hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brijesh Deo" <b...@SonicWALL.com>
Subject RE: Not getting the Redirect Status Code and the Location header after a Form based Successful Login with HC 4.0
Date Wed, 25 Mar 2009 14:01:32 GMT
Great. Thanks a lot for your help :)

Thanks,
Brijesh


-----Original Message-----
From: Sam Berlin [mailto:sberlin@gmail.com] 
Sent: Wednesday, March 25, 2009 7:29 PM
To: HttpClient User Discussion
Subject: Re: Not getting the Redirect Status Code and the Location header after a Form based
Successful Login with HC 4.0

Yes.  In your code you are setting a DefaultRedirectHandler on
HttpClient.  Just change that to a custom instance of RedirectHandler
that always returns false for isRedirectRequested.

Sam

On Wed, Mar 25, 2009 at 9:55 AM, Brijesh Deo <bdeo@sonicwall.com> wrote:
> Ok. Thanks, I have just realized this after printing the response entity and I can see
that it's actually fetching the page which I would have had to explicitly GET after reading
the redirected URL from the Location header in the Post Login method while using the Older
Api. So that saves me an additional handling but I have to go and change my application code
everywhere which has been written with the older Api and does an explicit redirect handling.
> Instead, can I stop the automatic redirecting with the HC 4.0 and start getting those
302 status code in the responses to keep it consistent with my application code? In that case,
with the Location header be present in the HttpResponse?
>
> Thanks,
> Brijesh
>
>
> -----Original Message-----
> From: Sam Berlin [mailto:sberlin@gmail.com]
> Sent: Wednesday, March 25, 2009 7:06 PM
> To: HttpClient User Discussion
> Subject: Re: Not getting the Redirect Status Code and the Location header after a Form
based Successful Login with HC 4.0
>
> I don't believe anything is wrong here, Brijesh. HttpClient 4 is
> automatically doing the redirects for you.  A 200 status code and a
> successful login is the ultimate goal, right?  Is there something else
> you need from the intermediary redirect request/response?  If so, you
> can use setRedirectHandler on AbstractHttpClient and set a custom
> RedirectHandler that stops automatically redirecting.  The
> DefaultRedirectHandler that you're using (which is there by default)
> will tell HttpClient to behind-the-scenes automatically do the
> redirect.
>
> Sam
>
> On Wed, Mar 25, 2009 at 9:02 AM, Brijesh Deo <bdeo@sonicwall.com> wrote:
>> Hi,
>>
>>
>>
>> We have a server where there is Redirect to another page after a
>> successful Form based login and that happens fine while using the older
>> api (HttpClient 3.1). With the new API (4.0) however I don't get a
>> Redirect status code (302) and also the Location header is not present
>> in the HttpResponse. Instead I get a Http Status Code as 200 in the
>> Response to HttpPost to the Login Form. But if I use the Older Api, I
>> get the 302 status and also the Location header with the Redirect URL
>> value. So there is nothing wrong on the server side.
>>
>>
>>
>> The Code I am using with HttpClient 3.1 is a modified form of the Sample
>> code FomLoginDemo.java and it works fine for me.
>>
>>
>>
>> And the Code I am using with HttpClient 4.0 is the modified form of the
>> Sample code ClientFormLogin.java. And after a successful login it
>> returns a status code 200 instead of 302. And there is no Location
>> header in the response. The entire code is given below.
>>
>>
>>
>> I have the following questions:
>>
>> 1) What am I missing to do?
>>
>> 2) Do I need to set a RedirectHandler and a RequestInterceptor as I have
>> done below?
>>
>> 3) Why do I get a response status as 200 after a login instead of a 302
>> (redirect)? I also get the Post Login cookie indicating that the Login
>> was successful.
>>
>> 4) Please point to anything extra/wrong that I am doing in my code
>> below. I have tried to set the request headers in the same way as
>> Mozilla Firefox does it; still does not work.
>>
>> 5) I have implemented SecureProtocolProxySocketFactory (implements
>> org.apache.http.conn.scheme.SocketFactory, LayeredSocketFactory) for
>> dealing with Self Signed Certs and its working fine.
>>
>>
>>
>> Please help.
>>
>>
>>
>> Thanks,
>>
>> Brijesh
>>
>>
>>
>>
>>
>>
>>
>> public class MyClientFormLogin {
>>
>>
>>
>>    public static void main(String[] args) throws Exception {
>>
>>
>>
>>
>>
>>      // Create and initialize HTTP parameters
>>
>>        HttpParams params = new BasicHttpParams();
>>
>>        ConnManagerParams.setMaxTotalConnections(params, 100);
>>
>>        HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
>>
>>        HttpProtocolParams.setUseExpectContinue(params, false);
>>
>>        ConnManagerParams.setTimeout(params, 10000);//in millisecs
>>
>>
>>
>>        //set the cookie policy
>>
>>        HttpClientParams.setCookiePolicy(params, CookiePolicy.RFC_2109);
>>
>>
>>
>>        //redirect true
>>
>>        HttpClientParams.setRedirecting(params, true);
>>
>>
>>
>>        // Create and initialize scheme registry
>>
>>        SchemeRegistry schemeRegistry = new SchemeRegistry();
>>
>>        schemeRegistry.register(new Scheme("http",
>> PlainSocketFactory.getSocketFactory(), 80));
>>
>>        schemeRegistry.register(new Scheme("https", new
>> SecureProtocolProxySocketFactory(), 443));
>>
>>
>>
>>     // Create an HttpClient with the ThreadSafeClientConnManager.
>>
>>        ClientConnectionManager cm = new
>> ThreadSafeClientConnManager(params, schemeRegistry);
>>
>>        DefaultHttpClient httpclient = new DefaultHttpClient(cm,
>> params);
>>
>>            //setting RedirectHandler and DefaultHeaders
>>
>>        httpclient.setRedirectHandler(new DefaultRedirectHandler());
>>
>>        httpclient.addRequestInterceptor(new RequestDefaultHeaders());
>>
>>
>>
>>            //Create the target HttpHost
>>
>>        HttpHost target = new HttpHost("10.XXX.XXX.96", 443, "https");
>>
>>
>>
>> //fetch the Login page
>>
>>        HttpGet httpget = new HttpGet("/login.html");
>>
>>        HttpResponse response = httpclient.execute(target, httpget);
>>
>>        HttpEntity entity = response.getEntity();
>>
>>
>>
>>        System.out.println("Login form get: " +
>> response.getStatusLine());
>>
>>        if (entity != null) {
>>
>>            entity.consumeContent();
>>
>>        }
>>
>>        System.out.println("Initial set of cookies:");
>>
>>
>>
>>        List<Cookie> cookies = httpclient.getCookieStore().getCookies();
>>
>>        if (cookies.isEmpty()) {
>>
>>            System.out.println("None");
>>
>>        } else {
>>
>>            for (int i = 0; i < cookies.size(); i++) {
>>
>>                System.out.println("- " + cookies.get(i).toString());
>>
>>            }
>>
>>        }
>>
>>
>>
>>        HttpPost httpost = new HttpPost("/login.html");
>>
>>        //Set the headers similar to what a Mozilla browser does
>>
>>        httpost.addHeader("Cookie", cookies.get(0).getName() + "=" +
>> cookies.get(0).getValue());
>>
>>        httpost.setHeader("User-Agent", "Mozilla/5.0 (Windows; U;
>> Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7");
>>
>>        httpost.setHeader("Accept",
>> "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
>>
>>        httpost.setHeader("Accept-Charset",
>> "ISO-8859-1,utf-8;q=0.7,*;q=0.7");
>>
>>        httpost.setHeader("Connection", "keep-alive");
>>
>>        httpost.setHeader("Accept-Encoding", "gzip,deflate");
>>
>>        httpost.setHeader("Keep-Alive", "300");
>>
>>
>>
>>
>>
>>        List <NameValuePair> nvps = new ArrayList <NameValuePair>();
>>
>>        nvps.add(new BasicNameValuePair("userid", "admin"));
>>
>>        nvps.add(new BasicNameValuePair("password", "password"));
>>
>>        nvps.add(new BasicNameValuePair("login", "Log In"));
>>
>>
>>
>>        httpost.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));
>>
>>
>>
>>        response = httpclient.execute(target, httpost);
>>
>>        entity = response.getEntity();
>>
>>
>>
>>        System.out.println("Login form Post: " +
>> response.getStatusLine());
>>
>>
>>
>>     // See if we got any cookies
>>
>>        cookies = httpclient.getCookieStore().getCookies();
>>
>>
>>
>>        System.out.println("Post logon cookies:");
>>
>>
>>
>>        if (cookies.isEmpty()) {
>>
>>            System.out.println("None");
>>
>>        } else {
>>
>>            for (int i = 0; i < cookies.size(); i++) {
>>
>>                System.out.println("- " + cookies.get(i).toString());
>>
>>            }
>>
>>        }
>>
>>
>>
>>        CookieSpec cookiespec = new RFC2109Spec();
>>
>>        CookieOrigin cookieOrigin = new CookieOrigin("10.XXX.XXX.96",
>> 443, "/", true);
>>
>>        //match the cookies
>>
>>        for (int i = 0; i < cookies.size(); i++) {
>>
>>            Cookie cookie = cookies.get(i);
>>
>>            if (cookiespec.match(cookie, cookieOrigin)) {
>>
>>                  System.out.println("Cookie Matched - " +
>> cookie.toString());
>>
>>            }
>>
>>        }
>>
>>
>>
>>       // Usually a successful form-based login results in a redirect to
>> another url
>>
>>        int statuscode = response.getStatusLine().getStatusCode();
>>
>>        if ((statuscode == HttpStatus.SC_MOVED_TEMPORARILY) ||
>>
>>            (statuscode == HttpStatus.SC_MOVED_PERMANENTLY) ||
>>
>>            (statuscode == HttpStatus.SC_SEE_OTHER) ||
>>
>>            (statuscode == HttpStatus.SC_TEMPORARY_REDIRECT)) {
>>
>>
>>
>>            Header header = response.getFirstHeader("Location");
>>
>>            if (header != null) {
>>
>>                String redirectURI = header.getValue();
>>
>>                if ((redirectURI != null) && (!redirectURI.equals("")))
>> {
>>
>>                  System.out.println("Redirect target: " + redirectURI);
>>
>>                }
>>
>>
>>
>>            } else {
>>
>>                System.out.println("Invalid redirect");
>>
>>            }
>>
>>        }
>>
>>    }
>>
>> }
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message