hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Spammed TooMuch <spamcola...@yahoo.com>
Subject Re: Help on Digest Auth
Date Sat, 27 Jan 2007 00:57:16 GMT
  >          Please Could any body tell me how to set the authentication type to 
> Digest at the
>   first time itself(without asking for 407) in case proxy authentication.

no way. Digest Auth is a challenge-response authentication scheme.
You *need* a challenge from the server, there is no way around it.

  OK, so the first page in realm requires the challenge-response -- but what about the following
pages?  I need to access pages on a web-server/device that appears to only challenge on the
/index.html page.  It will not reply with the contents of any other page if the request for
it doesn't have the 
  Authorization: Digest username="****" ...
  request header.  I see this from sniffing out the headers when connected to the device via
firefox or IE.  Oleg said in an earlier reply, only Basic can be preemptive -- but is that
for just the first page?  The request-challenge-request is fine for the first page.  Please,
someone, tell me how to make the HTTPClient "remember" it already has the 
  Authorization from the previous request!  I've been at this for a while...
  If it helps, here is the sample code I'm using, it is a slightly revamped BasicAuthenticationExample.java.
 I get the first page fine.  Sniffing the headers I see it trying Basic first, despite asking
for Digest. OK fine, but the second get also tries Basic first, forgetting all about the authorization
it already figured out in the first request!  The result is this particular device will reply
with an error page asking you to come in through the front door.  I'm not doing anything bad
-- I'm just trying to automate what is currently a web page only device initialization.
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.httpclient.auth.AuthScope;
import org.apache.commons.httpclient.methods.GetMethod;
 * Uses HttpClient to perform a GET using Digest
 * Authentication for the index.html and pre-emptive
 * authorization for the menu.html.
public class getFirst2 
     final static private String gIp = "";
   final static private int gPort = 4242;
   final static private String gDefUser = "admin";
   final static private String gDefPassWord = "admin";
   final static private String gRealm = "Fubar Device";
     * Constructor for getFirst2.
    public getFirst2() {
      public static void main(String[] args) throws Exception {
        HttpClient client = new HttpClient();
        java.util.List<String> authPrefs = new java.util.ArrayList<String>(1);
        // pass our credentials to HttpClient, they will only be used for
        // authenticating to servers with given realm on the host.
            new AuthScope(gIp, gPort, gRealm),
            new UsernamePasswordCredentials(gDefUser, gDefPassWord)
          // create a GET method
        GetMethod get = new GetMethod("http://" + gIp + ":" + gPort + "/");
          // Tell the GET method to automatically handle authentication.
        get.setDoAuthentication( true );
          try {
            // execute the GET
            System.out.println( "Getting " + get.getURI() + "\n" );
            int status = client.executeMethod( get );
              // print the status and response
            System.out.println(status + "\n" + get.getResponseBodyAsString());
            get = new GetMethod("http://" + gIp + ":" + gPort + "/menu.htm");
              // execute the GET
            System.out.println( "Getting " + get.getURI() + "\n" );
            status = client.executeMethod( get );
            // print the status and response
            System.out.println(status + "\n" + get.getResponseBodyAsString());
        } finally {
            // release any connection resources used by the method

The fish are biting.
 Get more visitors on your site using Yahoo! Search Marketing.
  • Unnamed multipart/alternative (inline, 8-Bit, 0 bytes)
View raw message