/SPR/RO on 09/08/2004 10:54 AM -----
>
>Rares Portan/SPR/RO 
>09/08/2004 10:54 AM
>
>To
>Rares Portan/SPR/RO@SPR
>cc
>
>Subject
>RE: [HttpClient] How to use HttpClient with Form-based Authentication?
>
>
>
>
>
>
>Hi, 
>
>Here you have the complete FormLoginDemo.java source and test war( 
>logintest.text --- rename to war --- I got a mail-delivery failure when
I
>
>try to attach archives) that can be deployed on Tomcat. The 
>authentification POST method was removed from the source because the login
>
>form page is auto-submited when called from the browser.
>
>The LoginForm.html uses javascript to complete submit on page load the 
>login form, the form inputs are filled by default with Tomcat admin user
>
>and password, you will have to edit this file to perform a correct 
>authentication by providing the correct credentials.
>
>The problem still remains, I can't get any page except the login form page
>
>!
>
>
>
>
>
>
>import java.io.File;
>
>import org.apache.commons.httpclient.*;
>import org.apache.commons.httpclient.cookie.CookiePolicy;
>import org.apache.commons.httpclient.cookie.CookieSpec;
>import org.apache.commons.httpclient.methods.*;
>import org.apache.commons.logging.Log;
>import org.apache.commons.logging.LogFactory;
>
>/**
> * <p>
> * A example that demonstrates how HttpClient APIs can be used to perform
>
> * form-based logon.
> * </p>
> *
> * @author Oleg Kalnichevski
> *
> */
>public class FormLoginDemo
>{
> 
>        static{
>                System.setProperty("org.apache.commons.logging.Log", 
>"org.apache.commons.logging.impl.SimpleLog");
>                System.setProperty(
>"org.apache.commons.logging.simplelog.showdatetime", "true");
>                System.setProperty(
>"org.apache.commons.logging.simplelog.log.httpclient.wire", "debug");  

>                System.setProperty(
>"org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient",
>
>"debug");
>        }
> 
>        private static Log log = LogFactory.getLog(FormLoginDemo.class);
> 
>    static final String LOGON_SITE = "localhost";
>    static final int    LOGON_PORT = 8080;
>
>    public FormLoginDemo() {
>        super();
>    }
>
>
>    public static void main(String[] args) throws Exception {
>
>        HttpClient client = new HttpClient();
>        client.getHostConfiguration().setHost(LOGON_SITE, LOGON_PORT, 
>"http");
> client.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY);
>
>        GetMethod authget = new GetMethod("/logintest/index.html");
>
>        client.executeMethod(authget);
>        System.out.println("Login form get: " + 
>authget.getStatusLine().toString()); 
>        // release any connection resources used by the method 
>        authget.releaseConnection();
>        // See if we got any cookies
>        CookieSpec cookiespec = CookiePolicy.getDefaultSpec();
>        Cookie[] initcookies = cookiespec.match(
>            LOGON_SITE, LOGON_PORT, "/logintest/", false, 
>client.getState().getCookies());
>        System.out.println("Initial set of cookies:"); 
>        if (initcookies.length == 0) {
>            System.out.println("None"); 
>        } else {
>            for (int i = 0; i < initcookies.length; i++) {
>                System.out.println("- " + initcookies[i].toString()); 
>            }
>        }
>        int statuscode = authget.getStatusCode();
>        if ((statuscode == HttpStatus.SC_MOVED_TEMPORARILY) ||
>            (statuscode == HttpStatus.SC_MOVED_PERMANENTLY) ||
>            (statuscode == HttpStatus.SC_SEE_OTHER) ||
>            (statuscode == HttpStatus.SC_TEMPORARY_REDIRECT)) {
>            Header header = authget.getResponseHeader("location");
>            if (header != null) {
>                String newuri = header.getValue();
>                if ((newuri == null) || (newuri.equals(""))) {
>                    newuri = "/";
>                }
>                System.out.println("Redirect target: " + newuri); 
>                GetMethod redirect = new GetMethod(newuri);
>                                redirect.setFollowRedirects(true);
>                client.executeMethod(redirect);
>                System.out.println("Redirect: " + 
>redirect.getStatusLine().toString()); 
>                // release any connection resources used by the method
>                System.out.println(redirect.getResponseBodyAsString());
>                redirect.releaseConnection();  
> 
>            } else {
>                System.out.println("Invalid redirect");
>                System.exit(1);
>            }
>        }
> 
>                // See if we got any cookies
>                // The only way of telling whether logon succeeded is 
>                // by finding a session cookie
>                Cookie[] logoncookies = cookiespec.match(
>                        LOGON_SITE, LOGON_PORT, "/logintest/", false, 
>client.getState().getCookies());
>                System.out.println("Logon cookies:"); 
>                if (logoncookies.length == 0) {
>                        System.out.println("None"); 
>                } else {
>                        for (int i = 0; i < logoncookies.length; i++) {
>                                System.out.println("- " + 
>logoncookies[i].toString()); 
>                        }
>                }
> 
> 
>                //TRY TO GET AN INNER PAGE
>                GetMethod description= new GetMethod("
>http://localhost:8080/logintest/secure/securepage.html");
>                client.executeMethod(description);
>                System.out.println("description: " + 
>description.getStatusLine().toString());
>                System.out.println(description.getResponseBodyAsString());
>                description.releaseConnection();
> 
>    }
>}
>
>
>
>
>LOGS:
>
>
>2004/09/08 10:37:20:781 EEST [DEBUG] HttpClient - Java version: 1.3.1
>2004/09/08 10:37:20:781 EEST [DEBUG] HttpClient - Java vendor: IBM 
>Corporation
>2004/09/08 10:37:20:781 EEST [DEBUG] HttpClient - Java class path: 
><removed>
>2004/09/08 10:37:20:781 EEST [DEBUG] HttpClient - Operating system name:
>
>Windows XP
>2004/09/08 10:37:20:781 EEST [DEBUG] HttpClient - Operating system 
>architecture: x86
>2004/09/08 10:37:20:781 EEST [DEBUG] HttpClient - Operating system 
>version: 5.1
>2004/09/08 10:37:20:781 EEST [DEBUG] HttpClient - SUN 1.2: SUN (DSA 
>key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom;
>
>X.509 certificates; JKS keystore)
>2004/09/08 10:37:20:797 EEST [DEBUG] DefaultHttpParams - Set parameter 
>http.useragent = Jakarta Commons-HttpClient/3.0-alpha1
>2004/09/08 10:37:20:797 EEST [DEBUG] DefaultHttpParams - Set parameter 
>http.protocol.version = HTTP/1.1
>2004/09/08 10:37:20:797 EEST [DEBUG] DefaultHttpParams - Set parameter 
>http.connection-manager.class = class 
>org.apache.commons.httpclient.SimpleHttpConnectionManager
>2004/09/08 10:37:20:797 EEST [DEBUG] DefaultHttpParams - Set parameter 
>http.protocol.cookie-policy = rfc2109
>2004/09/08 10:37:20:797 EEST [DEBUG] DefaultHttpParams - Set parameter 
>http.protocol.element-charset = US-ASCII
>2004/09/08 10:37:20:797 EEST [DEBUG] DefaultHttpParams - Set parameter 
>http.protocol.content-charset = ISO-8859-1
>2004/09/08 10:37:20:797 EEST [DEBUG] DefaultHttpParams - Set parameter 
>http.dateParser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz, EEEE, dd-MMM-yy
>
>HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy HH:mm:ss z, EEE,
>
>dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE dd-MMM-yyyy 
>HH:mm:ss z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy HH-mm-ss z, EEE

>dd-MMM-yy HH:mm:ss z, EEE dd MMM yy HH:mm:ss z, EEE,dd-MMM-yy HH:mm:ss z,
>
>EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy HH:mm:ss z]
>2004/09/08 10:37:20:828 EEST [DEBUG] DefaultHttpParams - Set parameter 
>http.protocol.cookie-policy = compatibility
>2004/09/08 10:37:20:891 EEST [DEBUG] wire - >> "GET /logintest/index.html
>
>HTTP/1.1[\r][\n]"
>2004/09/08 10:37:20:906 EEST [DEBUG] HttpMethodBase - Adding Host request
>
>header
>2004/09/08 10:37:20:906 EEST [DEBUG] wire - >> "User-Agent: Jakarta 
>Commons-HttpClient/3.0-alpha1[\r][\n]"
>2004/09/08 10:37:20:906 EEST [DEBUG] wire - >> "Host: 
>localhost:8080[\r][\n]"
>2004/09/08 10:37:20:922 EEST [DEBUG] wire - >> "[\r][\n]"
>2004/09/08 10:37:20:922 EEST [DEBUG] wire - << "HTTP/1.1 302 Moved 
>Temporarily[\r][\n]"
>2004/09/08 10:37:20:922 EEST [DEBUG] wire - << "Pragma: No-cache[\r][\n]"
>2004/09/08 10:37:20:922 EEST [DEBUG] wire - << "Cache-Control: 
>no-cache[\r][\n]"
>2004/09/08 10:37:20:922 EEST [DEBUG] wire - << "Expires: Thu, 01 Jan 1970
>
>00:00:00 GMT[\r][\n]"
>2004/09/08 10:37:20:922 EEST [DEBUG] wire - << "Set-Cookie: 
>JSESSIONID=9C94E66B415FFB1D67E967CACCA94B53; Path=/logintest[\r][\n]"
>2004/09/08 10:37:20:922 EEST [DEBUG] wire - << "Location: 
>http://localhost:8080/logintest/LoginForm.html;jsessionid=9C94E66B415FFB1D67E967CACCA94B53[\r][\n]"
>2004/09/08 10:37:20:922 EEST [DEBUG] wire - << "Content-Length: 0[\r][\n]"
>2004/09/08 10:37:20:922 EEST [DEBUG] wire - << "Date: Wed, 08 Sep 2004 
>07:37:20 GMT[\r][\n]"
>2004/09/08 10:37:20:922 EEST [DEBUG] wire - << "Server: 
>Apache-Coyote/1.1[\r][\n]"
>2004/09/08 10:37:21:094 EEST [DEBUG] HttpMethodBase - Cookie accepted: 
>"JSESSIONID=9C94E66B415FFB1D67E967CACCA94B53"
>2004/09/08 10:37:21:094 EEST [DEBUG] HttpMethodDirector - Redirect 
>required
>2004/09/08 10:37:21:094 EEST [DEBUG] HttpMethodDirector - Redirect 
>requested to location 
>'http://localhost:8080/logintest/LoginForm.html;jsessionid=9C94E66B415FFB1D67E967CACCA94B53'
>2004/09/08 10:37:21:109 EEST [DEBUG] HttpMethodDirector - Redirecting from
>
>'http://localhost:8080/logintest/index.html' to 
>'http://localhost:8080/logintest/LoginForm.html;jsessionid=9C94E66B415FFB1D67E967CACCA94B53
>2004/09/08 10:37:21:109 EEST [DEBUG] HttpMethodDirector - Execute redirect
>
>1 of 100
>2004/09/08 10:37:21:109 EEST [DEBUG] HttpMethodBase - Resorting to 
>protocol version default close connection policy
>2004/09/08 10:37:21:109 EEST [DEBUG] HttpMethodBase - Should NOT close 
>connection, using HTTP/1.1
>2004/09/08 10:37:21:109 EEST [DEBUG] HttpConnection - Connection is 
>locked.  Call to releaseConnection() ignored.
>2004/09/08 10:37:21:109 EEST [DEBUG] wire - >> "GET 
>/logintest/LoginForm.html;jsessionid=9C94E66B415FFB1D67E967CACCA94B53 
>HTTP/1.1[\r][\n]"
>2004/09/08 10:37:21:109 EEST [DEBUG] HttpMethodBase - Adding Host request
>
>header
>2004/09/08 10:37:21:109 EEST [DEBUG] wire - >> "User-Agent: Jakarta 
>Commons-HttpClient/3.0-alpha1[\r][\n]"
>2004/09/08 10:37:21:109 EEST [DEBUG] wire - >> "Host: 
>localhost:8080[\r][\n]"
>2004/09/08 10:37:21:109 EEST [DEBUG] wire - >> "Cookie: 
>JSESSIONID=9C94E66B415FFB1D67E967CACCA94B53[\r][\n]"
>2004/09/08 10:37:21:109 EEST [DEBUG] wire - >> "[\r][\n]"
>2004/09/08 10:37:21:109 EEST [DEBUG] wire - << "HTTP/1.1 200 OK[\r][\n]"
>2004/09/08 10:37:21:109 EEST [DEBUG] wire - << "Pragma: No-cache[\r][\n]"
>2004/09/08 10:37:21:109 EEST [DEBUG] wire - << "Cache-Control: 
>no-cache[\r][\n]"
>2004/09/08 10:37:21:109 EEST [DEBUG] wire - << "Expires: Thu, 01 Jan 1970
>
>00:00:00 GMT[\r][\n]"
>2004/09/08 10:37:21:109 EEST [DEBUG] wire - << "ETag: 
>W/"882-1094628071703"[\r][\n]"
>2004/09/08 10:37:21:109 EEST [DEBUG] wire - << "Last-Modified: Wed, 08 Sep
>
>2004 07:21:11 GMT[\r][\n]"
>2004/09/08 10:37:21:109 EEST [DEBUG] wire - << "Content-Type: 
>text/html[\r][\n]"
>2004/09/08 10:37:21:109 EEST [DEBUG] wire - << "Content-Length: 
>882[\r][\n]"
>Login form get: HTTP/1.1 200 OK
>2004/09/08 10:37:21:109 EEST [DEBUG] wire - << "Date: Wed, 08 Sep 2004 
>07:37:20 GMT[\r][\n]"
>2004/09/08 10:37:21:109 EEST [DEBUG] wire - << "Server: 
>Apache-Coyote/1.1[\r][\n]"
>Initial set of cookies:
>- JSESSIONID=9C94E66B415FFB1D67E967CACCA94B53
>Logon cookies:
>- JSESSIONID=9C94E66B415FFB1D67E967CACCA94B53
>2004/09/08 10:37:21:125 EEST [DEBUG] HttpMethodBase - Resorting to 
>protocol version default close connection policy
>2004/09/08 10:37:21:125 EEST [DEBUG] HttpMethodBase - Should NOT close 
>connection, using HTTP/1.1
>2004/09/08 10:37:21:125 EEST [DEBUG] HttpConnection - Releasing connection
>
>back to connection manager.
>2004/09/08 10:37:21:125 EEST [DEBUG] wire - >> "GET 
>/logintest/secure/securepage.html HTTP/1.1[\r][\n]"
>2004/09/08 10:37:21:125 EEST [DEBUG] HttpMethodBase - Adding Host request
>
>header
>2004/09/08 10:37:21:125 EEST [DEBUG] wire - >> "User-Agent: Jakarta 
>Commons-HttpClient/3.0-alpha1[\r][\n]"
>2004/09/08 10:37:21:125 EEST [DEBUG] wire - >> "Host: 
>localhost:8080[\r][\n]"
>2004/09/08 10:37:21:125 EEST [DEBUG] wire - >> "Cookie: 
>JSESSIONID=9C94E66B415FFB1D67E967CACCA94B53[\r][\n]"
>2004/09/08 10:37:21:125 EEST [DEBUG] wire - >> "[\r][\n]"
>2004/09/08 10:37:21:125 EEST [DEBUG] wire - << "HTTP/1.1 302 Moved 
>Temporarily[\r][\n]"
>2004/09/08 10:37:21:125 EEST [DEBUG] wire - << "Pragma: No-cache[\r][\n]"
>2004/09/08 10:37:21:125 EEST [DEBUG] wire - << "Cache-Control: 
>no-cache[\r][\n]"
>2004/09/08 10:37:21:156 EEST [DEBUG] wire - << "Expires: Thu, 01 Jan 1970
>
>00:00:00 GMT[\r][\n]"
>2004/09/08 10:37:21:156 EEST [DEBUG] wire - << "Location: 
>http://localhost:8080/logintest/LoginForm.html[\r][\n]"
>2004/09/08 10:37:21:156 EEST [DEBUG] wire - << "Content-Length: 0[\r][\n]"
>2004/09/08 10:37:21:156 EEST [DEBUG] wire - << "Date: Wed, 08 Sep 2004 
>07:37:20 GMT[\r][\n]"
>2004/09/08 10:37:21:156 EEST [DEBUG] wire - << "Server: 
>Apache-Coyote/1.1[\r][\n]"
>2004/09/08 10:37:21:156 EEST [DEBUG] HttpMethodDirector - Redirect 
>required
>2004/09/08 10:37:21:156 EEST [DEBUG] HttpMethodDirector - Redirect 
>requested to location 'http://localhost:8080/logintest/LoginForm.html'
>2004/09/08 10:37:21:219 EEST [DEBUG] HttpMethodDirector - Redirecting from
>
>'http://localhost:8080/logintest/secure/securepage.html' to 
>'http://localhost:8080/logintest/LoginForm.html
>2004/09/08 10:37:21:219 EEST [DEBUG] HttpMethodDirector - Execute redirect
>
>1 of 100
>2004/09/08 10:37:21:219 EEST [DEBUG] HttpMethodBase - Resorting to 
>protocol version default close connection policy
>2004/09/08 10:37:21:219 EEST [DEBUG] HttpMethodBase - Should NOT close 
>connection, using HTTP/1.1
>2004/09/08 10:37:21:219 EEST [DEBUG] HttpConnection - Connection is 
>locked.  Call to releaseConnection() ignored.
>2004/09/08 10:37:21:219 EEST [DEBUG] wire - >> "GET 
>/logintest/LoginForm.html HTTP/1.1[\r][\n]"
>2004/09/08 10:37:21:219 EEST [DEBUG] HttpMethodBase - Adding Host request
>
>header
>2004/09/08 10:37:21:219 EEST [DEBUG] wire - >> "User-Agent: Jakarta 
>Commons-HttpClient/3.0-alpha1[\r][\n]"
>2004/09/08 10:37:21:219 EEST [DEBUG] wire - >> "Host: 
>localhost:8080[\r][\n]"
>2004/09/08 10:37:21:219 EEST [DEBUG] wire - >> "Cookie: 
>JSESSIONID=9C94E66B415FFB1D67E967CACCA94B53[\r][\n]"
>2004/09/08 10:37:21:219 EEST [DEBUG] wire - >> "[\r][\n]"
>2004/09/08 10:37:21:234 EEST [DEBUG] wire - << "HTTP/1.1 200 OK[\r][\n]"
>2004/09/08 10:37:21:234 EEST [DEBUG] wire - << "Pragma: No-cache[\r][\n]"
>2004/09/08 10:37:21:234 EEST [DEBUG] wire - << "Cache-Control: 
>no-cache[\r][\n]"
>2004/09/08 10:37:21:234 EEST [DEBUG] wire - << "Expires: Thu, 01 Jan 1970
>
>00:00:00 GMT[\r][\n]"
>2004/09/08 10:37:21:234 EEST [DEBUG] wire - << "ETag: 
>W/"882-1094628071703"[\r][\n]"
>2004/09/08 10:37:21:234 EEST [DEBUG] wire - << "Last-Modified: Wed, 08 Sep
>
>2004 07:21:11 GMT[\r][\n]"
>2004/09/08 10:37:21:234 EEST [DEBUG] wire - << "Content-Type: 
>text/html[\r][\n]"description: HTTP/1.1 200 OK
>
><?xml version="1.0"?>
><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
>    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
>
><html xmlns="http://www.w3.org/1999/xhtml">
><head>
><title>Login Test: Login Form</title>
><script language="Javascript">
>
>function login() {
>   document.getElementById("login_form").submit();
>}
>
></script>
></head>
>
><body onload="login();">
><h1>Login Form</h1>
>
>        Welcome to the login page.  You will have to authenticate to get
>
>access to the secure area:
>
>    <form id="login_form" method="POST" action="j_security_check">
>
>      Username: <input type="text" name="j_username" value="admin" ><br
/>
>      Password: <input type="password" name="j_password" value="admin" 
>><br />
>          <br />
>
>      <input type="submit" value="Login">
>      <input type="reset" value="Reset">
>
>    </form>
>
></body>
></html>
>2004/09/08 10:37:21:234 EEST [DEBUG] wire - << "Content-Length: 
>882[\r][\n]"
>2004/09/08 10:37:21:234 EEST [DEBUG] wire - << "Date: Wed, 08 Sep 2004 
>07:37:20 GMT[\r][\n]"
>2004/09/08 10:37:21:234 EEST [DEBUG] wire - << "Server: 
>Apache-Coyote/1.1[\r][\n]"
>2004/09/08 10:37:21:234 EEST [DEBUG] HttpMethodBase - Buffering response
>
>body
>2004/09/08 10:37:21:234 EEST [DEBUG] HttpMethodBase - Resorting to 
>protocol version default close connection policy
>2004/09/08 10:37:21:234 EEST [DEBUG] HttpMethodBase - Should NOT close 
>connection, using HTTP/1.1
>2004/09/08 10:37:21:234 EEST [DEBUG] HttpConnection - Releasing connection
>
>back to connection manager.
>2004/09/08 10:37:21:234 EEST [DEBUG] HttpMethodBase - Default charset 
>used: ISO-8859-1
>
>
>
>
>
>Attachment: logintest.txt
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: commons-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org


Mime
View raw message