how to login for url.openStream?
Pat LaVarre
that I know my username and p*ssw*rd?
I see my url.getUserInfo() is null. Maybe that's a Bad Thing? But
there is no corresponding "set" method - except for a protected method
of the final java.net.URL class?
From sources such as
<http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2068.html#sec-19.6> I
get the idea somewhere somehow I'm supposed to feed in a base-64
string like QWxhZGRpbjpvcGVuIHNlc2FtZQ to mean my user:p*ssw*rd is
"Aladdin: open sesame"?
From <http://java.sun.com/people/linden/faq_d.html#Networking> I knew
to try:
java.util.Properties pr = System.getProperties();
pr.put("proxySet", "true");
pr.put("http.proxyHost", "foo.paranoid.com");
pr.put("http.proxyPort", "80");
I regret to report, for me, this makes no difference.
Still I crash via:
Exception in thread "main" java.io.FileNotFoundException:
http://www.unicode.org/charts/
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
Source)
at java.net.URL.openStream(Unknown Source)
at ...
I find I can fetch anything I've seen recently in IE ... I just can't
fetch anything external and new.
Help?!?! Thanks in advance. Pat LaVarre
P.S. I presume lots of folk languish behind firewalls like the one
that encloses me here? The first time I ask for an external web site
after newly launching IE5, I see:
Enter Network Password
Please type your user name and password.
Firewall: paysme.paranoid.com
Realm Firewall on paysme.paranoid.com
User Name [________]
Password [________]
[ ] Save this password in your password list
[OK] [Cancel]
(I've substituted the string "paysme.paranoid.com" to protect the
guilty.)
Stephen Ostermiller
to passing it to a password protected (basic authentication) website.
It should be very similar to the example here:
http://ostermiller.org/utils/Base64.html
but instead of using "Authorization" you should use
"Proxy-Authorization"
Stephen
Christophe Elek
news:6f77396a.01112...@posting.google.com:
Isn't there a java.net.Authenticator, not sure it works for all URLs but it
works perfect for HTTP URL if you want to connect to , let's say, an Apache
protected directory...
--
Christophe Elek
Eclipse Project
http://www.eclipse.org
Pat LaVarre
> > to passing it to a password protected (basic authentication) website.
>
Ahhh yes, thank you both, by sharing with me the secret search key
"basic authentication" you let Google show me all that now in a wealth
of detail.
> instead of using "Authorization"
> you should use "Proxy-Authorization"
I think I follow - principle of least adequate privilege? Here they
both work - but I see rfc 2616 says a Proxy-Authorization is more
transient than an Authorization, and rfc 2068 includes both in the
"HTTP/1.1" protocol.
> Knowing to search ...
More specifically I've now found:
The suggestion to try
"http://username:pass...@www.unicode.org/charts/" in place of
"http://www.unicode.org/charts/" did NOT work.
Relevant tutorial links include:
<http://www.javaworld.com/javaworld/javatips/jw-javatip42.html>
<http://www.javaworld.com/javaworld/javatips/jw-javatip46.html>
<http://www.javaworld.com/javaworld/javatips/jw-javatip47.html>
These links say, since jdk1.2, we can construct a new
java.net.Authenticator that we setDefault so we can override
getPasswordAuthentication(). I guess that approach avoids issues like
whether the ':' char may appear in a user name or password and avoids
having to bother with base64 encoding.
Back in jdk1.1 time, we're told instead to rewrite:
... is = url.openStream();
as:
String base64 = toBase64("user:password");
... uc = url.openConnection();
uc.setRequestProperty("Proxy-Authorization", "Basic " +
base64);
... is = uc.getInputStream();
I had to compile my own toBase64 routine, working from sources more or
less original than <http://www.ietf.org/rfc/rfc1521.txt> MIME... 5.2
Base64 Content-Transfer-Encoding, September 1993. The closed rfe,
with 5 votes, at <http://developer.java.sun.com/developer/bugParade/bugs/4191686.html>
says that's how Java is.
I had to launch a gui to keep from saving/printing the password: the
open rfe, with 76 votes, at
<http://developer.java.sun.com/developer/bugParade/bugs/4050435.html>
says that's how Java is.
When the user, password, or source code is wrong, jdk1.4.0-beta3
sometimes throws more informative exceptions than does jdk1.3.0. I
saw "java.io.IOException: Server returned HTTP response code: 407 for
URL: ...." rather than a completely cryptic
java.io.FileNotFoundException. The Http rfc 2068 confirms code 407
means "Proxy Authentication Required".
Thanks again. Pat LaVarre
P.S. I'm amused to see I got an ftp java.net.Socket(serverName, 21) to
connect thru the firewall before I connected via http - tunnelling
thru our firewall involves less custom API there.
Pat LaVarre
> > > I had to compile my own toBase64 routine,
> > instead of using "Authorization"
> > you should use "Proxy-Authorization"
> principle of least adequate privilege?
> Here they both work - but I see
> rfc 2616 says a Proxy-Authorization
> is more transient ...
Can I follow this advice even if I use a java.net.Authenticator since
jdk1.2?
How???
> I had to compile my own toBase64 routine,
> The closed rfe, with 5 votes, at ... ugs/4191686.html>
> says that's how Java is.
The open rfe, with 1 vote, at
<http://developer.java.sun.com/developer/bugParade/bugs/4235519.html>
says that's how Java is as yet.
Apparently there are uses for a Base64 codec apart from letting me
choose between "Authorization" and "Proxy-Authorization".