I am attempting to log into a website using Java's HttpURLConnection. I have figured out how to use a POST request to post to the website and log in, but I have no way of knowing if the login was successful or not.
Looking at some tutorials, I discerned that reloading the page usually works. The problem with this specific implementation is that upon entering credentials, the website opens a pop up window, with the same URL as the parent site.
This can be solved either of two ways. Looking at Chrome's Developer Tools, I realized that the POST request returns whether the login was successful, as seen here
Is it possible to get the popup window or look for the response to the POST request? I'd rather use native java is possible.
Reload will work, if you'll keep the same HTTP session. Actually the website cannot open an popup - the web browser does it according to the login response. You should do the same - that is to check the response. Luckily you don't have to parse the response content, try to check the response code. For login the HTTP 200 may stand for successful login and HTTP 401 for failure.
Related
Currently, I am testing an application that has a sign-in form and after successful authorization, sign-in should redirect the user to a custom URL that contains a code, for now, that URL is localhost. After redirect on GUI less, I see that redirect link on chromium, and second, after redirect, I get this kind of error:
chrome-error://chromewebdata/
Basically, it says that chrome could not connect to that specific URL. is there an option to allow Playwright to connect on redirected localhost URL? Without any proxy or some kind of other things that are being used. So far I haven't found any helpful information about this topic when the user gets redirected to an HTTP page instead of HTTPS.
I hope that there is a solution to my issue.
I've been trying to figure this out for a while now. So im working on an app where the user enters a username and password and i send the form to the server using a POST request. After that point, when i try to click on a link, the server does not recogize that i am logged in. So i researched about this and learned that it has to do with handling session cookies. From what i understand, i have to get the cookie from the Set-Header header that the server gives me, and use that cookie in all subsequent POST requests by adding it to a Cookie request header. I did exactly that in my app and the server still does not recognize that i am logged in. Am i missing a step here? To add to this, i have tried testing this on a chrome plugin, "POSTMAN", where i do the initial post with the username and password, get the correct response and a cookie, then when i do the second post with the cookie as the header, i still get the message that i am not logged in. The only time that i can get a successful response from the second POST is when i do the initial log in through the actual website on chrome, then the second POST using the plugin. Then i get the correct response and the server recognizes that i am logged in. But obviously that is no help since it has nothing to do with the app, just the browser and the plugin. So why is this? How different is logging in through chrome than through the plugin or the app? Anyways, please help me out here and let me know if you want to see any of the code. All i want to know is if im missing a step in handling and sending the session cookie, because thats what it seems like. Thanks.
If you are using ajax/ jquery to pass the data into server, try to alert if your success function has a result.
or try to use GET instead of POST.
I am writing a program to scrape the source code off a website. Each time the next button is clicked to go to the next page on the website a post request it sent.
I have been looking at using httpclient to take care of this issue, and have looked through examples and the httpclient API, but I cant seem to figure out whether httpclient can do this. Is this a function of httpclient, and if so what class would go about doing this?
I think that you're saying the webpage you're performing an http get on contains a "next button" on it, and that when you view the webpage in the browser and click the next button, the next page of the website is displayed.
If this is the case, yes, http client is able to do the same thing. But understand that http client does not integrate with your web browser. But you could scour the source code returned from the http get request using a library like jsoup to extract the url for the "next" page on the website, and then issue another http get to get that resource.
Assuming you already have the code for http client to issue the initial http get request, there is no additional api that is required. You just make another request after your program discovers the url for the "next" resource.
I have a java class which attempts to autologin to a website. The status code shows 200 OK and i read the 200OK is for successful HTTP requests and In a POST request that I use,the response will contain an entity describing or containing the result of the action.
But the response i get is still the html of the sigin page not the logged in page. This tells me that im not successfully logged in. What are the possibilites for this to go wrong?
Do you store the cookies you receive after submitting the login form?
Do you provide these cookies in your next requests?
Are you sure that the login page does not send you a redirect to a certain 'confirmation' URL? And if it does, do you follow it?
Open Firefox, install LiveHTTPHeaders extension, record the login process inside the browser, make sure you can correctly replay it.
I have a java web application running on WebSphere 7. The application uses form authentication method and part of the application accesses some protected resources using ajax requests. However, when the user's session expires, I am getting the login page in place of the content that is supposed to be refreshed by the ajax request.
Is there a good way to handle this problem? WebSphere returns a response status 200 with the login page so I cannot rely on that.
Maybe there is a way to tell the server that basic authentication should be used in certain circumstances but I don't know how.
I also thought of checking first if the session is new by making a request to unprotected resources first then return a certain status but it looks like a code smell solution...
This is how I handled it in a similar situation. In our case, the AJAX response is always JSON. When the login expires, the authentication filter always sends a login form in HTML. So I check the content-type like this,
if ((this.getHeader('Content-type') || '').include('application/json'))
If it's not JSON, I simply redirect to another protected page, which will trigger a full screen login and then that page will direct user back to the AJAX page.
You can send back some unique response or some error code(make sure you wont get this error code as valid response in any case) when the user session is not there to the Ajax call from WebSphere. And in the Ajax call method, on process response, check whether its error code.If its error code, redirect him to login page or do what ever and other case will be the valid data.