I was happy to access SharePoint using PowerShell. It just picked -DefaultCredential and I didn't have to worry about that. That was for prototyping.
But my actual code is Java. Now I am not sure about this at all.
Even though I make REST calls, even SOAP would fail if I don't authenticate properly.
Method 1 : NTLM
Here the only thing I am not sure about is the workstation ID. I login using Citrix to a VM and there is an explicit Workstation ID. I use that.
Returns 401.
DefaultHttpClient client = new DefaultHttpClient();
HttpGet request = new HttpGet("http://teams.host.com/_vti_bin/listdata.svc/");
NTCredentials credentials = new NTCredentials("user", 'pass', "workstation", "Domain");
client.getCredentialsProvider().setCredentials(new AuthScope("teams.host.com",80), credentials);
HttpResponse response = client.execute(request);
Method 2 : Basic authentication.
HttpGet request = new HttpGet("http://teams.host.com/_vti_bin/listdata.svc/");
CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY,
new UsernamePasswordCredentials("user", "password"));
CloseableHttpClient httpClient =
HttpClientBuilder.create().setDefaultCredentialsProvider(credentialsProvider).build();
HttpResponse response = httpClient.execute(request);
Returns 401.
What other method do I use ? Digest ? Since I don't know how -DefaultCredential in PowerShell worked I am back to the drawing board.
How should I investigate this ? I must be making some basic mistakes in this Java code. The flow is not right. That is my supposition.
So from Apache HttpClient this is the code that connects to SharePoint 2010. The workstation ID is the one used when I use Citrix XenDesktop to login to a Windows machine. I am able to get the result of my REST Get request.
This uses NTLM authentication.
DefaultHttpClient client = new DefaultHttpClient();
HttpGet request = new HttpGet("http://teams.host.com/_vti_bin/listdata.svc/");
NTCredentials credentials = new NTCredentials("user", 'pass', "workstation", "Domain");
client.getCredentialsProvider().setCredentials(new AuthScope("teams.host.com",80), credentials);
HttpResponse response = client.execute(request);
Related
I have a very basic java webservice call...
public static String contactWebservice(){
DefaultHttpClient httpclient = new DefaultHttpClient();
HttpHost target = new HttpHost(“www.someurl.com”, 443, "https");
HttpGet getRequest = new HttpGet("PARAMETERS FOR WEBSERVICE");
HttpResponse httpResponse = httpclient.execute(target, getRequest);
…more code...
I need to turn this into a SSL call without a cert. Much like a browser contacts an ssl secured webpage and gets data back without having a cert. I've tried many different methods but nothing has worked so far. I keep getting "peer not authenticated" errors.
I'm building a Java application to extract files from Sharepoint using Sharepoint's REST api. First I need to authenticate, our organisation uses OKTA to obtain a token.
The example code I'm using is:
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(AuthScope.ANY,
new NTCredentials(user, pwd, "", ""));
HttpHost target = new HttpHost("organisation.sharepoint.com", 80, "http");
HttpClientContext context = HttpClientContext.create();
context.setCredentialsProvider(credsProvider);
// The authentication is NTLM.
// To trigger it, we send a minimal http request
HttpHead request1 = new HttpHead("/");
CloseableHttpResponse response1 = null;
try {
response1 = httpclient.execute(target, request1, context);
EntityUtils.consume(response1.getEntity());
System.out.println("1 : " + response1.getStatusLine().getStatusCode());
I need to modify the NTLM code to use Okta instead to make the call to Sharepoint with context set.
Any help appreciated!
Unfortunately, this is not achievable at the moment. This feature has been requested and will be reviewed by engineering. However, it is not actively being worked on as of right now.
I've just upgraded to org.apache.httpcomponents.httpclient 4.3. Previously I created a client and did pre-emptive authentication like this:
final HttpClient client = new DefaultHttpClient();
final HttpRequestBase request = new HttpGet(url);
request.addHeader(BasicScheme.authenticate( new UsernamePasswordCredentials(username,password), "UTF-8", false));
Now that this is deprecated I have to create a client and authenticate like this:
HttpClientBuilder clientBuilder = HttpClientBuilder.create();
final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username, password));
clientBuilder = clientBuilder.setDefaultCredentialsProvider(credentialsProvider);
However instead of authenticating and making a successful GET I get a 302 in response. I think this could be fixed by setting pre-emptive authentication, but I can't find how. Maybe I have authentication in this second example all wrong?
Can I get some pointers, please?
It's not clear whether this is actually a real problem.
HTTP 302 is a redirection. You need to follow the redirect.
I have a protected resource which requires me to login. Im using the commons client with the following code block.
HttpClient httpClient = new HttpClient();
httpClient.getParams().setParameter("http.protocol.cookie-policy", CookiePolicy.BROWSER_COMPATIBILITY);
httpClient.getParams().setParameter("http.protocol.single-cookie-header", Boolean.TRUE);
PostMethod postMethod = new PostMethod("/admin/adminlogon.do");
postMethod.setRequestEntity(new StringRequestEntity("action=logon&adminUser=admin&adminPassword=password",
"application/x-www-form-urlencoded",
"UTF-8"));
postMethod.addParameter("action","logon");
postMethod.addParameter("adminUser","admin");
postMethod.addParameter("adminPassword","password");
httpClient.executeMethod(postMethod);
String response2 = postMethod.getResponseBodyAsString();
Above is where I basically login. This works fine im getting a nice little JSESSIONID cookie back.
GetMethod get = new GetMethod("/admin/api.do?action=getSomeJson");
httpClient.executeMethod(get);
When I check the logic on the sever the for the 2nd request I notice that we are using a different JSESSIONID. Therefore the get seems to fail to log in. I was under the impression the httpClient managed the cookies and sent the same cookie back. When I log into my app normally through the UI I see the same cookie in each request just not in the this test code.
String s = get.getResponseBodyAsString();
get.releaseConnection();
Do I need to do something with the httpClient to ensure it uses the same cookies from the first post request when it does its get request??
Thanks in advance.
Your assumption regarding HTTP client cookie behavior is correct.
In your case your not use the same httpClient instance. To fix it you need to allocate the httpClient only once (in PostConstructor):
httpClient = new DefaultHttpClient(); // or new HttpClient();
Then, you perform your calls using the same instance of the client. The client will take a cookie from a response, will store it in the cookieStore and will send it with the next request.
[Added after the comment]
The following code works for me:
httpClient = new DefaultHttpClient();
// Create a local instance of cookie store
cookieStore = new BasicCookieStore();
// Set the store
httpClient.setCookieStore(cookieStore);
I want to set the HTTP Request header "Authorization" when sending a POST request to a server.
How do I do it in Java? Does HttpClient have any support for it?
http://www.w3.org/Protocols/HTTP/HTRQ_Headers.html#z9
The server requires me to set some specific value for the authorization field:
of the form ID:signature which they will then use to authenticate the request.
Thanks
Ajay
Below is the example for setting request headers
HttpPost post = new HttpPost("someurl");
post.addHeader(key1, value1));
post.addHeader(key2, value2));
Here is the code for a Basic Access Authentication:
HttpPost request = new HttpPost("http://example.com/auth");
request.addHeader("Authorization", "Basic ThisIsJustAnExample");
And then just an example of how to execute it:
HttpParams httpParams = new BasicHttpParams();
HttpProtocolParams.setVersion(httpParams, HttpVersion.HTTP_1_1);
HttpConnectionParams.setConnectionTimeout(httpParams, 3000);
HttpClient httpclient = null;
httpclient = new DefaultHttpClient(httpParams);
HttpResponse response = httpclient.execute(request);
Log.d("Log------------", "Status Code: " + response.getStatusLine().getStatusCode());
This question is "answered" here:
Http Basic Authentication in Java using HttpClient?
There are many ways to do this. It was frustrating for me to try to find the answer. I found that the best was the Apache docs for HttpClient.
Note: answers will change over time as the libraries used will have deprecated methods.
http://hc.apache.org/httpcomponents-client-4.5.x/tutorial/html/authentication.html