Mega Code Archive

 

Categories / Java Book / 006 Networking

 

0373 Authentication

To challenge a client, the originating server issues a "401 Unauthorized" message. This message includes a WWW-Authenticate HTTP header that identifies an authentication scheme via a case-insensitive token. The client replies with an Authorization header that provides the credentials. Basic Authentication and the Authenticator Class HTTP 1.0 introduced the basic authentication scheme by which a client identifies itself via a username and a password. import java.io.IOException; import java.net.HttpURLConnection; import java.net.URL; import java.net.URLConnection; import java.util.List; import java.util.Map; public class Main { public static void main(String[] args) throws IOException { String s = "http://test.webdav.org/auth-basic/"; URL url = new URL(s); URLConnection urlc = url.openConnection(); Map<String, List<String>> hf = urlc.getHeaderFields(); for (String key : hf.keySet()) System.out.println(key + ": " + urlc.getHeaderField(key)); System.out.println(((HttpURLConnection) urlc).getResponseCode()); } } Output: null: HTTP/1.1 401 Authorization Required WWW-Authenticate: Basic realm="basic auth area" Date: Tue, 14 Aug 2012 17:44:22 GMT Content-Length: 401 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Server: Apache/2.0.54 (Debian GNU/Linux) DAV/2 SVN/1.3.2 401 In order to pass this username and password back to the HTTP server, the application must work with the java.net.Authenticator class. The following code performs basic authentication import java.io.IOException; import java.net.Authenticator; import java.net.HttpURLConnection; import java.net.PasswordAuthentication; import java.net.URL; import java.net.URLConnection; import java.util.List; import java.util.Map; public class Main { public static void main(String[] args) throws IOException { Authenticator.setDefault(new BasicAuthenticator()); URL url = new URL("http://test.webdav.org/auth-basic/"); URLConnection urlc = url.openConnection(); Map<String, List<String>> hf = urlc.getHeaderFields(); for (String key : hf.keySet()){ System.out.println(key + ": " + urlc.getHeaderField(key)); } System.out.println(((HttpURLConnection) urlc).getResponseCode()); } } class BasicAuthenticator extends Authenticator { final static String USERNAME = "user1"; final static String PASSWORD = "user1"; @Override public PasswordAuthentication getPasswordAuthentication() { System.out.println("Password requested " + getRequestingHost() + " for scheme " + getRequestingScheme()); return new PasswordAuthentication(USERNAME, PASSWORD.toCharArray()); } } Output: Password requested test.webdav.org for scheme basic null: HTTP/1.1 404 Not Found Date: Tue, 14 Aug 2012 17:45:55 GMT Content-Length: 209 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Server: Apache/2.0.54 (Debian GNU/Linux) DAV/2 SVN/1.3.2 404