Thanks for the help on this... I'm still unable to get the log-in to work,
but I will still keep trying. For now, here is the test class that I am
using to get it to work... if possible, please critique and let me know if
something looks odd at what and how I'm using HttpClient...
I'll touch base soon with how this goes...
-Brant
CODE:
import java.net.URLEncoder;
import java.text.NumberFormat;
import java.util.Date;
import org.apache.commons.httpclient.*;
import
org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory;
import org.apache.commons.httpclient.cookie.CookiePolicy;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.protocol.Protocol;
/**
* @author Stupid Noob :)
*/
public class Tester {
private static final String LOGON_SITE = "wwws.ameritrade.com";
private static final int LOGON_PORT = 443;
// --> the following are generated via javascript within the page for a
dynamic url - 102.112.2o7.net
private static String pgRandNum;
private static String strTStamp;
static {
Date date = new Date();
Double rand = new Double(Math.floor(date.getTime() / 10800000) % 10
+ Math.floor(Math.random() * 10000000000000d));
NumberFormat nf = NumberFormat.getInstance();
nf.setMaximumFractionDigits(0);
pgRandNum = nf.format(rand).replaceAll(",", "");
strTStamp = (date.getMonth() + 1) + "/" + date.getMonth() + "/" +
(date.getYear() + 1900) + " " + date.getHours() + ":" + date.getMinutes() +
":" +
date.getSeconds() + " " + date.getDay() + " " +
date.getTimezoneOffset();
}
public static void main(String[] args) {
HttpClient client = new HttpClient();
//client.getHostConfiguration().setProxy("www-proxy", 80);
client.getHostConfiguration().setHost(LOGON_SITE,
LOGON_PORT, "https");
client.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY);
Protocol.registerProtocol("https", new Protocol("https", new
EasySSLProtocolSocketFactory(), 443));
GetMethod initializeGet = new GetMethod("/apps/LogIn");
// more than likely, executing these get calls will not make
a difference - but just in case...
GetMethod getLogo = new
GetMethod("/gifs/brand_logo_large.gif");
GetMethod getJs = new GetMethod("/s_code.js");
GetMethod externalNum1 = new
GetMethod("https://102.112.2o7.net/b/ss/ameritradeglobal,ameritradetrd/1/G.5
-Pd-S/s" + pgRandNum + "?[AQB]&ndh=1&t=" + URLEncoder.encode(strTStamp) +
"pageName=Ameritrade%20login%20page&g=https%3A//wwws.ameritrade.com/apps/Log
In&s=1024x768&c=32&j=1.3&v=Y&k=Y&bw=986&bh=516&p=Mozilla%20Default%20Plug-in
%3BJava%20Plug-in%3BAdobe%20Acrobat%3BQuickTime%20Plug-in%206.3%3BMicrosoft%
20%28R%29%20DRM%3BWindows%20Media%20Player%20Plug-in%20Dynamic%20Link%20Libr
ary%3BMicrosoft%AE%20Windows%20Media%20Services%3B&[AQE]");
GetMethod externalNum2 = new
GetMethod("https://102.112.2o7.net/b/ss/ameritradeglobal,ameritradetrd/1/G.5
-Pd-S/s" + pgRandNum +
"?[AQB]purl=https%3A%2F%2Fwwws.ameritrade.com%2Fcgi-bin%2Fapps%2FLogIn&pccr=
true&&ndh=1&t=" + URLEncoder.encode(strTStamp) +
"&pageName=Ameritrade%20login%20page&g=https%3A//wwws.ameritrade.com/apps/Lo
gIn&s=1024x768&c=32&j=1.3&v=Y&k=Y&bw=986&bh=516&p=Mozilla%20Default%20Plug-i
n%3BJava%20Plug-in%3BAdobe%20Acrobat%3BQuickTime%20Plug-in%206.3%3BMicrosoft
%20%28R%29%20DRM%3BWindows%20Media%20Player%20Plug-in%20Dynamic%20Link%20Lib
rary%3BMicrosoft%AE%20Windows%20Media%20Services%3B&[AQE]");
PostMethod mainLoginPost = new
PostMethod("/apps/LogInMain");
NameValuePair pageHandler = new NameValuePair("pagehandler",
"PHLogIn");
NameValuePair userGroup = new NameValuePair("USERGROUP",
"ACCT");
NameValuePair userId = new NameValuePair("USERID",
"myUsername");
NameValuePair dvData = new NameValuePair("DV_DATA", "" +
System.currentTimeMillis());
NameValuePair pWord = new NameValuePair("PASSWORD",
"myPassword");
NameValuePair submit = new NameValuePair("logon",
"Login+Now");
NameValuePair company = new NameValuePair("COMPANY",
"AMER");
NameValuePair[] postValues = new NameValuePair[] {
pageHandler, userGroup, userId, dvData, pWord, submit, company };
mainLoginPost.setRequestBody(postValues);
try {
// initialize all the cookies before continuing
client.executeMethod(initializeGet);
showHeaders(initializeGet);
client.executeMethod(getLogo);
showHeaders(getLogo);
client.executeMethod(getJs);
showHeaders(getJs);
client.executeMethod(externalNum1);
showHeaders(externalNum1);
client.executeMethod(externalNum2);
showHeaders(externalNum2);
client.executeMethod(mainLoginPost);
showHeaders(mainLoginPost);
String redirectLocation = "";
Header locationHeader =
mainLoginPost.getResponseHeader("location");
if (locationHeader != null) {
redirectLocation = locationHeader.getValue();
GetMethod newDirection = new
GetMethod(redirectLocation);
client.executeMethod(newDirection);
System.out.println(newDirection.getResponseBodyAsString());
} else {
// The response is invalid and did not provide the new
location for
// the resource. Report an error or possibly handle the
response
// like a 404 Not Found error.
}
} catch (Exception e) {
e.printStackTrace();
} finally {
initializeGet.releaseConnection();
getLogo.releaseConnection();
getJs.releaseConnection();
externalNum1.releaseConnection();
externalNum2.releaseConnection();
mainLoginPost.releaseConnection();
}
}
private static void showHeaders(HttpMethod method) {
Header[] initializeH = method.getResponseHeaders();
for (int i = 0; i < initializeH.length; i++) {
Header h = initializeH[i];
System.out.println(h.getName() + " - " +
h.getValue());
}
System.out.print("\n");
}
private static void showCookies(HttpState state) {
Cookie[] cookies = state.getCookies();
if (cookies.length == 0) System.out.println("nothing");
for (int i = 0; i < cookies.length; i++) {
// System.out.println(cookies[i].toExternalForm() +
"\n");
}
}
}
-----Original Message-----
From: Oleg Kalnichevski [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 14, 2004 11:18 AM
To: Jakarta Commons Users List
Subject: RE: HttpClient - Using To Log-In
On Tue, 2004-09-14 at 02:00, Brant Hahn wrote:
> Ok, I'm trying to use the StrictSSLProtocolSocketFactory class, which
> requires me to upgrade to HttpClient 3.0.
Just one additional comment. You do not have to upgrade to HttpClient
3.0 just to be able to use StrictSSLProtocolSocketFactory class. There's
2.0.x compatible version of this class as well:
http://cvs.apache.org/viewcvs.cgi/jakarta-commons/httpclient/src/contrib/org
/apache/commons/httpclient/contrib/ssl/?only_with_tag=HTTPCLIENT_2_0_BRANCH
Oleg
> With the update, it looks like
> I'm getting a bit more detailed information. First of all, the initial
> hitting of the log-in page requires a GET to https://102.112.2o7.net, and
> when I attempt this with HttpClient, it gives me the following warning:
> WARNING: Cookie rejected: "$Version=0;
> s_vi_qx7Dubydbqtuwx7Cx7Frqx7C=[CS]v4|CCBDC09-74330091|0[CE];
> $Domain=.2o7.net; $Path=/". Domain attribute ".2o7.net" violates RFC 2109:
> host minus domain may not contain any dots
>
> Obviously, it doesn't like that I'm doing a hybrid of IP + a domain
address.
> Is there a way to get around this where the cookie does not get rejected?
>
> Also, before the main POST execution with my NameValuePair values, I
> initially set to follow all redirects. This is now throwing an
> IllegalArgumentException for HttpClient 3.0. The message is: Entity
> enclosing requests cannot be redirected without user intervention. I've
> attached my code...why is doing it? It's just a primitive boolean
> argument...how can that be illegal if that's what the method signature
> requests?
>
> Thanks!
> Brant
>
> -----Original Message-----
> From: Kedar Panse [mailto:[EMAIL PROTECTED]
> Sent: Sunday, September 12, 2004 10:53 PM
> To: Jakarta Commons Users List
> Subject: Re: HttpClient - Using To Log-In
>
> Brant,
>
> I use it regularly for all types of things. Are you using https? You
> may have to use Easy/StrictSSLProtocolSocketFactory example given on
> HttpClient website. Not sure what your problem could be from the
> explaination
>
>
> Kedar
>
> Brant Hahn wrote:
>
> >Hi,
> >
> >
> >
> >I've been trying off and on to use HttpClient to log-in to my brokerage
> >account at Ameritrade to retrieve up-to-date details on my account there.
> I
> >have had no luck being able to log-in, even though it seems that all the
> >right cookies are being set and all the form variables are begin posted
via
> >NameValuePair. Has anyone tried using HttpClient to get into their
> >accounts, specifically with financial sites where security is a bit
> >tighter..? If there are certain servers that HttpClient is unable to
> >cooperate with, then please let me know. Otherwise, I will see about
> >finding the time to put my code on here to see if you guys might show me
if
> >I'm doing something wrong.
> >
> >
> >
> >Thanks,
> >
> >Brant
> >
> >
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> ______________________________________________________________________
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
