Hi,
I would like to use the HttpClient API to fill in automaticaly an
authentication request of my Tomcat form authentication.
In a first step I send a GET request to get the JSESSIONID. A second
step I send username, password and the cookie calling the j_security to
passing through the authentication.
But I get only the login-error.jsp message back. I think this have to do
with my cookie. Can anybody help me?
Here is the code I am using:
================================================================== BEGIN
package de.vascoda.aar.shibboleth.idp;
import java.io.IOException;
import org.apache.commons.httpclient.Cookie;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpException;
import org.apache.commons.httpclient.HttpState;
import org.apache.commons.httpclient.NameValuePair;
import org.apache.commons.httpclient.cookie.CookiePolicy;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.PostMethod;
public class ClientAutoAuthentication {
public static void main(String[] args) throws HttpException,
IOException {
// Set target URL
String strURL =
"http://localhost:8080/shibboleth-idp-krz/SSO-guest";;
System.out.println("Target URL: " + strURL);
// Get initial state object
HttpState initialState = new HttpState();
// Initial set of cookies can be retrieved from persistent storage
// and re-created, using a persistence mechanism of choice,
//Cookie mycookie = new Cookie(".foobar.com", "mycookie", "stuff",
// "/", null, false);
// and then added to your HTTP state instance
//initialState.addCookie(mycookie);
// Get HTTP client instance
HttpClient httpclient = new HttpClient();
httpclient.getHttpConnectionManager().
getParams().setConnectionTimeout(30000);
httpclient.setState(initialState);
// RFC 2101 cookie management spec is used per default
// to parse, validate, format & match cookies
//httpclient.getParams().setCookiePolicy(CookiePolicy.RFC_2109);
// A different cookie management spec can be selected
// when desired
//httpclient.getParams().setCookiePolicy(CookiePolicy.NETSCAPE);
// Netscape Cookie Draft spec is provided for completeness
// You would hardly want to use this spec in real life situations
httpclient.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY);
// Compatibility policy is provided in order to mimic cookie
// management of popular web browsers that is in some areas
// not 100% standards compliant
// Get HTTP GET method
GetMethod httpget = new GetMethod(strURL);
// Execute HTTP GET
int result = httpclient.executeMethod(httpget);
// Display status code
System.out.println("Response status code: " + result);
// Get all the cookies
Cookie[] cookies = httpclient.getState().getCookies();
// Display the cookies
System.out.println("Present cookies: ");
for (int i = 0; i < cookies.length; i++) {
System.out.println(" - " + cookies[i].toExternalForm());
}
// Release current connection to the connection pool
// once you are done
httpget.releaseConnection();
//Cookie ist da und Jetzt wird eingeloggt
PostMethod postMethod = new
PostMethod(("http://localhost:8080/shibboleth-idp-krz/SSO-guest/j_security_check";));
//postMethod.getParams().setCookiePolicy(CookiePolicy.IGNORE_COOKIES);
NameValuePair[] postData = new NameValuePair[2];
postData[0] = new NameValuePair("j_username", "demo");
postData[1] = new NameValuePair("j_password", "demo");
//postMethod.addParameters(postData);
postMethod.setRequestBody(postData);
for(int i = 0; i < cookies.length; i++){
postMethod.setRequestHeader("Cookie:",
cookies[i].toExternalForm());
}
try {
httpclient.executeMethod(postMethod);
} catch (HttpException httpe) {
System.err.print("HttpException");
System.err.println(httpe.getMessage());
httpe.printStackTrace();
} catch (IOException ioe) {
System.err.print("IOException");
System.err.println(ioe.getMessage());
ioe.printStackTrace();
}
String responseBody = postMethod.getResponseBodyAsString();
System.out.println(responseBody);
postMethod.releaseConnection();
}
}
=================================================================== END
This is the header of the normal way to authenticate via form
authentication:
===================================================================BEGIN
http://localhost:8080/shibboleth-idp-krz/j_security_check
POST /shibboleth-idp-krz/j_security_check HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.0.7)
Gecko/20060921 Ubuntu/dapper-security Firefox/1.5.0.7
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: UTF-8,*
Keep-Alive: 300
Connection: keep-alive
Referer: http://localhost:8080/shibboleth-idp-krz/SSO-ub
Cookie: JSESSIONID=34AD3C1181259059BA4A1F215D61DF60
Content-Type: application/x-www-form-urlencoded
Content-Length: 57
j_username=demo03&j_password=demo&Login=Login
HTTP/1.x 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location: http://localhost:8080/shibboleth-idp-krz/SSO-ub
Content-Length: 0
Date: Mon, 16 Oct 2006 07:47:04 GMT
================================================================== END
Thanks!
-- Franck
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
