I should get information from a website by DOM (a random value of an hidden input) and execute a post of username and password in my app (a login).
If I use two separated connection the random value change and not log me in.
Someone knows how I can do this in one connection? Help me please!
You should provide your login information in headers, there is a standard way of doing so called HTTP BASIC authentication. Read more about it here:
http://en.wikipedia.org/wiki/Basic_access_authentication
You can follow this SO post to understand how you can send an http request with BAISC authentication header using JAVA:
Http Basic Authentication in Java using HttpClient?
Your request can be authenticated using the mentioned header. And you can send any other information as request parameter. Using this way you need not to send two requests to get the DOM info as your authentication info will be in header.
Related
I am creating a simple API database using an xAgent, Another application is requesting data by sending in a query in the request headers and I process the header and send back the requested data, so far so good.
I now need to add some sort of authentication to this request. but without using Domino authentication. if I use postman and send in a username and password as "basic authentication" that is not correct Domino sends back the following:
nHTTP: user [xxx.xxx.xxx.xxx] authentication failure using internet password
So if I send in username and password in a Basic Authentication request, Domino will try to login the user to Domino. However I do not want to do that.
I want to provide my own username and password that the request must match to get the data. (So if correct username/password is sent in I will send back the data anonymously to the user)
I am guessing that using Authenticated requests feature will somehow make it safer.
Can I set Domino to ignore the authenticated request for my application so that I can handle it in code?
or should I just let the external application send in username and password in the request header as base64?
advice needed
thanks
Thomas
Just use another header (it is YOUR Api), i.e. X-Auth and handle it by yourself.
But keep in mind that this lowers the security if you make a mistake...
I am facing an issue on my project. I have to send a POST request to a vendor's API. But I am getting the response login is required.
The vendor has not exposed the Login API , but has given the login url. It wants us to authenticate on the browser and then send the POST request from our Java code.
Can anyone please help us that if it is possible to this?
I have tried to launch the login url from my Java code. Then I authenticate it. But since I have authenticated in Browser's process so I am not able to send the POST request from my Java code.
Ideally you should make a GET request using the login url (a REST call from the Java code and not via a browser process) which would return you a valid access token or something similar, using which (ideally on the header), you should make the POST request which would allow the vendor's API to authenticate your request.
You would need to provide sample code and what you have tried for me to help you further, but I hope you get the idea.
We have an application in which we want to validate the users using SSO. So in the java filter file we have redirected the URL to SSO url to validate, but I want to capture the response from that url. Is that possible?
Currently I am using HttpResponse.sendredirect("url") this method doesn't return any data.
But the same url when tried using postman gives an html output that includes saml response.
Can anybody please help me with this?
When you send that redirect you don't do a request to that URL. You just add that redirect to the response and then the client will be redirected to that page.
If you want to do a request to that URL then you need a different logic. For example use apache http client or plain java code to do a request to that url and read the response.
Basically the client sending you request and you sending back the response is a different flow than you calling external URL and reading it's response. Unless just redirecting your client will work (but reading from your question I think that's not the case)
Where can I find the basic HTTP authentication credentials (username and password) in the incoming request to my server?
Is it somewhere in the Request object, or is there some other way to get them?
thanks
When a browser sends HTTP Basic authentication info, it basically sends an HTTP Header named Authorization
with a value of
Basic somethinghere.
The part after Basic is really just Base64.encode("${username}:${password}")
Check out this basic description of the procedure.
Here is a SO answer that describes how you can easily obtain the authentication credentials from the HTTP Header.
I'm trying to extract information from an URL using my Java code. But the URL has a pop-up authentication scheme. How would I know the authentication scheme used? I have the credentials for it.
A browser typically shows an authentication "popup" when the server responds to an HTTP request with a "401 Unauthorized" response message. The response header includes a "WWW-Authentication" header which tells you the authentication scheme to use (among other things).
There are various ways to deal with this in a Java application, depending on how you are attempting to fetch the web resource associated with the URL. For instance, if you are using HttpUrlConnection, you can extract the "WWW-Authentication" header, parse it, and extract the authentication scheme.
Normally the authentication is based on HTTP. There are several techniques to use (HTTP basic authentication Kerberos NTLM and so on) Each of this technologies applies additional information into HTTP header. So the authentification is not URL based but HTTP Header based.
Please give us more information about your problem, to help you