I want to create a small java application to copy some wiki content from one server to another. The API is based on the XML-RPC.
Basically I have three methods, login, getPage and putPage. I use Apache HttpClient 3.x and managed to use login to login successfully and getPage to get a page from the old wiki correctly.
Authentication is handled with cookies: I log into the new wiki and some cookies are set on the corresponding httpclient. The doku tells me that one of those cookies is used for authentification.
Then I execute putPage with another POST method on the same httpclient and the server responds with a authentication failure message.
The code sequence goes like this (very reduced):
HttpClient client = new HttpClient();
PostMethod postLogin = createNewPostMethod("login", "user", "pw");
client.executeMethod(postLogin);
// Now I'm logged in and the client definitly has stored the cookies
PostMethod postPutPage = createNewPostMethod("putPage", getPage());
client.executeMethod(postPutPage); // the server won't let me put the page
Should it work like that or do I have to add the cookies manually to the second post method and, if yes, how?
Edit / Solution
With the help of the answers to this question I was able to identify and solve the problem, which was outside of the usage of httpclient. At the end it was a configuration issue on the target wiki side. The answers here helped me to ask the right questions in another forum.
Cookies are handled by HTTPClient by default. You shouldn't have to do anything to have cookies work properly.
Source:
http://www.innovation.ch/java/HTTPClient/getting_started.html#cookies
Edit for Apache HTTP Client:
Apache HTTP Client behaves the same :-)
Here is the source:
http://hc.apache.org/httpclient-3.x/cookies.html
You can set manually cookies with HTTP Client but it will handle correctly cookies created during your connection.
HttpClient supports automatic management of cookies, including allowing the server to set cookies and automatically return them to the server when required. It is also possible to manually set cookies to be sent to the server.
Resources :
Apache HttpClient - cookies
I have historically used this when I wanted to accept cookies with HttpClient
postPutPage.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY);
Related
I am planning to do automated testing of post requests with various parameters on a link. The problem that I face is the link has a sso authentication. When I do a normal post in vbscript or java it directs me to the sso page.
Any idea how it can be done?
since you are working with http-post, I assume that SSO is performed by using Cookies.
In that case, everything you have to do is add those Cookies to your request.
This is done by adding a Header with name 'Cookie' to your request.
This headers value may be of the format 'CookieName=CookieValue'.
In case you have multiple Cookies, you can either add multiple Cookie Headers, or separate them by using a ';'.
In case you fetch those Cookies with a previous request, you can get a hold of the Cookies by evaluating the 'Set-Cookie' Header.
Additional Informations about basic Cookie Handling may be found here
In case you use Apaches HTTP-Components, you can also use its integrated Cookie Store to automatically add Cookies to new Requests.
A good example as how to basically use Apaches HTTP-Client can be found here
The part of how to use Cookies can be found in section 3
I am designing a third party application that requires a POST request to be sent to a php file on a website and hopefully I should get a response. The site requires me to be logged in in order to make this request normally through the site by pressing a button on it. If I do
Url obj = new URL("http://www.dota2lounge.com/ajax/bumpTrade.php";
HttpUrlConnection con = (HttpUrlConnection) obj.openConnection();
con.setRequestProperty("User-Agent", "Chrome/36.0.1916.144");
And then continue to carry out the POST request, will the site recognize that I am sending this from my Chrome browser in which I am already logged in? Thanks
will the site recognize that I am sending this from my Chrome browser in which I am already logged in?
No, it will not. Imagine how easy it would be to spoof the authentication system of a web application if it worked that way.
Logins typically work by sending Cookies or other headers. You need to send those to authenticate your request. For this to work as if you were logged in with your Chrome application, you'll need to find the corresponding cookies that Chrome stored and send those.
You can find from the link i shared how you can make the authentication.
https://stackoverflow.com/a/3283496/1257445
After you have made an authentication you can make a post request using the session
I'm using a URLConnection to login to a page. When I successfully login a session value will be set on the page. After that I want to access an other file on the site, but I can't maintain the session state of the site. Any ideas?
I suggest that you use Apache HttpClient / HttpComponents instead. It has facilities for maintaining a client-side cookie store.
Maintaining session state across URLConnection instances involves:
getting the set-cookie response headers
parsing them, figuring out what they apply to, and storing them
creating and adding cookie request headers for follow-on requests.
Prior to Java 1.6, there were no public Java APIs to do this for you and you had to do it all "by hand". Starting with Java 1.6, there is support in the form of CookieHandler / CookieManager / HttpCookie / CookieStore / CookiePolicy. Refer to the javadocs for details.
Related pages:
http://docs.oracle.com/javase/6/docs/technotes/guides/deployment/deployment-guide/cookie_support.html
http://docs.oracle.com/javase/tutorial/deployment/doingMoreWithRIA/accessingCookies.html
It sounds like the website you are trying to access handles sessions based on cookies. You may need to capture that cookie and add it to future requests. This question may help with that piece:
URLConnection with Cookies?
Read from the URLConnection to see if any cookies are set or a redirect is sent that contains a session id you can send back to the other site.
My question is similiar to How should I be implementing the HTTP POST Protocol Binding for SAML WebSSO Profile?, but I don't see exact answer that I needed. This is my case. I already implemented Service Provider for WEB SSO SP-initiated POST redirecting and my IDP is active directory and STS is ADFS2.0. After user log on, I need to send another AuthnRequest to ADFS2.0 without user agent interaction. Is it possible with HTTP POST? Or to send over HTTP POST, user agent interaction must needed. I set isPassive=true. I try to implement using Java.
Ok you could build an authentication request and send it to ADFS2 using any HTTP client (i.e. http://www.innovation.ch/java/HTTPClient/ works for me). But ADFS2 will always reponse you with the Login Form. The problem is that in the request you were missing the cookies that ADFS2 is using for tracking your session (SamlSession cookie).
Hope it helps,
Luis
ps: why do you need to send another authn request?
I am trying to login and retrieve status information from a HTTPS URL via Java programming. I login through /login.cgi, providing the username and password with a POST request to that script.
The script then verifies the credentials and creates a specific cookie (with session information, user name, etc.) and then immediately calls a Location response header to /home.cgi. Which, I'm guessing, the /home.cgi script verifies the cookie information before continuing to load. Otherwise, it just reverts back to the /login.cgi page.
All of this works fine within a browser because of the way browser's handle cookies/sessions correctly. However, within Java, this is very tricky because I can not get the appropriate cookie to send as a request to subsequent pages. I can not get the correct cookie because I am unable to get the HTTP response back (which holds the correct "Set-cookie" value) in between /login.cgi creating the specific cookie and it calling Location /home.cgi.
Is there something I'm missing or is there a better way that Java can handle cookies similar to a browser? (is there a cookie store, etc?)
Thanks for the help,
Steve
Cookie management is by default not enabled in the java.net HTTP API. If you don't need any specific handling or cross-application cookie persistence (the cookies will be deleted when your application terminates), you can simple enable it with
CookieHandler.setDefault(new CookieManager());
How are you making the HTTP connections and managing cookies?
I would recommend just using commons-httpclient rather than managing this yourself. It will automatically manage cookies for you.