Skip to Main Content
Forums

Java APIs

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Authentication using apache.commons.httpclient

843790Feb 27 2009 — edited Feb 28 2009
Hi,
I'm trying to access to https site using [apache.commons.httpclient|http://hc.apache.org/httpclient] . This site offers different content for logged and unlogged user. The problem is that even though I set parameters for logged user (username and password), I'm still getting content for unlogged user. Here is what I have:

EasySSLProtocolSocketFactory (basically copy&paste from tutorial at [http://hc.apache.org/httpclient-3.x/sslguide.html] ) 
private static final Log LOG = LogFactory.getLog(EasySSLProtocolSocketFactory.class);
    private SSLContext sslcontext = null;
    public EasySSLProtocolSocketFactory() {
        super();
    }
    private static SSLContext createEasySSLContext() {
        try {
            SSLContext context = SSLContext.getInstance("SSL");
            context.init(null, new TrustManager[] {new MyTrustManager(null)}, null);
            return context;
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
            throw new HttpClientError(e.toString());
        }
    }
    private SSLContext getSSLContext() {
        if (this.sslcontext == null) {
            this.sslcontext = createEasySSLContext();
        }
        return this.sslcontext;
    }

    public Socket createSocket(String host, int port,InetAddress clientHost,int clientPort) throws IOException, UnknownHostException {
        return getSSLContext().getSocketFactory().createSocket(host,port,clientHost,clientPort);
    }

    public Socket createSocket( final String host,final int port,final InetAddress localAddress,final int localPort, final HttpConnectionParams params ) throws IOException, UnknownHostException, ConnectTimeoutException {
        if (params == null) {
            throw new IllegalArgumentException("Parameters may not be null");
        }
        int timeout = params.getConnectionTimeout();
        SocketFactory socketfactory = getSSLContext().getSocketFactory();
        if (timeout == 0) {
            return socketfactory.createSocket(host, port, localAddress, localPort);
        } else {
            Socket socket = socketfactory.createSocket();
            SocketAddress localaddr = new InetSocketAddress(localAddress, localPort);
            SocketAddress remoteaddr = new InetSocketAddress(host, port);
            socket.bind(localaddr);
            socket.connect(remoteaddr, timeout);
            return socket;
        }
    }

    public Socket createSocket(String host, int port)throws IOException, UnknownHostException {
        return getSSLContext().getSocketFactory().createSocket(host,port);
    }

    public Socket createSocket(Socket socket,String host, int port, boolean autoClose) throws IOException, UnknownHostException {
        return getSSLContext().getSocketFactory().createSocket(socket,host,port,autoClose);
    }

    public boolean equals(Object obj) {
        return ((obj != null) && obj.getClass().equals(EasySSLProtocolSocketFactory.class));
    }

    public int hashCode() {
        return EasySSLProtocolSocketFactory.class.hashCode();
    }

}
MyTrustManager (must be this naive because the certificate is self-signed
public class MyTrustManager implements X509TrustManager{

        private X509TrustManager standardTrustManager = null;

        public MyTrustManager(KeyStore key) throws NoSuchAlgorithmException, KeyStoreException {
            super();
        }

        public void checkClientTrusted(X509Certificate[] certificates, String type) throws CertificateException {}

        public void checkServerTrusted(X509Certificate[] certificates, String type) throws CertificateException {}

        public X509Certificate[] getAcceptedIssuers() {return null;}

}
And finally 
     try {
            String loginname = "loginname";
            String password = "password";
            Protocol easyhttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
            URI uri = new URI("https://....", true);           

            HttpClient client = new HttpClient();
            HostConfiguration hc = client.getHostConfiguration();//new HostConfiguration();
             hc.setHost(uri.getHost(), uri.getPort(), easyhttps);
             GetMethod httpget = new GetMethod(uri.getPathQuery());

            client.getState().setCredentials(new AuthScope(hc.getHost(),hc.getPort()),new UsernamePasswordCredentials(loginname, password));
             httpget.setDoAuthentication( true );
             client.executeMethod(hc,httpget);
           BufferedReader br = new BufferedReader(new InputStreamReader(httpget.getResponseBodyAsStream(), "UTF-8"));
 ....
 ....

        } catch (Exception ex) {
            Logger.getLogger(SecureHttp.class.getName()).log(Level.SEVERE, null, ex);
        }
Does anyone knows, how to make it working correctly, how to get page content for logged user ?
Thank you
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Mar 28 2009
Added on Feb 27 2009
#networking
1 comment
295 views