This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I have a small app that I want to use to log into an ASP based secure website (https) via an HTML form. The problem I'm having is that the HttpClient doesn't seem want to log in - it just keeps responding with the login page. Any suggestions? Here is my method:
Why don't you tell us some more detail about what is happening, like what exactly you are expecting, what exactly is happening, and at what line of your code the expected behavior starts to deviate from the observed behavior. Are there any error messages?
Joined: May 22, 2005
Thanks for the reply, Ulf. Here is a little more background:
What I'm expecting/what is actually happening: After I instantiate the HttpClient object, I'm using the GetMethod class to send a request to the SECURED resource of the site I'm trying to log into. When I do this in a regular browser, I am redirected to a login page. Once I fill out the login information, I'm automatically redirected to the resource I was inititally requesting. Now in this program, I'm attempting to do the same thing, I'm confirming that I have reached the login page with the line that says System.out.println(initGet.getResponseBodyAsString()); - I can see the HTML output in my console - this appears to be working. After that, I'm looping through all the cookies that I received from the server to make sure I have a session cookie. Once I can see that I have, I move on to POST my login information to the server. This is where the problems begin...
Behavior deviates at: When I post my form based authentication information, the server responds with the exact same login page. Note, it does not respond with some sort of "bad username/password" like it typically does if I enter a bad username/password combo in the browser. I know I have a session started, but I can't help but wonder if I'm using the Get/PostMethod objects correctly. Shouldn't I be able to POST my username and password to the login page and have it redirect me to the resource I originally requested, as is what happens in a real-life browser? It should be noted that I've tried to access other secured resources after this request and been directed to the login page - so I know its not just "logging me in and parking at the login page" so to speak.
By the way, I'm not dedicated to HttpClient - if there is a better way to do what I'm trying to do, by all means, suggest it!
Error messages: There are no error messages or exceptions thrown, aside from maybe BaffledProgrammerException.
Thanks for your interest in helping me solve this,
[ October 20, 2005: Message edited by: Jon Cone ] [ October 20, 2005: Message edited by: Jon Cone ]
Joined: Mar 22, 2005
It looks to me like the GET and POST both access the same path, which as I understand is the page that you actually want to access. But the POST presumably needs to go through the login-handling code, which normally would live at a different URL.
Try switching the two method calls, i.e. first do a POST to the login URL (which you can find by examining the login page), and then do a GET of the page you're really interested in.
I have used HttpUnit for stuff like this in the past, which gives you convenient access to the elements of the resulting web page. That makes it easy to maintain a "web conversation" of retrieving pages, submitting forms, accessing links and so forth. [ October 21, 2005: Message edited by: Ulf Dittmer ]
Joined: May 22, 2005
You are the best! I tried your suggestion about switching the HTTP method requests to no avail. After that I looked into HttpUnit - I accomplished in 30 minutes with HttpUnit what I had spent two days on with HttpClient.
Thank you very much!
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link: http://aspose.com