You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Derek Lac <dl...@konaware.com> on 2006/06/21 03:02:39 UTC

using httpclient to login into tomcat with authenication

 

I need to find a way to go into tomcat programmatically and bypassing the
form based authentication.

 

I turned on form based authenticated by adding  security-constraint in
web.xml. As a result of that, I need to type in admin, admin as user name
and password to assess a page called hello.jsp. The way the form based works
is that it uses j_security_check by passing user name and password using
NameValuePair. I can log in ok manually.

 

Here's the error when I used httpclient.jar:

 

The time allowed for the login process has been exceeded. If you wish to
continue you must either click back twice and re-click the link you
requested or close and re-open your browser</u></p><p><b>description</b>
<u>The client did not produce a request within the time that the server was
prepared to

wait (The time allowed for the login process has been exceeded. If you wish
to continue you must either click back twice and re-click the link you
requested or

close and re-open your browser). 

 

 

I've turned on debugging. Somehow the the AuthenticatorBase or
FormAuthenticator authenticates different from the httpclient.jar than my
browser.

 

 

Thanks for Any Help,

 

Derek

 

 

 

Below is the code using httpclient.jar:

 

 

 

 

import org.apache.commons.httpclient.*; 

import org.apache.commons.httpclient.auth.*;

import org.apache.commons.httpclient.methods.*; 

import org.apache.commons.httpclient.cookie.CookiePolicy;

import org.apache.commons.httpclient.cookie.CookieSpec;

import org.apache.commons.httpclient.params.HttpMethodParams; 

import java.io.*; 

public class DoForm { 

 

 

static{ 

System.setProperty("org.apache.commons.logging.Log", 

                   "org.apache.commons.logging.impl.SimpleLog"); 

System.setProperty("org.apache.commons.logging.simplelog.showdatetime",
"true"); 

System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire
", "debug"); 

System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.comm
ons.httpclient", "debug"); 

}

 

 

 

    //private static String url = "http://128.18.245.102:14035"; 

    //    private static String
url1="http://128.18.245.102:14035/kw-saf-admin";

 

    static final String LOGON_SITE = "localhost";

    static final int    LOGON_PORT = 8080;

    static final String    LOGON_EXT="self-login";

    private static String
url1="http://"+LOGON_SITE+":"+LOGON_PORT+"/"+LOGON_EXT;    

public static void main(String[] args) { 

// Create an instance of HttpClient. 

HttpClient client = new HttpClient(); 

// Create a method instance. 

PostMethod method = new PostMethod(url1+"/j_security_check"); 

//GetMethod method = new GetMethod(url1+"/j_security_check"); 

 

NameValuePair [] data = { new NameValuePair("j_username", "admin"),

                          new NameValuePair("j_password", "admin"),

                          new NameValuePair("action", "j_security_check"),

                                      new NameValuePair("url", "login.jsp")
};

 

method.setRequestBody(data);

 

 

 

 

try {

 // Execute the method. 

int statusCode = client.executeMethod(method); 

if (statusCode != HttpStatus.SC_OK) { 

System.err.println("Method failed: " + method.getStatusLine()); 

} // Read the response body. 

System.out.println("Login form post: " + method.getStatusLine().toString());

// release any connection resources used by the method

byte[] responseBody = method.getResponseBody(); 

method.releaseConnection();

// See if we got any cookies

// The only way of telling whether logon succeeded is 

// by finding a session cookie

CookieSpec cookiespec = CookiePolicy.getDefaultSpec();

Cookie[] logoncookies = cookiespec.match(

       LOGON_SITE, LOGON_PORT, LOGON_EXT, false, 

       client.getState().getCookies());

     System.out.println("Logon cookies:"); 

        if (logoncookies.length == 0) {

                System.out.println("None"); 

        } else {

                for (int i = 0; i < logoncookies.length; i++) {

                        System.out.println("- " + 

logoncookies[i].toString()); 

                        }

            }

 

// Deal with the response. 

// Use caution: ensure correct character encoding and is not binary data 

System.out.println(new String(responseBody)); 

 

} catch (HttpException e) {

 System.err.println("Fatal protocol violation: " + e.getMessage()); 

e.printStackTrace();

 } catch (IOException e) {

 System.err.println("Fatal transport error: " + e.getMessage());

 e.printStackTrace();

 } finally { // Release the connection. method.releaseConnection(); 

 } 

} 

}

Re: using httpclient to login into tomcat with authenication

Posted by Amila Suriarachchi <am...@gmail.com>.

hi,
first think what happend in formbased authentication
1. first user sends a request to a restricted resource
2. server sends the loging page to broser
3. then user submits a request to j_security_check with user name and
password
4. sever sends the initialy requested page to user.

so u have to do the same steps from your program
1. send a request to a restricted resource (eg. use GetMethod)
2. read the response ( this is actually not necessary but u can veryfy u
have got login page)
3. send the j_username and j_password to  j_security_check (Make sure u set
the session ID as a cookie if
u use a different connection)
4. u should receive originally requested page.

but I belive this belongs to user list

Amila.