You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Ja...@wsib.on.ca on 2007/12/20 18:13:56 UTC
redirect website problem (urgent)
Hi,
I have a website use redirect: the link is below:
https://eservice2.wsib.on.ca/b2bf7/Authentication?UserId=xxxx&Password=xxxx
It suppose to return a NAK like:
<?xml version="1.0" encoding="UTF-8" ?>
- <wsibf:Response xmlns:wsib="http://www.wsib.on.ca" xmlns:wsibf="
http://www.wsib.on.ca/form" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="
http://www.wsib.on.ca/form Acknowledgement.xsd">
- <wsibf:NAK>
- <wsibf:errors>
<wsibf:errorCode>101</wsibf:errorCode>
<wsibf:errorMessage>Invalid user id or password.</wsibf:errorMessage>
</wsibf:errors>
- <wsibf:timestamp>
<wsib:date>20122007</wsib:date>
<wsib:time>12:11:55</wsib:time>
</wsibf:timestamp>
</wsibf:NAK>
</wsibf:Response>
but when I tried it in my code:
HttpClient client = new HttpClient();
client.getHostConfiguration().setHost(LOGON_SITE, LOGON_PORT,
"https");
String userId ="userid";
String password="password";
String URL =
"/b2bf7/Authentication"+"?"+USERID+EQUAL+userId+"&"+PASSWORD+EQUAL+password;
PostMethod authpost = new PostMethod(URL);
String redirectLocation="";
client.executeMethod(authpost);
Header locationHeader =
authpost.getResponseHeader("Location");
if (locationHeader != null) {
redirectLocation = locationHeader.getValue();
System.out.println("redirectLocation =
"+redirectLocation);
} else {
System.out.println("nothing found");
// The response is invalid and did not provide the new
location for
// the resource. Report an error or possibly handle
the response
// like a 404 Not Found error.
}
authpost.releaseConnection();
authpost = new PostMethod(redirectLocation);
client.executeMethod(authpost);
System.out.println("Login form post: " +
authpost.getResponseBodyAsString());
} catch (HttpException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
authpost.releaseConnection();
it returns nothing,
log looks like
2007/12/20 12:13:28:437 EST [DEBUG] HttpClient - Java version: 1.4.2
2007/12/20 12:13:28:437 EST [DEBUG] HttpClient - Java vendor: IBM
Corporation
2007/12/20 12:13:28:437 EST [DEBUG] HttpClient - Java class path:
C:\ESWworkspace\TestTool;C:\tmp\apache-commons\commons-logging-1.0.4\commons-logging-api.jar;C:\tmp\apache-commons\commons-logging-1.0.4\commons-logging.jar;C:\tmp\apache-commons\commons-codec-1.3\commons-codec-1.3.jar;C:\tmp\commons-httpclient-3.1-rc1\commons-httpclient-3.1-rc1.jar;C:\B2BForm7\lib\activation.jar;C:\B2BForm7\lib\asm.jar;C:\B2BForm7\lib\b2bform7_persist.jar;C:\B2BForm7\lib\cglib-2.1.jar;C:\B2BForm7\lib\com.ibm.mq.jar;C:\B2BForm7\lib\com.ibm.mq.pcf.jar;C:\B2BForm7\lib\commons-collections-2.1.1.jar;C:\B2BForm7\lib\commons-dbcp.jar;C:\B2BForm7\lib\commons-logging-1.1.jar;C:\B2BForm7\lib\commons-pool.jar;C:\B2BForm7\lib\connector.jar;C:\B2BForm7\lib\db2java.zip;C:\B2BForm7\lib\dom4j-1.6.jar;C:\B2BForm7\lib\eaas_1.2.jar;C:\B2BForm7\lib\ehcache-1.1.jar;C:\B2BForm7\lib\eims_framework_v2_3.jar;C:\B2BForm7\lib\hibernate3.jar;C:\B2BForm7\lib\jms.jar;C:\B2BForm7\lib\jta.jar;C:\B2BForm7\lib\log4j-1.2.11.jar;C:\B2BForm7\lib\mail.jar;C:\B2BForm7\lib\presister.jar;C:\B2BForm
7\lib\spring.jar;C:\tmp\ldapjdk41\packages\ldapjdk.jar
2007/12/20 12:13:28:437 EST [DEBUG] HttpClient - Operating system name:
Windows XP
2007/12/20 12:13:28:437 EST [DEBUG] HttpClient - Operating system
architecture: x86
2007/12/20 12:13:28:437 EST [DEBUG] HttpClient - Operating system version:
5.1
2007/12/20 12:13:28:927 EST [DEBUG] HttpClient - IBMJSSE 1.42: IBM JSSE
provider
2007/12/20 12:13:28:927 EST [DEBUG] HttpClient - IBMJCE 1.2: IBMJCE
Provider implements the following: HMAC-SHA1, MD2, MD5, MARS, SHA,
MD2withRSA, MD5withRSA, SHA1withRSA, RSA, SHA1withDSA, RC2, RC4,
Seal)implements the following:
Signature algorithms : SHA1withDSA, SHA1withRSA, MD5withRSA,
MD2withRSA
Cipher algorithms : Blowfish, AES, DES, TripleDES,
PBEWithMD2AndDES,
PBEWithMD2AndTripleDES,
PBEWithMD2AndRC2,
PBEWithMD5AndDES,
PBEWithMD5AndTripleDES,
PBEWithMD5AndRC2, PBEWithSHA1AndDES
PBEWithSHA1AndTripleDES,
PBEWithSHA1AndRC2
PBEWithSHAAnd40BitRC2,
PBEWithSHAAnd128BitRC2
PBEWithSHAAnd40BitRC4,
PBEWithSHAAnd128BitRC4
PBEWithSHAAnd2KeyTripleDES,
PBEWithSHAAnd3KeyTripleDES
Mars, RC2, RC4,
RSA, Seal
Message authentication code (MAC) : HmacSHA1, HmacMD2, HmacMD5
Key agreement algorithm : DiffieHellman
Key (pair) generator : Blowfish, DiffieHellman, DSA, AES,
DES, TripleDES, HmacMD5,
HmacSHA1, Mars, RC2, RC4, RSA, Seal
Message digest : MD2, MD5, SHA-1, SHA-256, SHA-384,
SHA-512
Algorithm parameter generator : DiffieHellman, DSA
Algorithm parameter : Blowfish, DiffieHellman, AES, DES,
TripleDES, DSA, Mars,
PBEwithMD5AndDES, RC2
Key factory : DiffieHellman, DSA, RSA
Secret key factory : Blowfish, AES, DES, TripleDES, Mars,
RC2, RC4, Seal
PKCS5Key, PBKDF1 and
PBKDF2(PKCS5Derived Key).
Certificate : X.509
Secure random : IBMSecureRandom
Key store : JCEKS, PKCS12KS (PKCS12), JKS
2007/12/20 12:13:29:088 EST [DEBUG] HttpClient - IBMJGSSProvider 1.42:
IBMJGSSProvider supports Kerberos V5 Mechanism
2007/12/20 12:13:29:088 EST [DEBUG] HttpClient - IBMCertPath 1.0:
IBMCertPath Provider implements the following:
CertificateFactory : X.509
CertPathValidator : PKIX
CertStore : Collection, LDAP
CertPathBuilder : PKIX
2007/12/20 12:13:29:088 EST [DEBUG] DefaultHttpParams - Set parameter
http.useragent = Jakarta Commons-HttpClient/3.1-rc1
2007/12/20 12:13:29:098 EST [DEBUG] DefaultHttpParams - Set parameter
http.protocol.version = HTTP/1.1
2007/12/20 12:13:29:098 EST [DEBUG] DefaultHttpParams - Set parameter
http.connection-manager.class = class
org.apache.commons.httpclient.SimpleHttpConnectionManager
2007/12/20 12:13:29:098 EST [DEBUG] DefaultHttpParams - Set parameter
http.protocol.cookie-policy = default
2007/12/20 12:13:29:098 EST [DEBUG] DefaultHttpParams - Set parameter
http.protocol.element-charset = US-ASCII
2007/12/20 12:13:29:098 EST [DEBUG] DefaultHttpParams - Set parameter
http.protocol.content-charset = ISO-8859-1
2007/12/20 12:13:29:098 EST [DEBUG] DefaultHttpParams - Set parameter
http.method.retry-handler =
org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@2e4b14cb
2007/12/20 12:13:29:098 EST [DEBUG] DefaultHttpParams - Set parameter
http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz, EEEE, dd-MMM-yy
HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy HH:mm:ss z, EEE,
dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE dd-MMM-yyyy
HH:mm:ss z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy HH-mm-ss z, EEE
dd-MMM-yy HH:mm:ss z, EEE dd MMM yy HH:mm:ss z, EEE,dd-MMM-yy HH:mm:ss z,
EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy HH:mm:ss z]
2007/12/20 12:13:29:148 EST [DEBUG] HttpConnection - Open connection to
eservices2.wsib.on.ca:443
2007/12/20 12:13:31:351 EST [DEBUG] header - >> "POST
/b2bf7/Authentication?UserId=userid&Password=password HTTP/1.1[\r][\n]"
2007/12/20 12:13:31:351 EST [DEBUG] HttpMethodBase - Adding Host request
header
2007/12/20 12:13:31:371 EST [DEBUG] header - >> "User-Agent: Jakarta
Commons-HttpClient/3.1-rc1[\r][\n]"
2007/12/20 12:13:31:371 EST [DEBUG] header - >> "Host:
eservices2.wsib.on.ca[\r][\n]"
2007/12/20 12:13:31:371 EST [DEBUG] header - >> "Content-Length:
0[\r][\n]"
2007/12/20 12:13:31:371 EST [DEBUG] header - >> "[\r][\n]"
2007/12/20 12:13:31:371 EST [DEBUG] EntityEnclosingMethod - Request body
has not been specified
2007/12/20 12:13:31:511 EST [DEBUG] header - << "HTTP/1.0 301 Moved
Permanently[\r][\n]"
2007/12/20 12:13:31:511 EST [DEBUG] header - << "Location:
https://eservices2.wsib.on.ca/error-UAT.htm[\r][\n]"
2007/12/20 12:13:31:511 EST [DEBUG] header - << "Content-Length:
0[\r][\n]"
2007/12/20 12:13:31:511 EST [DEBUG] header - << "Connection:
close[\r][\n]"
2007/12/20 12:13:31:511 EST [DEBUG] HttpMethodDirector - Redirect required
2007/12/20 12:13:31:521 EST [DEBUG] HttpMethodBase - Should close
connection in response to directive: close
redirectLocation = https://eservices2.wsib.on.ca/error-UAT.htm
2007/12/20 12:13:31:521 EST [DEBUG] HttpConnection - Releasing connection
back to connection manager.
2007/12/20 12:13:31:521 EST [DEBUG] HttpConnection - Open connection to
eservices2.wsib.on.ca:443
2007/12/20 12:13:31:521 EST [DEBUG] header - >> "POST /error-UAT.htm
HTTP/1.1[\r][\n]"
2007/12/20 12:13:31:521 EST [DEBUG] HttpMethodBase - Adding Host request
header
2007/12/20 12:13:31:521 EST [DEBUG] header - >> "User-Agent: Jakarta
Commons-HttpClient/3.1-rc1[\r][\n]"
2007/12/20 12:13:31:521 EST [DEBUG] header - >> "Host:
eservices2.wsib.on.ca[\r][\n]"
2007/12/20 12:13:31:521 EST [DEBUG] header - >> "Content-Length:
0[\r][\n]"
2007/12/20 12:13:31:521 EST [DEBUG] header - >> "[\r][\n]"
2007/12/20 12:13:31:521 EST [DEBUG] EntityEnclosingMethod - Request body
has not been specified
2007/12/20 12:13:31:561 EST [DEBUG] header - << "HTTP/1.0 301 Moved
Permanently[\r][\n]"
2007/12/20 12:13:31:571 EST [DEBUG] header - << "Location:
https://eservices2.wsib.on.ca/error-UAT.htm[\r][\n]"
2007/12/20 12:13:31:571 EST [DEBUG] header - << "Content-Length:
0[\r][\n]"
2007/12/20 12:13:31:571 EST [DEBUG] header - << "Connection:
close[\r][\n]"
2007/12/20 12:13:31:571 EST [DEBUG] HttpMethodDirector - Redirect required
2007/12/20 12:13:31:571 EST [DEBUG] HttpMethodBase - Buffering response
body
2007/12/20 12:13:31:571 EST [DEBUG] HttpMethodBase - Should close
connection in response to directive: close
2007/12/20 12:13:31:571 EST [DEBUG] HttpConnection - Releasing connection
back to connection manager.
2007/12/20 12:13:31:571 EST [DEBUG] HttpMethodBase - Default charset used:
ISO-8859-1
Login form post:
Thanks.
Jacky Liu
Specialist, MiddleWare Development
Enterprise Integration & Middleware Services
Business Technology Services
Workplace Safety & Insurance Board of Ontario (WSIB)
Tel:(416)344-4732
Email: Jacky_Liu@wsib.on.ca
*********************************************************************
The information in this e-mail is intended solely for the addressee(s)
named, and is confidential. Any other distribution, disclosure or
copying is strictly prohibited. If you have received this communication
in error, please reply by e-mail to the sender and delete or destroy all
copies of this message.
Les renseignements contenus dans le pr'esent message 'electronique sont
confidentiels et concernent exclusivement le(s) destinataire(s)
'esign'e(s). Il est strictement interdit de distribuer ou de copier ce
message. Si vous avez recu ce message par erreur, veuillez r'epondre
par courriel `a l'exp'editeur et effacer ou d'etruire toutes les copies du
pr'esent message..
Re: redirect website problem (urgent)
Posted by Roland Weber <os...@dubioso.net>.
Hello Jacky,
I've never heard of urgent redirects. HTTP handles
all redirects the same, there are no priorities.
See also this interesting document:
http://www.catb.org/~esr/faqs/smart-questions.html#urgent
Your sample code is sending a POST request without a
message body. That is invalid HTTP. The server responds
with status code 301 indicating a redirect. That is
invalid behavior of the server, it should have rejected
the request with status code 400.
If you don't want to send a message entity, then
don't use a POST request. If you have to use a
POST request, then don't put the parameters into
the query URL. Put them into the message body.
By the way, I would never trust a server that expects
a plain text password in a URL. It is bad style at
the very least. Many HTTP servers log the requested
URI, so they would have the password in the logfile.
cheers,
Roland
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org