Tomcat and Form Based Authorization
Brian C. Levay
4.0.4. It works perfect using the browser interface, but now I need to
access it via a java application from the command line.
I've tried using Jason Hunter's HttpMessage class, like so:
URL url = new URL(http://localhost:8080/vc/servlet/Test);
HttpMessage message = new HttpMessage(url);
message.setAuthorization("brian", "password");
URLConnection con = message.sendPostMessage(props); // With props being
the query data
... // Read the response
And the page returned is always the login form page. What do I have to do
to get Tomcat to recognize the user authorization?
--Brian
Brian C. Levay
Make the request to the resource in which the login page will be returned.
Parse out the jsessionid. Make a POST request to the resource but this time
to a URL like this:
http://localhost/vic/j_security_check;jsessionid=" + jsessionId +
"?j_username=" + name + "&j_password=" + pass
If successful your client will now be authenticated and you can make any
type
of request to the resource you just have to make sure the jsessionid is
passed
with each request:
http://localhost/vc/servlet/VC;jsessionid=" + jsessionId + "?action=getUser"
--Brian
"Brian C. Levay" <bcl...@att.net> wrote in message
news:uq4qmcp...@corp.supernews.com...
Stephen Ostermiller
the username and password directly to the HTTPURLConnection. See:
http://ostermiller.org/utils/Base64.html
It has an example.
Stephen
Sebastiano Pilla
I don't know the specifics of this HttpMessage class, but it seems like
the setAuthorization call would be used for basic authentication, not
for form based authentication as you have. You could try accessing the
protected URL passing as parameters the username and password. For
example, the complete URL to your servlet above would be:
http://localhost:8080/vc/servlet/Test?j_username=AAA&j_password=BBB
Sebastiano Pilla