Hi I'm trying to do form-based authentication. Here's what happens according to the Firebug
1. Hit the URL (GET http://foo.com) 2. That gets response code 302 and gets redirected (GET http://foo.com/session/new) which brings a login form 3. Login form is POST with action="https://foo.com/session"; and two fields uname and passwd 4. Submitting the form gets 302 (POST https://foo.com/session) and then GET http://foo.com/session/new which brings index page content I'm not clear if I need to follow both redirects and what is the best way to do it. Test code that I have follows DefaultHttpClient client = new DefaultHttpClient(); HttpGet get = new HttpGet("http://foo.com/";); HttpResponse response = client.execute(get); System.out.println(response.getStatusLine()); response.getEntity().consumeContent(); // do the form post, retain all the cookies HttpPost post = new HttpPost("https://foo.com/session/new";); List <NameValuePair> nvps = new ArrayList <NameValuePair>(); nvps.add(new BasicNameValuePair("login", "[email protected]")); nvps.add(new BasicNameValuePair("password", "Foo")); nvps.add(new BasicNameValuePair("commit", "Sign In")); // this is actually a submit button post.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8)); HttpResponse postresponse = client.execute(post); ResponseHandler<String> handler = new BasicResponseHandler(); String body = handler.handleResponse(postresponse); System.out.println(body); // still prints out login form Thanks, Bob S.
