HttpClient 4.2, Basic Authentication, and AuthScope

Asked 1/6, 2012 at 12:18 Answered 19/2, 2015 at 7:34

Solved java httpclient apache-httpclient-4.x apache-commons-httpclient

I have an application connecting to sites that require basic authentication. The sites are provided at run time and not known at compile time.

I am using HttpClient 4.2.

I am not sure if the code below is how I am supposed to specify basic authentication, but the documentation would suggest it is. However, I don't know what to pass in the constructor of AuthScope. I had thought that a null parameter meant that the credentials supplied should be used for all URLs, but it throws a NullPointerException, so clearly I am wrong.

m_client = new DefaultHttpClient();
UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(m_userName, m_password);
((DefaultHttpClient)m_client).getCredentialsProvider().setCredentials(new AuthScope((HttpHost)null), credentials);

Colpin answered 1/6, 2012 at 12:18 Comment(1)

client.getCredentialsProvider(). setCredentials( new AuthScope(proxyHost, proxyPort), new UsernamePasswordCredentials( proxyUser, proxyPassword)); This is correct way – Gardiner 10/10, 2014 at 8:32

AuthScope.ANY is what you're after: http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/auth/AuthScope.html

Try this:

    final HttpClient client = new HttpClient();
    client.getParams().setAuthenticationPreemptive(true);
    client.getState().setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(user.getUsername(), user.getPassword()));
    final GetMethod method = new GetMethod(uri);
    client.executeMethod(method);

Pryor answered 1/6, 2012 at 12:22 Comment(3)

Thank you Kieran. I don't have a getState method on the client, but I guess we are just using different versions. I tried AuthScope.ANY as you suggested and it worked - thank you. Can I just ask you one other question - is the setAuthenticationPreemptive(true) necessary/recommended? – Colpin 1/6, 2012 at 12:47

Took me a while to see this comment. The setAuthenticationPreemptive(true) means the crendentials will be sent in the initial request without requiring an attempted request first without credentials and then getting a 401 and then providing them once challenged. – Pryor 2/7, 2012 at 10:16

This methods are not available in HttpClient4.1 – Gardiner 10/10, 2014 at 8:31

From at least version 4.2.3 (I guess after version 3.X), the accepted answer is no longer valid. Instead, do something like:

private HttpClient createClient() {
    HttpParams params = new BasicHttpParams();
    HttpProtocolParams.setContentCharset(params, "UTF-8");

    Credentials credentials = new UsernamePasswordCredentials("user", "password");
    DefaultHttpClient httpclient = new DefaultHttpClient(params);
    httpclient.getCredentialsProvider().setCredentials(AuthScope.ANY, credentials);

    return httpclient;
}

The JavaDoc for AuthScope.ANY says In the future versions of HttpClient the use of this parameter will be discontinued, so use it at your own risk. A better option would be to use one of the constructors defined in AuthScope.

For a discussion on how to make requests preemptive, see:

Preemptive Basic authentication with Apache HttpClient 4

Chardin answered 19/2, 2015 at 7:34 Comment(0)

Recommended topics

Hot tags