When i try to login app with ssl
SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(null, new TrustSelfSignedStrategy())
.build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, new String[]{"TLSv1"},
null, SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
HttpPost httppost = new HttpPost("https://otherwebapp.my.com/login");
BasicCredentialsProvider provider = new BasicCredentialsProvider();
provider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("admin", "admin"));
CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).setDefaultCredentialsProvider(provider).build();
CloseableHttpResponse response = httpclient.execute(httppost);
I get 401 Unauthorized
When i login by POST in Chrome Advanced Rest Client view
everything works well.
I was looking differences through Wireshark monitor traffic
and not found difference between sending of my code and of chrome Advanced Rest Client view
If someone has ideas, plz help me
Related
Using SOAP UI, I am able to successfully invoke the REST GET call with basic authentication
GET https://app.test.com/testing/rest/authentication-point/authentication HTTP/1.1
Accept-Encoding: gzip,deflate
Authorization: Basic aPOjYVclOmIzABFhZjVpJES=
Host: app.test.com
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
I received response code as 200.
Similar request, When I tried to invoke via java client, it is giving 400 status code.
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("User", "Password"));
final HttpClientContext context = HttpClientContext.create();
context.setCredentialsProvider(credsProvider);
HttpClient client = HttpClientBuilder.create().build();
HttpResponse response = null;
response = client.execute(
new HttpGet("https://app.test.com/testing/rest/authentication-point/authentication"),
context);
int statusCode = response.getStatusLine().getStatusCode();
This code worked properly when the host was HTTP. Recently a VIP is added and made as HTTPS, after which it is not working. Please suggest a fix for this.
You need to use ssl with http client:
TrustStrategy acceptingTrustStrategy = (cert, authType) -> true;
SSLSocketFactory sf = new SSLSocketFactory(
acceptingTrustStrategy, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("https", 8443, sf));
ClientConnectionManager ccm = new PoolingClientConnectionManager(registry);
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("User", "Password"));
final HttpClientContext context = HttpClientContext.create();
context.setCredentialsProvider(credsProvider);
DefaultHttpClient httpClient = new DefaultHttpClient(ccm);
HttpGet getMethod = new HttpGet(new HttpGet("https://app.test.com/testing/rest/authentication-point/authentication"),context);
HttpResponse response = httpClient.execute(getMethod);
int statusCode = response.getStatusLine().getStatusCode();
After trying out so many options, below code worked for me.
HttpHost targetHost = new HttpHost("app.test.com", 443, "https");
AuthCache authCache = new BasicAuthCache();
authCache.put(targetHost, new BasicScheme());
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("User", "Password"));
final HttpClientContext context = HttpClientContext.create();
context.setCredentialsProvider(credsProvider);
context.setAuthCache(authCache);
HttpClient client = HttpClientBuilder.create().build();
HttpResponse response = null;
response = client.execute(
new HttpGet("https://app.test.com/testing/rest/authentication-point/authentication"),
context);
After defining a HTTP host with scheme as https, and setting them to context using AuthCache, the call went through successfully.
i want to do a HTTP POST request, which is secured by ssl.
the client is my java program, which is posting to a https-url (https:// ...). the certificate of the website is verified, i am using Apache HttpClient 4.5.1
with a normal post-request and a custom httpclient.
HttpContext context = HttpClientContext.create();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager();
cm.setDefaultMaxPerRoute(MAX_CONNECTIONS_PER_ROUTE);
cm.setMaxTotal(MAX_TOTAL_CONNECTIONS);
CloseableHttpClient client = HttpClients.custom()
.setConnectionManager(cm)
.build();
HttpContext context = HttpClientContext.create();
HttpPost login = new HttpPost("https://example.org"); // example url
login.addHeader("Content-Type", "application/json; charset=UTF-8");
login.addHeader("Accept", "application/json; charset=UTF-
login.setEntity(new StringEntity(loginData, ContentType.create("application/json", "UTF-8")));
JSONResponseHandler<JSONObject> rh = new JSONResponseHandler<>();
JSONObject test = client.execute(login, rh, context);
is this sufficend to get a ssl-secured connection or do i have to work with KeyStore, SSLContext and SSLConnectionFactory?
if i have to use those, how would i do this in an efficent way. i only saw examples how to allow self-signed certificates.
I have a http proxy ip 218.106.96.211 and it's possible to access a website through the proxy.
RequestConfig config = RequestConfig.custom().setProxy(new HttpHost("218.106.96.211", 80, "http")).build();
HttpGet request = new HttpGet("http://www.example.com/");
request.setConfig(config);
and it's possible to access a https website in java.
SSLContext sslcontext = SSLContexts.custom().loadTrustMaterial(new File("file.storage"), null, new TrustSelfSignedStrategy()).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext, new String[] { "TLSv1" }, null,SSLConnectionSocketFactory.getDefaultHostnameVerifier());
CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
HttpGet httpget = new HttpGet("https://www.def.com");
but if I access the https through the proxy, server responsed HTTP/1.1 400 Bad Request, so what's the right way to access https through http proxy in java?
I'm trying to access a RESTful web service through the Android Emulator on my PC, which uses a proxy to connect to the internet.
I have code working fine to access the web service on an actual Android device that has its own data connection with the following code:
DefaultHttpClient client = new DefaultHttpClient();
client.getParams().setParameter(ClientPNames.ALLOW_CIRCULAR_REDIRECTS, true);
HttpGet request = new HttpGet("http://mytesturl.com/services/serviceName");
UsernamePasswordCredentials creds =
new UsernamePasswordCredentials("username", "password");
request.addHeader(BasicScheme.authenticate(creds, "UTF-8", false));
HttpResponse response = client.execute(request);
I've tried a number of approaches to try to get the Emulator to allow connection through the proxy, but none have worked.
Note, I do have the INTERNET enabled in AndroidManifest.xml:
<uses-permission android:name="android.permission.INTERNET" />
Attempt 1 - Setting Properties:
This produces an UnknownHostException for the URL of my service at the execute() call
Properties props = System.getProperties();
props.put("http.proxyHost", "httpproxy.mycompany.com");
props.put("http.proxyPort", "80");
Attempt 2 - Setting the proxy in the DefaultHttpClient:
This produces an UnknownHostException for the actual proxy
DefaultHttpClient client = new DefaultHttpClient();
client.getParams().setParameter(ClientPNames.ALLOW_CIRCULAR_REDIRECTS, true);
HttpHost proxy = new HttpHost("httpproxy.mycompany.com", 80);
client.getCredentialsProvider().setCredentials(
new AuthScope("httpproxy.mycompany.com", 80),
new UsernamePasswordCredentials("username", "password"));
client.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxy);
HttpGet request = new HttpGet("http://mytesturl.com/services/serviceName");
UsernamePasswordCredentials cred =
new UsernamePasswordCredentials("username", "password");
request.addHeader(BasicScheme.authenticate(cred, "UTF-8", false));
HttpResponse response = client.execute(request);
Attempt 3 - Setting the proxy in the HttpGet
This produces an UnknownHostException for the URL in my HttpGet
DefaultHttpClient client = new DefaultHttpClient();
client.getParams().setParameter(ClientPNames.ALLOW_CIRCULAR_REDIRECTS, true);
HttpGet request = new HttpGet("http://mytesturl.com/services/serviceName");
UsernamePasswordCredentials cred =
new UsernamePasswordCredentials("username", "password");
request.addHeader(BasicScheme.authenticate(cred, "UTF-8", false));
Header bs = new BasicScheme().authenticate(
new UsernamePasswordCredentials("username", "password"),
request);
request.addHeader("Proxy-Authorization", bs.getValue());
HttpResponse response = client.execute(request);
I'm not sure what else to try. I'm open to any suggestions.
Having the same problem, I succeeded with a variation on attempt 3 (code below), the cruicial difference being the setProperty statements. Note that the web service I am calling does not require authentication so I'm only setting the proxy authorization header.
System.setProperty("java.net.useSystemProxies", "false");
System.setProperty("http.proxyHost", "123.56.7.9");
System.setProperty("http.proxyPort", "8080");
DefaultHttpClient client = new DefaultHttpClient();
client.getParams().setParameter(ClientPNames.ALLOW_CIRCULAR_REDIRECTS, true);
HttpGet request = new HttpGet("web service url");
Header bs = new BasicScheme().authenticate(
new UsernamePasswordCredentials("NETWORKID", "netpassword"),
request);
request.addHeader("Proxy-Authorization", bs.getValue());
HttpResponse response = client.execute(request);
did you use -http-proxy http://: emulator command line option or "Settings" -> "Wireless & Networks" -> "Mobile Networks" -> "Access Point Names" -> "Telkila" or Home > Menu > Settings > Wireless Controls > Mobile Networks > Access Point Names?
I am trying to develop a java http client with apache httpcomponents 4.0.1. This client calls the page "https://myHost/myPage". This page is protected on the server by a JNDIRealm with a login form authentication, so when I try to get https://myHost/myPage I get a login page. I tried to bypass it unsuccessfully with the following code :
//I set my proxy
HttpHost proxy = new HttpHost("myProxyHost", myProxyPort);
//I add supported schemes
SchemeRegistry supportedSchemes = new SchemeRegistry();
supportedSchemes.register(new Scheme("http", PlainSocketFactory
.getSocketFactory(), 80));
supportedSchemes.register(new Scheme("https", SSLSocketFactory
.getSocketFactory(), 443));
// prepare parameters
HttpParams params = new BasicHttpParams();
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(params, "UTF-8");
HttpProtocolParams.setUseExpectContinue(params, true);
ClientConnectionManager ccm = new ThreadSafeClientConnManager(params,
supportedSchemes);
DefaultHttpClient httpclient = new DefaultHttpClient(ccm, params);
httpclient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY,
proxy);
//I add my authentication information
httpclient.getCredentialsProvider().setCredentials(
new AuthScope("myHost/myPage", 443),
new UsernamePasswordCredentials("username", "password"));
HttpHost host = new HttpHost("myHost", 443, "https");
HttpGet req = new HttpGet("/myPage");
//show the page
ResponseHandler<String> responseHandler = new BasicResponseHandler();
String rsp = httpClient.execute(host, req, responseHandler);
System.out.println(rsp);
When I run this code, I always get the login page, not myPage. How can I apply my credential parameters to avoid this login form?
Any help would be fantastic
HttpClient doesn't support form login. What you are trying to do is Basic Auth, which does't work with form login.
You can simply trace the form post for login page and send the POST request from HttpClient.