I'm trying to authenticate myself to a website that uses form-based authentication (e.g., facebook.com) using the Apache HttpClient Java library.
Using this website's program as a main example: http://www.elitejavacoder.com/2013/10/http-client-form-based-authentication.html, I was able to do it - but there are a few things that I'm not understanding about this program. Here is the code:
package com.elitejavacoder.http.client;
import java.util.ArrayList;
import java.util.List;
import org.apache.http.HttpEntity;
import org.apache.http.HttpHost;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.params.ClientPNames;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
public class HttpClientFormAuthentication {
public static void main(String[] agrs) {
String host = "yourhostname.com";
int port = 8080;
String protocol = "http";
DefaultHttpClient client = new DefaultHttpClient();
try {
HttpHost httpHost = new HttpHost(host, port, protocol);
client.getParams().setParameter(ClientPNames.DEFAULT_HOST, httpHost);
HttpGet securedResource = new HttpGet("/secured/index.jsp");
HttpResponse httpResponse = client.execute(securedResource);
HttpEntity responseEntity = httpResponse.getEntity();
String strResponse = EntityUtils.toString(responseEntity);
int statusCode = httpResponse.getStatusLine().getStatusCode();
EntityUtils.consume(responseEntity);
System.out.println("Http status code for Unauthenticated Request: " + statusCode);// Statue code should be 200
System.out.println("Response for Unauthenticated Request: \n" + strResponse); // Should be login page
System.out.println("================================================================\n");
HttpPost authpost = new HttpPost("/j_security_check");
List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>();
nameValuePairs.add(new BasicNameValuePair("j_username", "yourusername"));
nameValuePairs.add(new BasicNameValuePair("j_password", "yourpassword"));
authpost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
httpResponse = client.execute(authpost);
responseEntity = httpResponse.getEntity();
strResponse = EntityUtils.toString(responseEntity);
statusCode = httpResponse.getStatusLine().getStatusCode();
EntityUtils.consume(responseEntity);
System.out.println("Http status code for Authenticattion Request: " + statusCode);// Status code should be 302
System.out.println("Response for Authenticattion Request: \n" + strResponse); // Should be blank string
System.out.println("================================================================\n");
httpResponse = client.execute(securedResource);
responseEntity = httpResponse.getEntity();
strResponse = EntityUtils.toString(responseEntity);
statusCode = httpResponse.getStatusLine().getStatusCode();
EntityUtils.consume(responseEntity);
System.out.println("Http status code for Authenticated Request: " + statusCode);// Status code should be 200
System.out.println("Response for Authenticated Request: \n" + strResponse);// Should be actual page
System.out.println("================================================================\n");
}
catch (Exception ex) {
ex.printStackTrace();
}
}
}
I have the following questions (the line numbers I'm going to refer to are in the context of the link that I provided above, since StackOverflow doesn't allow to include line numbers):
What exactly is "/j_security_check" (line 41)? And how did the author knew that he had to use "j_security_check" instead of the name of the secured resource?
How come that the string "strResponse = EntityUtils.toString(responseEntity);" (line 49), which is two lines after "httpResponse = client.execute(authpost);" (line 47), is different from the string "strResponse = EntityUtils.toString(responseEntity);" (line 59), which is two lines after "httpResponse = client.execute(securedResource);" (line 57)?
Basically, what changes happen to "client" between lines 47 and 57?
Thank you