I am using HttpURLConnection from android application for connecting rest services via POST method.
it is reaching to my server and after login server is setting some cookie to the response.
but when i am sending further requests then cookie is not going along with those requests.
please tell me the way to do it.
Thanks in advance
You should get the cookies from the login request and then send them as a request parameter in all the subsequent requests. You can set it like this:
conn.setRequestProperty("Cookie", YOUR_COOKIES_FROM_LOGIN_REQUEST);
You can find a demo here.
Related
I am designing a third party application that requires a POST request to be sent to a php file on a website and hopefully I should get a response. The site requires me to be logged in in order to make this request normally through the site by pressing a button on it. If I do
Url obj = new URL("http://www.dota2lounge.com/ajax/bumpTrade.php";
HttpUrlConnection con = (HttpUrlConnection) obj.openConnection();
con.setRequestProperty("User-Agent", "Chrome/36.0.1916.144");
And then continue to carry out the POST request, will the site recognize that I am sending this from my Chrome browser in which I am already logged in? Thanks
will the site recognize that I am sending this from my Chrome browser in which I am already logged in?
No, it will not. Imagine how easy it would be to spoof the authentication system of a web application if it worked that way.
Logins typically work by sending Cookies or other headers. You need to send those to authenticate your request. For this to work as if you were logged in with your Chrome application, you'll need to find the corresponding cookies that Chrome stored and send those.
You can find from the link i shared how you can make the authentication.
https://stackoverflow.com/a/3283496/1257445
After you have made an authentication you can make a post request using the session
Cookie
am new to android and cookie concept, plz guys help me how insert a some value device number,device version and phone model name in cookies and tat cookie send into an url.i saw lot of examples but i dont know exact part.. am in still in confusion.plz guys solve my problem.phone model,device name,os version into cookie,send cookie into an url.
Cookies are not send in the url, they are sent in the HTTP header.
What library are you using ? It should have a method for sending cookies in the request.
Probably what you really need is to make cookie visible to server so it will look like normal HTTP request from browser. Is that right?
Then you don't need to insert cookie in URL.
Cookie is a special content that is sent with request headers. It is normally not exposed to user.
So what you probably need is some Java library that will handle the HTTP protocol for you. Just google some, there are plenty of them for both Java EE and for Android. They will much simplify how you can deal with HTTP requests.
Also I am not really familiar with Android development but I reckon that framework itself should have ability to manage HTTP requests with no problem. Maybe some documentation lookup will help?
My question is similiar to How should I be implementing the HTTP POST Protocol Binding for SAML WebSSO Profile?, but I don't see exact answer that I needed. This is my case. I already implemented Service Provider for WEB SSO SP-initiated POST redirecting and my IDP is active directory and STS is ADFS2.0. After user log on, I need to send another AuthnRequest to ADFS2.0 without user agent interaction. Is it possible with HTTP POST? Or to send over HTTP POST, user agent interaction must needed. I set isPassive=true. I try to implement using Java.
Ok you could build an authentication request and send it to ADFS2 using any HTTP client (i.e. http://www.innovation.ch/java/HTTPClient/ works for me). But ADFS2 will always reponse you with the Login Form. The problem is that in the request you were missing the cookies that ADFS2 is using for tracking your session (SamlSession cookie).
Hope it helps,
Luis
ps: why do you need to send another authn request?
I need to send a request from a servlet to an application running in other environment (IIS) with certain information in custom headers.
I know redirecting doesn't send the headers and getServletContext().getRequestDispatcher(url) is to be used in the servlet's context only. Has anybody made this work in some other way? I was thinking in using HttpURLConnection, but would it finally redirect the browser to the targeted app ?
Thanks in advance
You can't redirect from your servlet to the external server and keep the headers, and you can't forward the incoming request to other context.
What you could do, is to use the HttpURLConnection (or other http client library such as HTTPClient) to make the request (with the custom headers you need) to the remote server and, once the operation is complete, redirect the user to the external site (customm headers are not set in this redirection).
This is a little tricky, if you elaborate your question (what do you really need to do) we can probably think about other alternatives.
AJAX? You can send some JavaScript code to the browser which sends a request to the ISS and handle (shows) its answer. It's possible to set http headers with XMLHttpRequest but it needs client side JavaScript coding and you have to find a way to send cross domain requests.
I'm simulating an HTTPS process with Google App Engine's URL fetch API. The process has 2 steps: first, a GET request will return an URL with URL-encoded session information and a cookie; and second, a POST with some payload to the returned URL.
I have used Firebug to capture the headers of the 2 requests, e.g User-agent, Keep-alive, Connection, Cookie. I used these same headers in my code (the cookie value is updated according to the response). Testing on my computer is successful but the code always fails at the POST step on Google's server. On my development box, the remote .NET app website replies to the POST request with a 200-OK with the information that I want, but on Google side, the remote .NET app website also give a 200-OK response but with a "Session timeout" message (which I don't want). So what have I missed?
Are you connectiong to the GAE applictation through appspot.com domain or a custom domain? SSL is supported only on appspot.com, so maybe this the reason?