simulating a login

R

Roedy Green

When you access a protected directory on an HTTP server, you are asked
for a username and password in your browser.

Where is that protocol documented so that you could simulate it in a
Java client?

What logs you out?
 
M

Marko Lahma

Where is that protocol documented so that you could simulate it in a
Java client?

What logs you out?
Click to expand...

I now assume that you mean the HTTP BASIC type of authentication. This
document has quite nice and short explanation (and refers to RCF):
http://builder.com.com/5100-6370-1049444.html . I'm not sure whether
user can affect the logout sequence, it might just be timeout.

-Marko
 
C

Christophe Vanfleteren

Roedy said:
When you access a protected directory on an HTTP server, you are asked
for a username and password in your browser.

Where is that protocol documented so that you could simulate it in a
Java client?

What logs you out?
Click to expand...

When using BASIC authentication, your browser sends the base64 encoded
password/username with every request. So the only way to log out, is to
stop sending it with the http-headers.
 
R

Roedy Green

I now assume that you mean the HTTP BASIC type of authentication. This
document has quite nice and short explanation (and refers to RCF):
http://builder.com.com/5100-6370-1049444.html . I'm not sure whether
user can affect the logout sequence, it might just be timeout.
Click to expand...

Wow, is that ever simple!!

I'd guess you can even embed the userid/pw in the URL and send it on
every time.
 
R

Roedy Green

I now assume that you mean the HTTP BASIC type of authentication. This
document has quite nice and short explanation (and refers to RCF):
http://builder.com.com/5100-6370-1049444.html . I'm not sure whether
user can affect the logout sequence, it might just be timeout.
Click to expand...


I think this is all you need for a basic login:

String stringUserIdPassword = userid + "," + password;

byte[] byteUserIdPassword = stringUserIdPassword.getBytes( "ASCII" );

String base64UserIdPassword = new com.mindprod.base64.Base64().encode
( byteUserIdPassword );

urlc.setRequestProperty( "Authorization:" , " Basic " +
base64UserIdPassword );

urlc.connect();
 
R

Roedy Green

I think this is all you need for a basic login:
Click to expand...


I was wrong. This does work however:

String stringUserIdPassword = userid + ":" + password;

byte[] byteUserIdPassword = stringUserIdPassword.getBytes( "ASCII" );

String base64UserIdPassword = new Base64().encode ( byteUserIdPassword
);

urlc.setRequestProperty( "Authorization" , "Basic " +
base64UserIdPassword );

urlc.connect();



The userid and password are separated by a colon, not a comma.
There is no colon after Authorization. setRequest property inserts it
for you. There is no space before "Basic". setRequest property
inserts it for you.
 
R

Roedy Green

Where is that protocol documented so that you could simulate it in a
Java client?
Click to expand...

I have discovered a method called

PasswordAuthentication
java.net.Authenticator.requestPasswordAuthentication(
InetAddress addr,
int port,
String protocol,
String prompt,
String scheme)

That looks as if it automatically handles inserting authentication in
subsequent GET requests. What would you put in the "scheme"
parameter?
 
S

Sajjad Lateef

I have discovered a method called

PasswordAuthentication
java.net.Authenticator.requestPasswordAuthentication(
InetAddress addr,
int port,
String protocol,
String prompt,
String scheme)

That looks as if it automatically handles inserting authentication in
subsequent GET requests. What would you put in the "scheme"
parameter?
Click to expand...

I guess scheme would be "http" (But, not 100% sure.)

See:
http://www.ietf.org/rfc/rfc1738.txt
and
http://www.ietf.org/rfc/rfc2396.txt
 
R

Roedy Green

I guess scheme would be "http" (But, not 100% sure.)
Click to expand...

there must be some subtle difference between scheme and protocol or
they would not have had two parameters.
 
S

Sajjad Lateef

there must be some subtle difference between scheme and protocol or
they would not have had two parameters.
Click to expand...

You know, I was thinking the same thing. Hence, the dodgy answer. :)

Let's see ...
How would a "ftp://wuarchive.wustl.edu/pub" URL be deconstructed?
Obviously, per the RFC, the scheme would be "ftp". But, is
the protocol still "HTTP"?

If only the src had the author's email address! You could just
email him the question. You could try using (e-mail address removed)
(substitute appropriately).
 
H

Harald Hein

Sajjad Lateef said:
You know, I was thinking the same thing. Hence, the dodgy answer. :)
Click to expand...

The parameter is for the AUTHENTICATION scheme (basic), not the URI
scheme.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

DJForm Login Help! 1
Login form no longer working 2
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
How to login using PDO 3
React native post-request is not working 1
Simulating a bidirectional bus delay 4
Chatbox for website 0
How to Create a random password generator in a separate window 4

Members online

No members online now.
Total: 161 (members: 0, guests: 161)
Robots: 317

Forum statistics

Threads
474,432
Messages
2,571,680
Members
48,796
Latest member
Greg L.

Latest Threads

Top