Hello John :
Do you have import certificate into your JDK's keystore? Httpclient
can't auto store SSL certificate as our Browser( IE, FireFoxe). This procees
must did by manual.
2006/5/18, [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
Roland,
I had previously reviewed the SSL Guide so that wasn't of any new help w/
regards to this problem. I did find the wiki article very well written.
The only suggestion I would make is in section 5.2 to describe how to
"enable the wire log" in HttpClient (or provide a link to the appropriate
doc). I wasn't aware of any such facility in HTTPClient and had been
using a TCP trace tool up till now. Other than that, very well written!
Thanks!
John M. Corro
(414) 524-7118
[EMAIL PROTECTED]
05/17/2006 10:21 AM
Please respond to
[email protected]
To
[email protected]
cc
Subject
Re: Logging in using HTTPS form-based authentication
Hello John,
[EMAIL PROTECTED] wrote:
> I have a situation where I'm trying to log into my bank's website which
> uses HTTPS form-based authentication. I've tried posting the
appropriate
> username/password to the appropriate URL, but the server is not
> authenticating me (keeps forwarding me to some generic error page). I've
> considered several potential issues causing this failure, but am not
quite
> sure what to do:
First, make sure you have basic SSL connectivity with the server:
http://jakarta.apache.org/commons/httpclient/sslguide.html
Then, follow the instructions in the Client HTTP Programming Primer:
http://wiki.apache.org/jakarta-httpclient/ForAbsoluteBeginners
Congratulations, you have just volunteered to be the very first
alpha tester of that document :-) Please let us know whether you
find it helpful, and how we could improve it.
hope that helps,
Roland
>
> 1. The website expects/requires you to go to the initial HTTPS protected
> login form page. Potentially the site sets a cookie at that first page
> and validates on form submission that the cookie is present. I've
> experimented trying to get past (if it indeed is happening) by setting
the
> cookie policy on an HttpClient to BROWSER_COMPATIBLE, using that
> HttpClient to execute a GetMethod to the login form page, then using the
> same HttpClient to execute a PostMethod submitting the right
> username/password. That didn't work. Did the steps I executed make for
> an appropriate test? Is there a way I can confirm what cookie policy I
> should be using?
>
> 2. I thought I heard/read a while back that to securely post data to an
> HTTPS url, you need to initially come from an HTTPS URL as well. Is
this
> true? If so, is using the same HttpClient instance to execute all
> GetMethods & PostMethods sufficient?
>
> 3. Is there any debugging techniques (examining header values, cookies,
> etc) I can do to verify what exactly is causing my inability to login?
>
> John M. Corro
> (414) 524-7118
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
