Communicate with the server without a browser.

Hi everyone,

I need to create a java class which can do the following requirement.

- When the openid and the password is given it should create and HttpRequest and send to the https://www.myopenid.com/signin_password page and get the authResponse which has the openid token.

- I need to do accomplish the above task without using a browser.

How can i accomplish my task. A sample code would be much appreciated.

Thanks in advanced.

Take a look at the java.net.URLConnection documentation.

Thanks for your information.

But a small problem.
When i write URLConnection uRLConnection = new URLConnection(url) it gives and error saying that all abstract methods are not implemented.
When i click the suggestion button and click implement all abstract methods its shows something like this.

URLConnection uRLConnection = new URLConnection(url) {

@Override
public void connect() throws IOException {
throw new UnsupportedOperationException("Not supported yet.");
}
};

What should be written inside the connect method?

Thank you.

Sorry i figured out the solution from some other forum.

instead of creating a URLConnection by new URLConnection()
need to write the code as follow

URL url = new URL("http://www.abc.com");
URLConnection uRLConnection = url.OpenConnection();

You don't use the URLConnection constructor. You get an URLConnection object via new URL(...).openConnection().

Edit: Too late :-)

Apache's HttpClient may be a bit easier to work with.

How do i give the username and the password

I tried the following code, but it didn't succeed.

URL url = new URL("https://www.myopenid.com/signin_password");
URLConnection uRLConnection = url.openConnection();
uRLConnection.setAllowUserInteraction(true);
uRLConnection.setDoInput(true);
uRLConnection.setDoOutput(true);
uRLConnection.setRequestProperty("Username", "hemaljoes");
uRLConnection.setRequestProperty("password", "password");
uRLConnection.connect();

OutputStream outputStream = uRLConnection.getOutputStream();
outputStream.flush();

InputStream in = uRLConnection.getInputStream();
InputStreamReader inReader = new InputStreamReader(in);
BufferedReader reader = new BufferedReader(inReader);

String newLine = null;
while ((newLine = reader.readLine()) != null)
System.out.println(newLine);
reader.close();

String headerName=null;
for (int i=1; (headerName = uRLConnection.getHeaderFieldKey(i))!=null; i++) {
System.out.println(uRLConnection.getHeaderFieldKey(i));
System.out.println(uRLConnection.getHeaderField(i));
}

Can anyone help me please.

Where did you get the idea about Username and Password headers?
See http://www.coderanch.com/how-to/java/AppletsFaq#authentication (it doesn't matter that the page talks about applets - the code is the same).

If you're doing more involved things over this connection, then using HttpClient will likely be easier, as Rob said.

I changed the following code to code below. But i don't get authenticated

URL url = new URL("https://www.myopenid.com/signin_password");
URLConnection uRLConnection = url.openConnection();
uRLConnection.setAllowUserInteraction(true);
uRLConnection.setDoInput(true);
uRLConnection.setDoOutput(true);
uRLConnection.setRequestProperty("Username", "hemaljoes");
uRLConnection.setRequestProperty("password", "password");
uRLConnection.connect();

URL url = new URL("https://www.myopenid.com/signin_password");
URLConnection uRLConnection = url.openConnection();
uRLConnection.setAllowUserInteraction(true);
uRLConnection.setDoInput(true);
uRLConnection.setDoOutput(true);

sun.misc.BASE64Encoder encoder = new BASE64Encoder();
String authorization ="hemaljoes:password";
byte[] bt =authorization.getBytes();
String encodedData = encoder.encode(bt);

uRLConnection.setRequestProperty("Authorization", "Basic " + encodedData);
uRLConnection.connect();

But i don't get authenticated

What does that mean? What's the server response? Post the HTTP status code and the body of the response.

You can also use a tool like tcpmon to observe the HTTP that gets sent to the server, and compare it to what gets sent if you access that site from within a browser.

I said i don't get authenticated because after I run my code and went to the https://www.myopenid.com/signin_password it asks for my username and password. If I was successfully authenticated when i run my code it shouldn't be asking like that. Isn't it?

Well when i run the above code i get the reply as this . which is the html of the https://www.myopenid.com/signin_password

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<div id="header">
    <h6><a href="https://www.myopenid.com/" rel="nofollow">myOpenID - The free, secure OpenID server</a></h6>

</div>
  <div id="columns" class="ca">
    <div id="content">
    <div id="personal-icon">
      <p id="personal-icon-container">
        <a href="https://www.myopenid.com/set_cookie_image" rel="nofollow">Your Personal Icon</a>
      </p>
    </div>
      <div style="position: absolute; margin-bottom: 1em;"><h1><span>Sign In
</span></h1></div><h1 style="margin-bottom: 2em;"> </h1>

<form method="post" action="https://www.myopenid.com/signin_submit" id="password-signin-form">
<table class="form_layout">
   <tbody>
     <tr >
       <td><label for="identity">Username</label></td>
       <td>
         <input type="text" name="user_name" id="identity"
                tabindex="1" value="" />
       </td>
     </tr>
     <tr>
       <td><label for="password">Password</label></td>
       <td>
         <input id="password" type="password" name="password" tabindex="2" />
       </td>
     </tr>
     <tr class="radiochecks">
       <td>
         <input
          title="Checking this box will keep you signed in to
                    myOpenID even after you exit your browser.  You
                    should NOT check this box on a shared computer!."
         id="stay_signed_in" type="checkbox" name="stay_signed_in"
         ) tabindex="3" />
       </td>
       <td>
         <label for="stay_signed_in">Stay signed in</label>
       </td>
     </tr>
   </tbody>
 </table>
<script>
  document.getElementById('identity').focus()
</script>
<div class="buttons">

<span id="spinner_signin_button" style="display: none;" >
  <img src="https://www.myopenid.com/static/images/spinner.gif" />
  <span> Authenticating... </span>
</span>

</div>
<input type="hidden" name="token" value="f8c5257f858605113c207837e8bedf160000000000062802" /><input type="hidden" name="_" value="*1475-a7a2-7e9b" /></form>

<ul>
  <li id="infocard-li">
      <form method="post" action="https://www.myopenid.com/signin_infocard" id="infocard-form" class='noline'>
  <input type="hidden" name="tid" value="e85702fb" />
  <input type="hidden" name="resume_action" value="signin_password" />
  <input type="image" id="infocard-logo-button"
         value="Choose an Information Card"
         src="https://www.myopenid.com/static/InformationCards/images/infocard_30x21.png">
  <label for='infocard-logo-button'><a id="infocard-label"  rel="nofollow">Sign in with an Information Card</a></label>
  <div style="display:none;" id="infocard-holder"></div>
  <noscript>
  
<OBJECT type="application/x-informationCard"
        name="xmlToken"
        class="skip">
  <PARAM Name="tokenType"
         Value="urn:oasis:names:tc:SAML:1.0:assertion">
  <PARAM Name="issuer"
         Value="http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self">
  <PARAM Name="requiredClaims"
         Value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier">
  <PARAM Name="optionalClaims"
         Value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">
</OBJECT>

</noscript>
  <script defer="defer">
    (function() {
        var hide = function () {
            // hide widgets if infocard is not supported
            var infocardFormHolder = document.getElementById('infocard-li');
            infocardFormHolder.style.display = 'none';
        };
        if (InformationCard.AreCardsSupported()) {
            var enable = function () {
                try {
                    document.getElementById('infocard-label').setAttribute('href', '#');
                    document.getElementById('infocard-holder').innerHTML = '\x0a<OBJECT type=\x22application/x-informationCard\x22\x0a        name=\x22xmlToken\x22\x0a        class=\x22skip\x22>\x0a  <PARAM Name=\x22tokenType\x22\x0a         Value=\x22urn:oasis:names:tc:SAML:1.0:assertion\x22>\x0a  <PARAM Name=\x22issuer\x22\x0a         Value=\x22http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self\x22>\x0a  <PARAM Name=\x22requiredClaims\x22\x0a         Value=\x22http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier\x22>\x0a  <PARAM Name=\x22optionalClaims\x22\x0a         Value=\x22http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\x22>\x0a</OBJECT>\x0a';
                } catch (e) {
                    hide();
                }
            };
            if (window.ActiveXObject) {
                window.attachEvent("onload", enable);
            } else {
                window.addEventListener("load", enable, false);
            }
        } else {
            hide();
        }
    })();
  </script>
  <input type="hidden" name="token" value="31a9101a3a3e91b2e845c8f7aad7b0e50000000000091f01" /><input type="hidden" name="_" value="*1475-a7a2-7e9b" /></form>

</li>
  <li><a href="https://www.myopenid.com/signin_certificate?_=%2A1475-a7a2-7e9b&tid=e85702fb&token=fc1bb60f1f59cdc152bda2646c657b5600000000000d723f" rel="nofollow">
    Sign in with an SSL certificate</a></li>
  <li><a href="https://www.myopenid.com/account_recover_initiate" rel="nofollow">
    I cannot access my account</a></li>
</ul>

</div>
    <div id="navigation">
          <h2>
      Options
    </h2>
 
    <ul>
        
<li id="navigation-home"><a href="https://www.myopenid.com/" rel="nofollow">Home</a></li>

<li><a href="https://www.myopenid.com/account_recover_initiate" rel="nofollow">Recover Account</a></li>

<li><a href="https://www.myopenid.com/directory" rel="nofollow">OpenID Site Directory</a></li>

</ul>

</div>
  </div>
  <div id="footer">
    <p class="fl"> 
  <a href="https://www.myopenid.com/help" rel="nofollow">Help</a> |
  <a href="https://www.myopenid.com/privacy" rel="nofollow">Privacy</a> |

Language: <a href="https://www.myopenid.com/set_language" rel="nofollow">Not set</a>
</p>

<p class="fr"> 
  <a href="http://blog.janrain.com/" rel="nofollow">Blog</a> |

<a href="http://janrain.com/background/" rel="nofollow">About Us</a> |

<br />

myOpenID™ and the myOpenID™ website are
     trademarks of Janrain, Inc.
</p>

</div>
</div>

Date
Sat, 29 Jan 2011 19:26:30 GMT
Server
Apache/2.2
Content-Length
9227
Content-Type
text/html; charset=UTF-8
Set-Cookie
ephemeral_session_id=fe90fa60478e0107616ac9fe48a803b0784c44e4319cc61a6af3b06f8c4bc6e9; domain=myopenid.com; path=/
Set-Cookie
browser_id=14758d0f3fd05ad24d40ff26c7286df5f161fbc939cf425f50e3d77dca1a9fcf; domain=myopenid.com; path=/; expires=Sun, 29-Jan-2012 19:26:30 GMT
Set-Cookie
secure_session_id=45821a0e8563d543e50bd894b558f818832a04d700569ca7652cf1f33647109c; domain=myopenid.com; path=/; secure; expires=Sun, 29-Jan-2012 19:26:30 GMT
Set-Cookie
session_id=82b46b818e3309a1ecf7e05d5adc0908227f6f0ac77d27924b54c21a8fc7db09; domain=myopenid.com; path=/; expires=Sun, 29-Jan-2012 19:26:30 GMT
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection
close
BUILD SUCCESSFUL (total time: 2 seconds)

The form on that page submits to https://www.myopenid.com/signin_submit, not the URL you're using. And it uses form parameters, not basic authentication.

Where did you get the idea that using basic authentication against https://www.myopenid.com/signin_password should work?

I'm really sorry, I'm new to java.

I though it's not possible to directly send request to the https://www.myopenid.com/signin_submit. Because if you do it in the browser it will give the following message

Error
You have followed a bad link. Please inform the owners of the site from which you came.

Any way can you give me any suggestion on how to authenticate.

Thanks in advanced.

This question is too difficult for "beginning". Not sure where to move it to, but I'll try JiG

I though it's not possible to directly send request to the https://www.myopenid.com/signin_submit. Because if you do it in the browser...

A browser sends GET request, whereas the form is submitted via POST; you can't generally substitute one for the other.

It looks as if you need to send a POST request to https://www.myopenid.com/signin_submit that has parameters "user_name and "password". This example should help you get going: http://www.exampledepot.com/egs/java.net/Post.html

I tried the following code

But it returns the index page not the page that should be get if it is successfully authenticated.

In the example that is in the http://www.exampledepot.com/egs/java.net/Post.html it uses http. In my scenario it is a https connection. Does some additional thing to be done when you are posting to a https connection.