On Sun, 2010-08-08 at 10:30 +0200, Werner wrote: > Hello HTTPComponent Users, > > I'm writing a small test-client to test the android authentication > against a Tomcat 7 Server. It uses Form-based POST authentication and > everything works, but two questions arose: > > 1. How can I see (from the client side), that I need to authenticate > myself to a page? The server internally redirects me to the login page > and returns a "200 OK". So the only way to find out is to analyze the > page content? >
Yes, that is the case > 2. Do you really have to make three calls in order to get a resource > which needs authentication? Right now I am doing the following: > a) Request the resource http://localhost:8080/sample/protected/ > login page is returned with a sessionId > b) Provide user credentials, call the authenticate url > http://localhost:8080/sample/protected/j_security_check > a "302 Moved Temporarily" is returned with the location header > "http://localhost:8080/sample/protected/"; > a) Request the resource again http://localhost:8080/sample/protected/ > finally get the desired page (but with another sessionId!) > Usually one should get redirected to the protected resource after successful authentication. So, there is no need for the third step. It does take 3 request / response exchanges in total. Hope this helps Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
