commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rpor...@saguaro.ro
Subject [HttpClient] How to use HttpClient with Form-based Authentication?
Date Wed, 08 Sep 2004 07:56:54 GMT
----- Forwarded by Rares Portan/SPR/RO on 09/08/2004 10:54 AM -----

Rares Portan/SPR/RO 
09/08/2004 10:54 AM

To
Rares Portan/SPR/RO@SPR
cc

Subject
RE: [HttpClient] How to use HttpClient with Form-based Authentication?






Hi, 

Here you have the complete FormLoginDemo.java source and test war( 
logintest.text --- rename to war --- I got a mail-delivery failure when I 
try to attach archives) that can be deployed on Tomcat. The 
authentification POST method was removed from the source because the login 
form page is auto-submited when called from the browser.

The LoginForm.html uses javascript to complete submit on page load the 
login form, the form inputs are filled by default with Tomcat admin user 
and password, you will have to edit this file to perform a correct 
authentication by providing the correct credentials.

The problem still remains, I can't get any page except the login form page 
!






import java.io.File;

import org.apache.commons.httpclient.*;
import org.apache.commons.httpclient.cookie.CookiePolicy;
import org.apache.commons.httpclient.cookie.CookieSpec;
import org.apache.commons.httpclient.methods.*;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/**
 * <p>
 * A example that demonstrates how HttpClient APIs can be used to perform 
 * form-based logon.
 * </p>
 *
 * @author Oleg Kalnichevski
 *
 */
public class FormLoginDemo
{
 
        static{
                System.setProperty("org.apache.commons.logging.Log", 
"org.apache.commons.logging.impl.SimpleLog");
                System.setProperty(
"org.apache.commons.logging.simplelog.showdatetime", "true");
                System.setProperty(
"org.apache.commons.logging.simplelog.log.httpclient.wire", "debug");   
                System.setProperty(
"org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", 
"debug");
        }
 
        private static Log log = LogFactory.getLog(FormLoginDemo.class);
 
    static final String LOGON_SITE = "localhost";
    static final int    LOGON_PORT = 8080;

    public FormLoginDemo() {
        super();
    }


    public static void main(String[] args) throws Exception {

        HttpClient client = new HttpClient();
        client.getHostConfiguration().setHost(LOGON_SITE, LOGON_PORT, 
"http");
 client.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY);

        GetMethod authget = new GetMethod("/logintest/index.html");

        client.executeMethod(authget);
        System.out.println("Login form get: " + 
authget.getStatusLine().toString()); 
        // release any connection resources used by the method 
        authget.releaseConnection();
        // See if we got any cookies
        CookieSpec cookiespec = CookiePolicy.getDefaultSpec();
        Cookie[] initcookies = cookiespec.match(
            LOGON_SITE, LOGON_PORT, "/logintest/", false, 
client.getState().getCookies());
        System.out.println("Initial set of cookies:"); 
        if (initcookies.length == 0) {
            System.out.println("None"); 
        } else {
            for (int i = 0; i < initcookies.length; i++) {
                System.out.println("- " + initcookies[i].toString()); 
            }
        }
        int statuscode = authget.getStatusCode();
        if ((statuscode == HttpStatus.SC_MOVED_TEMPORARILY) ||
            (statuscode == HttpStatus.SC_MOVED_PERMANENTLY) ||
            (statuscode == HttpStatus.SC_SEE_OTHER) ||
            (statuscode == HttpStatus.SC_TEMPORARY_REDIRECT)) {
            Header header = authget.getResponseHeader("location");
            if (header != null) {
                String newuri = header.getValue();
                if ((newuri == null) || (newuri.equals(""))) {
                    newuri = "/";
                }
                System.out.println("Redirect target: " + newuri); 
                GetMethod redirect = new GetMethod(newuri);
                                redirect.setFollowRedirects(true);
                client.executeMethod(redirect);
                System.out.println("Redirect: " + 
redirect.getStatusLine().toString()); 
                // release any connection resources used by the method
                System.out.println(redirect.getResponseBodyAsString());
                redirect.releaseConnection();  
 
            } else {
                System.out.println("Invalid redirect");
                System.exit(1);
            }
        }
 
                // See if we got any cookies
                // The only way of telling whether logon succeeded is 
                // by finding a session cookie
                Cookie[] logoncookies = cookiespec.match(
                        LOGON_SITE, LOGON_PORT, "/logintest/", false, 
client.getState().getCookies());
                System.out.println("Logon cookies:"); 
                if (logoncookies.length == 0) {
                        System.out.println("None"); 
                } else {
                        for (int i = 0; i < logoncookies.length; i++) {
                                System.out.println("- " + 
logoncookies[i].toString()); 
                        }
                }
 
 
                //TRY TO GET AN INNER PAGE
                GetMethod description= new GetMethod("
http://localhost:8080/logintest/secure/securepage.html");
                client.executeMethod(description);
                System.out.println("description: " + 
description.getStatusLine().toString());
                System.out.println(description.getResponseBodyAsString());
                description.releaseConnection();
 
    }
}




LOGS:


2004/09/08 10:37:20:781 EEST [DEBUG] HttpClient - Java version: 1.3.1
2004/09/08 10:37:20:781 EEST [DEBUG] HttpClient - Java vendor: IBM 
Corporation
2004/09/08 10:37:20:781 EEST [DEBUG] HttpClient - Java class path: 
<removed>
2004/09/08 10:37:20:781 EEST [DEBUG] HttpClient - Operating system name: 
Windows XP
2004/09/08 10:37:20:781 EEST [DEBUG] HttpClient - Operating system 
architecture: x86
2004/09/08 10:37:20:781 EEST [DEBUG] HttpClient - Operating system 
version: 5.1
2004/09/08 10:37:20:781 EEST [DEBUG] HttpClient - SUN 1.2: SUN (DSA 
key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; 
X.509 certificates; JKS keystore)
2004/09/08 10:37:20:797 EEST [DEBUG] DefaultHttpParams - Set parameter 
http.useragent = Jakarta Commons-HttpClient/3.0-alpha1
2004/09/08 10:37:20:797 EEST [DEBUG] DefaultHttpParams - Set parameter 
http.protocol.version = HTTP/1.1
2004/09/08 10:37:20:797 EEST [DEBUG] DefaultHttpParams - Set parameter 
http.connection-manager.class = class 
org.apache.commons.httpclient.SimpleHttpConnectionManager
2004/09/08 10:37:20:797 EEST [DEBUG] DefaultHttpParams - Set parameter 
http.protocol.cookie-policy = rfc2109
2004/09/08 10:37:20:797 EEST [DEBUG] DefaultHttpParams - Set parameter 
http.protocol.element-charset = US-ASCII
2004/09/08 10:37:20:797 EEST [DEBUG] DefaultHttpParams - Set parameter 
http.protocol.content-charset = ISO-8859-1
2004/09/08 10:37:20:797 EEST [DEBUG] DefaultHttpParams - Set parameter 
http.dateParser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz, EEEE, dd-MMM-yy 
HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy HH:mm:ss z, EEE, 
dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE dd-MMM-yyyy 
HH:mm:ss z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy HH-mm-ss z, EEE 
dd-MMM-yy HH:mm:ss z, EEE dd MMM yy HH:mm:ss z, EEE,dd-MMM-yy HH:mm:ss z, 
EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy HH:mm:ss z]
2004/09/08 10:37:20:828 EEST [DEBUG] DefaultHttpParams - Set parameter 
http.protocol.cookie-policy = compatibility
2004/09/08 10:37:20:891 EEST [DEBUG] wire - >> "GET /logintest/index.html 
HTTP/1.1[\r][\n]"
2004/09/08 10:37:20:906 EEST [DEBUG] HttpMethodBase - Adding Host request 
header
2004/09/08 10:37:20:906 EEST [DEBUG] wire - >> "User-Agent: Jakarta 
Commons-HttpClient/3.0-alpha1[\r][\n]"
2004/09/08 10:37:20:906 EEST [DEBUG] wire - >> "Host: 
localhost:8080[\r][\n]"
2004/09/08 10:37:20:922 EEST [DEBUG] wire - >> "[\r][\n]"
2004/09/08 10:37:20:922 EEST [DEBUG] wire - << "HTTP/1.1 302 Moved 
Temporarily[\r][\n]"
2004/09/08 10:37:20:922 EEST [DEBUG] wire - << "Pragma: No-cache[\r][\n]"
2004/09/08 10:37:20:922 EEST [DEBUG] wire - << "Cache-Control: 
no-cache[\r][\n]"
2004/09/08 10:37:20:922 EEST [DEBUG] wire - << "Expires: Thu, 01 Jan 1970 
00:00:00 GMT[\r][\n]"
2004/09/08 10:37:20:922 EEST [DEBUG] wire - << "Set-Cookie: 
JSESSIONID=9C94E66B415FFB1D67E967CACCA94B53; Path=/logintest[\r][\n]"
2004/09/08 10:37:20:922 EEST [DEBUG] wire - << "Location: 
http://localhost:8080/logintest/LoginForm.html;jsessionid=9C94E66B415FFB1D67E967CACCA94B53[\r][\n]"
2004/09/08 10:37:20:922 EEST [DEBUG] wire - << "Content-Length: 0[\r][\n]"
2004/09/08 10:37:20:922 EEST [DEBUG] wire - << "Date: Wed, 08 Sep 2004 
07:37:20 GMT[\r][\n]"
2004/09/08 10:37:20:922 EEST [DEBUG] wire - << "Server: 
Apache-Coyote/1.1[\r][\n]"
2004/09/08 10:37:21:094 EEST [DEBUG] HttpMethodBase - Cookie accepted: 
"JSESSIONID=9C94E66B415FFB1D67E967CACCA94B53"
2004/09/08 10:37:21:094 EEST [DEBUG] HttpMethodDirector - Redirect 
required
2004/09/08 10:37:21:094 EEST [DEBUG] HttpMethodDirector - Redirect 
requested to location 
'http://localhost:8080/logintest/LoginForm.html;jsessionid=9C94E66B415FFB1D67E967CACCA94B53'
2004/09/08 10:37:21:109 EEST [DEBUG] HttpMethodDirector - Redirecting from 
'http://localhost:8080/logintest/index.html' to 
'http://localhost:8080/logintest/LoginForm.html;jsessionid=9C94E66B415FFB1D67E967CACCA94B53
2004/09/08 10:37:21:109 EEST [DEBUG] HttpMethodDirector - Execute redirect 
1 of 100
2004/09/08 10:37:21:109 EEST [DEBUG] HttpMethodBase - Resorting to 
protocol version default close connection policy
2004/09/08 10:37:21:109 EEST [DEBUG] HttpMethodBase - Should NOT close 
connection, using HTTP/1.1
2004/09/08 10:37:21:109 EEST [DEBUG] HttpConnection - Connection is 
locked.  Call to releaseConnection() ignored.
2004/09/08 10:37:21:109 EEST [DEBUG] wire - >> "GET 
/logintest/LoginForm.html;jsessionid=9C94E66B415FFB1D67E967CACCA94B53 
HTTP/1.1[\r][\n]"
2004/09/08 10:37:21:109 EEST [DEBUG] HttpMethodBase - Adding Host request 
header
2004/09/08 10:37:21:109 EEST [DEBUG] wire - >> "User-Agent: Jakarta 
Commons-HttpClient/3.0-alpha1[\r][\n]"
2004/09/08 10:37:21:109 EEST [DEBUG] wire - >> "Host: 
localhost:8080[\r][\n]"
2004/09/08 10:37:21:109 EEST [DEBUG] wire - >> "Cookie: 
JSESSIONID=9C94E66B415FFB1D67E967CACCA94B53[\r][\n]"
2004/09/08 10:37:21:109 EEST [DEBUG] wire - >> "[\r][\n]"
2004/09/08 10:37:21:109 EEST [DEBUG] wire - << "HTTP/1.1 200 OK[\r][\n]"
2004/09/08 10:37:21:109 EEST [DEBUG] wire - << "Pragma: No-cache[\r][\n]"
2004/09/08 10:37:21:109 EEST [DEBUG] wire - << "Cache-Control: 
no-cache[\r][\n]"
2004/09/08 10:37:21:109 EEST [DEBUG] wire - << "Expires: Thu, 01 Jan 1970 
00:00:00 GMT[\r][\n]"
2004/09/08 10:37:21:109 EEST [DEBUG] wire - << "ETag: 
W/"882-1094628071703"[\r][\n]"
2004/09/08 10:37:21:109 EEST [DEBUG] wire - << "Last-Modified: Wed, 08 Sep 
2004 07:21:11 GMT[\r][\n]"
2004/09/08 10:37:21:109 EEST [DEBUG] wire - << "Content-Type: 
text/html[\r][\n]"
2004/09/08 10:37:21:109 EEST [DEBUG] wire - << "Content-Length: 
882[\r][\n]"
Login form get: HTTP/1.1 200 OK
2004/09/08 10:37:21:109 EEST [DEBUG] wire - << "Date: Wed, 08 Sep 2004 
07:37:20 GMT[\r][\n]"
2004/09/08 10:37:21:109 EEST [DEBUG] wire - << "Server: 
Apache-Coyote/1.1[\r][\n]"
Initial set of cookies:
- JSESSIONID=9C94E66B415FFB1D67E967CACCA94B53
Logon cookies:
- JSESSIONID=9C94E66B415FFB1D67E967CACCA94B53
2004/09/08 10:37:21:125 EEST [DEBUG] HttpMethodBase - Resorting to 
protocol version default close connection policy
2004/09/08 10:37:21:125 EEST [DEBUG] HttpMethodBase - Should NOT close 
connection, using HTTP/1.1
2004/09/08 10:37:21:125 EEST [DEBUG] HttpConnection - Releasing connection 
back to connection manager.
2004/09/08 10:37:21:125 EEST [DEBUG] wire - >> "GET 
/logintest/secure/securepage.html HTTP/1.1[\r][\n]"
2004/09/08 10:37:21:125 EEST [DEBUG] HttpMethodBase - Adding Host request 
header
2004/09/08 10:37:21:125 EEST [DEBUG] wire - >> "User-Agent: Jakarta 
Commons-HttpClient/3.0-alpha1[\r][\n]"
2004/09/08 10:37:21:125 EEST [DEBUG] wire - >> "Host: 
localhost:8080[\r][\n]"
2004/09/08 10:37:21:125 EEST [DEBUG] wire - >> "Cookie: 
JSESSIONID=9C94E66B415FFB1D67E967CACCA94B53[\r][\n]"
2004/09/08 10:37:21:125 EEST [DEBUG] wire - >> "[\r][\n]"
2004/09/08 10:37:21:125 EEST [DEBUG] wire - << "HTTP/1.1 302 Moved 
Temporarily[\r][\n]"
2004/09/08 10:37:21:125 EEST [DEBUG] wire - << "Pragma: No-cache[\r][\n]"
2004/09/08 10:37:21:125 EEST [DEBUG] wire - << "Cache-Control: 
no-cache[\r][\n]"
2004/09/08 10:37:21:156 EEST [DEBUG] wire - << "Expires: Thu, 01 Jan 1970 
00:00:00 GMT[\r][\n]"
2004/09/08 10:37:21:156 EEST [DEBUG] wire - << "Location: 
http://localhost:8080/logintest/LoginForm.html[\r][\n]"
2004/09/08 10:37:21:156 EEST [DEBUG] wire - << "Content-Length: 0[\r][\n]"
2004/09/08 10:37:21:156 EEST [DEBUG] wire - << "Date: Wed, 08 Sep 2004 
07:37:20 GMT[\r][\n]"
2004/09/08 10:37:21:156 EEST [DEBUG] wire - << "Server: 
Apache-Coyote/1.1[\r][\n]"
2004/09/08 10:37:21:156 EEST [DEBUG] HttpMethodDirector - Redirect 
required
2004/09/08 10:37:21:156 EEST [DEBUG] HttpMethodDirector - Redirect 
requested to location 'http://localhost:8080/logintest/LoginForm.html'
2004/09/08 10:37:21:219 EEST [DEBUG] HttpMethodDirector - Redirecting from 
'http://localhost:8080/logintest/secure/securepage.html' to 
'http://localhost:8080/logintest/LoginForm.html
2004/09/08 10:37:21:219 EEST [DEBUG] HttpMethodDirector - Execute redirect 
1 of 100
2004/09/08 10:37:21:219 EEST [DEBUG] HttpMethodBase - Resorting to 
protocol version default close connection policy
2004/09/08 10:37:21:219 EEST [DEBUG] HttpMethodBase - Should NOT close 
connection, using HTTP/1.1
2004/09/08 10:37:21:219 EEST [DEBUG] HttpConnection - Connection is 
locked.  Call to releaseConnection() ignored.
2004/09/08 10:37:21:219 EEST [DEBUG] wire - >> "GET 
/logintest/LoginForm.html HTTP/1.1[\r][\n]"
2004/09/08 10:37:21:219 EEST [DEBUG] HttpMethodBase - Adding Host request 
header
2004/09/08 10:37:21:219 EEST [DEBUG] wire - >> "User-Agent: Jakarta 
Commons-HttpClient/3.0-alpha1[\r][\n]"
2004/09/08 10:37:21:219 EEST [DEBUG] wire - >> "Host: 
localhost:8080[\r][\n]"
2004/09/08 10:37:21:219 EEST [DEBUG] wire - >> "Cookie: 
JSESSIONID=9C94E66B415FFB1D67E967CACCA94B53[\r][\n]"
2004/09/08 10:37:21:219 EEST [DEBUG] wire - >> "[\r][\n]"
2004/09/08 10:37:21:234 EEST [DEBUG] wire - << "HTTP/1.1 200 OK[\r][\n]"
2004/09/08 10:37:21:234 EEST [DEBUG] wire - << "Pragma: No-cache[\r][\n]"
2004/09/08 10:37:21:234 EEST [DEBUG] wire - << "Cache-Control: 
no-cache[\r][\n]"
2004/09/08 10:37:21:234 EEST [DEBUG] wire - << "Expires: Thu, 01 Jan 1970 
00:00:00 GMT[\r][\n]"
2004/09/08 10:37:21:234 EEST [DEBUG] wire - << "ETag: 
W/"882-1094628071703"[\r][\n]"
2004/09/08 10:37:21:234 EEST [DEBUG] wire - << "Last-Modified: Wed, 08 Sep 
2004 07:21:11 GMT[\r][\n]"
2004/09/08 10:37:21:234 EEST [DEBUG] wire - << "Content-Type: 
text/html[\r][\n]"description: HTTP/1.1 200 OK

<?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login Test: Login Form</title>
<script language="Javascript">

function login() {
   document.getElementById("login_form").submit();
}

</script>
</head>

<body onload="login();">
<h1>Login Form</h1>

        Welcome to the login page.  You will have to authenticate to get 
access to the secure area:

    <form id="login_form" method="POST" action="j_security_check">

      Username: <input type="text" name="j_username" value="admin" ><br />
      Password: <input type="password" name="j_password" value="admin" 
><br />
          <br />

      <input type="submit" value="Login">
      <input type="reset" value="Reset">

    </form>

</body>
</html>
2004/09/08 10:37:21:234 EEST [DEBUG] wire - << "Content-Length: 
882[\r][\n]"
2004/09/08 10:37:21:234 EEST [DEBUG] wire - << "Date: Wed, 08 Sep 2004 
07:37:20 GMT[\r][\n]"
2004/09/08 10:37:21:234 EEST [DEBUG] wire - << "Server: 
Apache-Coyote/1.1[\r][\n]"
2004/09/08 10:37:21:234 EEST [DEBUG] HttpMethodBase - Buffering response 
body
2004/09/08 10:37:21:234 EEST [DEBUG] HttpMethodBase - Resorting to 
protocol version default close connection policy
2004/09/08 10:37:21:234 EEST [DEBUG] HttpMethodBase - Should NOT close 
connection, using HTTP/1.1
2004/09/08 10:37:21:234 EEST [DEBUG] HttpConnection - Releasing connection 
back to connection manager.
2004/09/08 10:37:21:234 EEST [DEBUG] HttpMethodBase - Default charset 
used: ISO-8859-1





Mime
View raw message