hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brijesh Deo" <b...@SonicWALL.com>
Subject Not getting the Redirect Status Code and the Location header after a Form based Successful Login with HC 4.0
Date Wed, 25 Mar 2009 13:02:08 GMT


We have a server where there is Redirect to another page after a
successful Form based login and that happens fine while using the older
api (HttpClient 3.1). With the new API (4.0) however I don't get a
Redirect status code (302) and also the Location header is not present
in the HttpResponse. Instead I get a Http Status Code as 200 in the
Response to HttpPost to the Login Form. But if I use the Older Api, I
get the 302 status and also the Location header with the Redirect URL
value. So there is nothing wrong on the server side.


The Code I am using with HttpClient 3.1 is a modified form of the Sample
code FomLoginDemo.java and it works fine for me.


And the Code I am using with HttpClient 4.0 is the modified form of the
Sample code ClientFormLogin.java. And after a successful login it
returns a status code 200 instead of 302. And there is no Location
header in the response. The entire code is given below.


I have the following questions:

1) What am I missing to do?

2) Do I need to set a RedirectHandler and a RequestInterceptor as I have
done below?

3) Why do I get a response status as 200 after a login instead of a 302
(redirect)? I also get the Post Login cookie indicating that the Login
was successful.

4) Please point to anything extra/wrong that I am doing in my code
below. I have tried to set the request headers in the same way as
Mozilla Firefox does it; still does not work. 

5) I have implemented SecureProtocolProxySocketFactory (implements
org.apache.http.conn.scheme.SocketFactory, LayeredSocketFactory) for
dealing with Self Signed Certs and its working fine.


Please help.







public class MyClientFormLogin {


    public static void main(String[] args) throws Exception {



      // Create and initialize HTTP parameters

        HttpParams params = new BasicHttpParams();

        ConnManagerParams.setMaxTotalConnections(params, 100);

        HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);

        HttpProtocolParams.setUseExpectContinue(params, false);

        ConnManagerParams.setTimeout(params, 10000);//in millisecs


        //set the cookie policy

        HttpClientParams.setCookiePolicy(params, CookiePolicy.RFC_2109);


        //redirect true

        HttpClientParams.setRedirecting(params, true);


        // Create and initialize scheme registry 

        SchemeRegistry schemeRegistry = new SchemeRegistry();

        schemeRegistry.register(new Scheme("http",
PlainSocketFactory.getSocketFactory(), 80));

        schemeRegistry.register(new Scheme("https", new
SecureProtocolProxySocketFactory(), 443));


     // Create an HttpClient with the ThreadSafeClientConnManager.

        ClientConnectionManager cm = new
ThreadSafeClientConnManager(params, schemeRegistry);

        DefaultHttpClient httpclient = new DefaultHttpClient(cm,

            //setting RedirectHandler and DefaultHeaders

        httpclient.setRedirectHandler(new DefaultRedirectHandler());

        httpclient.addRequestInterceptor(new RequestDefaultHeaders());


            //Create the target HttpHost

        HttpHost target = new HttpHost("10.XXX.XXX.96", 443, "https");


//fetch the Login page

        HttpGet httpget = new HttpGet("/login.html");

        HttpResponse response = httpclient.execute(target, httpget);

        HttpEntity entity = response.getEntity();


        System.out.println("Login form get: " +

        if (entity != null) {



        System.out.println("Initial set of cookies:");


        List<Cookie> cookies = httpclient.getCookieStore().getCookies();

        if (cookies.isEmpty()) {


        } else {

            for (int i = 0; i < cookies.size(); i++) {

                System.out.println("- " + cookies.get(i).toString());




        HttpPost httpost = new HttpPost("/login.html");

        //Set the headers similar to what a Mozilla browser does

        httpost.addHeader("Cookie", cookies.get(0).getName() + "=" +

        httpost.setHeader("User-Agent", "Mozilla/5.0 (Windows; U;
Windows NT 5.1; en-US; rv: Gecko/2009021910 Firefox/3.0.7");



        httpost.setHeader("Connection", "keep-alive");

        httpost.setHeader("Accept-Encoding", "gzip,deflate");

        httpost.setHeader("Keep-Alive", "300");



        List <NameValuePair> nvps = new ArrayList <NameValuePair>();

        nvps.add(new BasicNameValuePair("userid", "admin"));

        nvps.add(new BasicNameValuePair("password", "password"));

        nvps.add(new BasicNameValuePair("login", "Log In"));


        httpost.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));


        response = httpclient.execute(target, httpost);

        entity = response.getEntity();


        System.out.println("Login form Post: " +


     // See if we got any cookies

        cookies = httpclient.getCookieStore().getCookies();


        System.out.println("Post logon cookies:");


        if (cookies.isEmpty()) {


        } else {

            for (int i = 0; i < cookies.size(); i++) {

                System.out.println("- " + cookies.get(i).toString());




        CookieSpec cookiespec = new RFC2109Spec();

        CookieOrigin cookieOrigin = new CookieOrigin("10.XXX.XXX.96",
443, "/", true);

        //match the cookies

        for (int i = 0; i < cookies.size(); i++) {

            Cookie cookie = cookies.get(i);

            if (cookiespec.match(cookie, cookieOrigin)) {

                  System.out.println("Cookie Matched - " +




       // Usually a successful form-based login results in a redirect to
another url

        int statuscode = response.getStatusLine().getStatusCode();

        if ((statuscode == HttpStatus.SC_MOVED_TEMPORARILY) ||

            (statuscode == HttpStatus.SC_MOVED_PERMANENTLY) ||

            (statuscode == HttpStatus.SC_SEE_OTHER) ||

            (statuscode == HttpStatus.SC_TEMPORARY_REDIRECT)) {


            Header header = response.getFirstHeader("Location");

            if (header != null) {

                String redirectURI = header.getValue();

                if ((redirectURI != null) && (!redirectURI.equals("")))

                  System.out.println("Redirect target: " + redirectURI);



            } else {

                System.out.println("Invalid redirect");





  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message