hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kim young ill <khi...@googlemail.com>
Subject Re: How to set session ID in http client 4.3
Date Tue, 05 Nov 2013 22:02:40 GMT
not sure if i understand you correctly but what's the sessionid you mention
? do you want to authenticate yourself with server with your private
certificate (ssl/tls layer) or with username/password (http-layer) ? with
the first case you need to customize your keystore, for the 2nd case you
just need to open firebug or chrome-dev tool or sth similar to see what's
going on.




On Tue, Nov 5, 2013 at 6:44 PM, Horst Weigelt <horst_weigelt@gmx.de> wrote:

> Thank you Kim,
> yes I did not mention how I came up with the idea of a missing session ID.
>
> I traced the network communication with Wireshark and compared the
> successful browser trace with the Java trace.
>
> The first difference in the traces is that the client does not send a
> session ID in the Java case. In the browser case the session ID is sent by
> the client and responded by the server. I am not 100 % sure but the session
> ID might be required for the data encryption.
>
> The protocol is explained here
> http://en.wikipedia.org/wiki/Transport_Layer_Security#Basic_TLS_handshake
> where the random number is the session ID
>
> and here
> http://commons.wikimedia.org/wiki/File:SSL_handshake_with_
> two_way_authentication_with_certificates.svg
>
> kind regards
> Horst
>
>
> Am 04.11.2013 23:25, schrieb kim young ill:
>
>  200 is a http-response code, only means the request comes & handled by
>> server correcly, no error/exception, doesnt mean  the username/password is
>> correct.
>>
>> try to use the browser to see how the login-request looks like in both
>> cases or simply log the server-response.
>>
>> hth
>>
>>
>> On Sat, Nov 2, 2013 at 2:39 PM, Horst Weigelt <horst_weigelt@gmx.de>
>> wrote:
>>
>>  |I want to logon to a https URL using Apache HTTP Client 4.3
>>>
>>> The login fails. However I receive HTTP status 200 when posting the
>>> request.
>>>
>>> One issue for the login failure might be that there is no session ID send
>>> in the|
>>> |TLSv1 handshake protocol (Length: 0)
>>>
>>> That raises 2 questions:
>>> 1) Is a session ID required for the login. If yes how can I set the
>>> session ID.
>>> 2) Is there something else missing in the Java code below (except for the
>>> correct URL + login/password ;-) )
>>>
>>> This question is also posted (more or less identically) in
>>> http://stackoverflow.com/questions/19737218/session-id-
>>> missing-in-https-post-using-apache-httpclient-4-3
>>>
>>>
>>>
>>> HttpClientContext  context=  HttpClientContext.create();
>>>
>>>      /* to follow redirections */      RedirectStrategy
>>>  redirectStrategy=
>>>   new  LaxRedirectStrategy();
>>>
>>>      RequestConfig  globalConfig=  RequestConfig.custom()
>>>              .setCookieSpec(CookieSpecs.BEST_MATCH)
>>>              .build();
>>>      RequestConfig  localConfig=  RequestConfig.copy(globalConfig)
>>>              .setCookieSpec(CookieSpecs.BROWSER_COMPATIBILITY)
>>>              .build();
>>>
>>>      try  {
>>>
>>>          SSLContext  sslcontext=  SSLContexts.custom()
>>>                  .build();
>>>
>>>          SSLConnectionSocketFactory  sslsf=  new
>>>   SSLConnectionSocketFactory(sslcontext,
>>>                  SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_
>>> VERIFIER);
>>>
>>>          /* setup client for https and redirections */
>>>          httpclient=  HttpClients.custom()
>>>                  .setRedirectStrategy(redirectStrategy)
>>>                  .setSSLSocketFactory(sslsf)
>>>                  .build();
>>>
>>>
>>>          HttpPost  httpost=  new  HttpPost("https://myURL");
>>>          httpost.setConfig(localConfig);
>>>
>>>          /* set login and password */
>>>          httpost.setEntity(new  UrlEncodedFormEntity(login_and_passwd,
>>>   Consts.UTF_8));
>>>
>>>          CloseableHttpResponse  httpresponse=
>>>  httpclient.execute(httpost);
>>>
>>>          }
>>>      }  finally  {
>>>          httpclient.close();
>>>      }
>>>      return  httpclient;
>>>
>>>
>>> Thanks for any help
>>> Horst
>>>
>>>
>>> |
>>>
>>>
>>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message