How to be sure of the accuracy of HttpClient response? - java

Please tell me what is the better trick to be sure of a HttpClient response, for example, if we do a login through HttpClient and we need to tell the user of success or failure of his login operation.
Thank you in advance!
PS.: I don't need just to know response Http Status, I need to be sure that I am in the right page after response, example : login.php ==> home.php, if I post my request to login.php, how can I be sure that I am now in hom.php (login success) or I always stay in login.php (login failed)

HttpClient.execute() is going to return a HttpResponse
HttpResponse.getStatusLine().getStatusCode() will give you the HTTP response code as an int.
See:
http://developer.android.com/reference/org/apache/http/client/HttpClient.html
http://developer.android.com/reference/org/apache/http/HttpResponse.html
http://developer.android.com/reference/org/apache/http/StatusLine.html
Edit to add from comments below:
You're not using a web browser. The only way you're going to be "on another page" is if you received a 302 redirect and then sent a request for the other page. In which case ... you know which page you have.
If the PHP login script is utterly broken and just returns two different pages depending on whether you logged in or not, you're on your own. Parse the response and hope for the best. More than likely there's going to be a cookie or custom header in the response if that's the case, and you're going to have to look for it.

Related

java httpServer Post request work

I'm start learning java programming, and I want make a simple server application. I read about com.sun.net.httpserver.HttpServer and find a good example on this link: https://github.com/imetaxas/score-board-httpserver-corejava.
I understand how to do Get-request in url, but I don't know how POST works. I think it must be sent a form or data on the server.
I attach the link of project, which I'm learning, in readme the author wrote http://localhost:8081/2/score?sessionkey=UICSNDK - it's not working...
I wrote in url and get sessionkey: "localhost:8081/4711/login --> UICSNDK"
I wrote in url this for Post request: "localhost:8081/2/score?sessionkey=UICSNDK" - not working and in chrome return 404 bad request
3.wrote in url this:"localhost:8081/2/highscorelist"
Please help me, I am beginner.
The difference between GET and POST is that with a GET request the data you wish to pass to the endpoint is done by modifying the url itself by adding parameters to it.
With a POST any data you wish to send to the endpoint must be in the body of the request.
The body of a request is arbitrary data that comes after a blank line in the header The reqiest has the request line, following by any number of header attributes, then a blank line.
The server would need to know what the format of the body of the request was and parse it as appropriate.
Of course 'modern' frameworks like jax-rs allow you to automatically convert request data to objects, so that it is much simpler.

User authentication response

I have an user authentication API which returns an object containing some data including status code, for ex. 200.Even if the credentials are incorrect i am sending 200 status message but the response object's status field has status 401 and message "Incorrect Credentials".So my question is, which response is proper?The one where even when the credentials are incorrect i am sending 200 status message and then inside the response object i have to check again for whether the credentials were correct or not or second where if the credentials are incorrect i am sending status 401 along with the response object?
I think it's better to return it in the HTTP header. In this way the client can know that an error has ocurred in an easier way. In the end it is more straightforward.
Preferable way is propably to return the http status and code in the header. This way the user can use native methods to react to the responses. In case there is a unexpected error in your service and you cannot form a pretty response object out of it, the user is still able to handle it since the response will have the proper HTTP status code. If the user always expects your API to return an object, he/she is in trouble in that situation. Of course, you could tell them to take that into account, but then the user would have to implement additional logic to handle two kind of responses.
But:
You could do something like I did: Let the user choose!
I put a variable in the url that tells the service whether to return the http response with proper codes or not.
The url looks something like this:
/some_path/{real_http_code}/some_path_or_data
Where the {real_http_code} is a true/false -text. If it's true, our service knows to return the response with the proper HTTP status code. If false, service will always return 200 OK -response, and the user has to check the response if something went wrong.
So, the url could look something like this:
/some_path/true/some_path_or_data
Ups and downs:
+Gives the user the freedom to choose
-Additional logic must be implemented into the service

Java - send HTTP POST request without downloading all the content

Is it possible to send HTTP POST request to a webserver and retrieve just headers of response or read just few bytes of the body, so the rest won't be downloaded at all (so it won't consume traffic)? If yes, how?
I know that there is a HEAD method for this, but I need to achieve it by POST method .. well, I am not sure if I need the POST method, I just need to post the data. Maybe if the webserver isn't secured well enough (it doesn't check what method it's used - it's just directly access the post data), is it possible to send "post data" by HEAD request?
There is no built-in HTTP mechanism for this, and HTTP HEAD requests do not allow content in the body. If however you are the one writing the server code then anything is possible.
If this is the case, I would suggest a URL parameter that triggers this behavior. For example:
POST /myURL - This would return the whole response
POST /myURL?body=minimal - Returns the reduced size response that you are looking for.
And you would have to code your server method to construct and return the appropriate response based on the URL parameter.

Simple Android authentication and requests after it

I'm implementing an android app and I'm having trouble understanding how I can implement a login feature (very simple, no encryption needed) and how it works after the user logs in
So, the first thing to do is make a Request, I send the login, and password,with an http POST method probably?
and the server replies with a token of some sort, correct?
Then I save that token, and what happens next? I have a bunch of pages I need to make GET requests on, but I also need to send the token someway, right?
How exactly can I make that?
thank you
You pretty much have it summed up I guess. Let the app send the credentials with a POST, the server checks if they are okay, then sends back a token (some random String maybe). When you make the GET requests after login, send the token with a custom HTTP header and let the server check it. The server has a list of valid tokens and checks if the received token is valid. If not, it responds with an error message, else it does what it's supposed to do.
That's all very basic and not at all secure of course.
Edit: The GET request could be done like this:
HttpClient client = new DefaultHttpClient();
HttpGet get = new HttpGet("someUrl.com/rest");
get.setHeader("Authorization", "someTokenYouCreated");
HttpResponse response = client.execute(get);
You'll find lot's of examples about calling a REST method. You'll have to look up how to handle that header on the server side, but that can't be too difficult either.

Does HTTP Forward request preserve the referer in the header?

I have a Java HttpServlet which uses the forward command from RequestDispatcher to send the user somewhere else sometimes. Does the HTTP Referer Header get preserved from the original request on forward? (I believe with redirect it doesnt).
My feeling is that it is preserved since I think the client never knows about the forward.
Yes, it does, a forward inside the same server is just giving someone else the option to handle the request and the request and response objects usually go unchanged (unless you build a filter that changes these objects).

Categories

Resources