1

I am using the default API in Eclipse to connect to a server over HTTPS. I have the chained certs installed in my keystore. However, Windows does not like it and throws up a certificate chaining error. On Ubuntu, it actually works fine!

Now, on Windows I have a "hack" that I saw on here that basically creates a TrustManager which enables all certs. For the time being, this is fine. I'll have to come back to it later, but, my current problem is that my code connects to the server, authenticates using uc.setRequestProperty("Authorization", "Basic " + encodedLogin); but returns back the HTML code for my form, which I actually thought I was logging into in the first place. Without that line, I get a 403.

When I went to the site in the browser, a login box popped up. When I logged in, it logged me in no problems. When I clicked Cancel and dismissed the login box, it took me to the exact HTML form that my code is returning. So either I need to somehow login to this popup box, or I need to authenticate a second time to log into the web form. I hope thats a clear enough explanation.

My ultimate goal is obviously to login and return an auth object back to my code for doing further communications with the site. I'm just stuck at this little niggly part for days! Any help is greatly appreciated!!

I have attached my code, plus the code of the HTML form.

Thanks.

My Code:

try
{
    String login = "MyUser:MyPass";
    byte[] encodedLogin = new Base64().encode(login.getBytes());

    StringBuilder parsedContentFromUrl = new StringBuilder();
    HttpsURLConnection uc = (HttpsURLConnection) webURL.openConnection();

    //uc.setRequestProperty("Proxy-Authorization", "Basic " + encodedLogin);
    uc.setRequestProperty("Authorization", "Basic " + encodedLogin);
    //uc.addRequestProperty("User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)");
    uc.connect();

    //uc.getInputStream();

    BufferedInputStream in = new BufferedInputStream(uc.getInputStream());
    //System.out.println(uc.getRequestProperty("WWW-Authenticate"));

    int ch;
    while ((ch = in.read()) != -1) {
       parsedContentFromUrl.append((char) ch);
    }
    System.out.println(parsedContentFromUrl);
}
catch (IOException e)
{
    System.out.println("IOException::"+e.getMessage());
    e.printStackTrace();
}

HTML Web form

<FORM METHOD=POST ACTION="/mylogin.form">
<FONT SIZE="+2">
<TABLE BORDER="0" WIDTH="400">
<TR>
<TD ALIGN="LEFT"><UL><LI>Username</LI></UL></TD>
<TD><INPUT NAME="username" SIZE="15"></TD>
</TR>
<TR>
<TD ALIGN="LEFT"><UL><LI>Password</LI></UL></TD>
<TD><INPUT TYPE="PASSWORD" NAME="password" SIZE="15"></TD>
</TR>
</TABLE>
</FONT>

<INPUT TYPE="HIDDEN" NAME="login-form-type" VALUE="pwd">

<BR><INPUT TYPE="SUBMIT" VALUE="Login">
</FORM>
Improve this question
2
  • A certification chain is the chain from a valid certification authority down to a specific instance below it. E.g. Verisign, who signs CompanyZ certificate, who signs SectionB certificate, who signs your certificate. So, any standard-compliant application will let you be aware of repudiation because of this. Commented Feb 14, 2012 at 18:49
  • Thanks for the comment, but my code works on Ubuntu. That part of my question is a Windows keytool/keystore issue, as far as I know. I'll probably have a look back at it next week. Commented Feb 14, 2012 at 18:52

1 Answer 1

Reset to default
2

HTTP authorization is not the same thing as logging into a web form.

You've got HTTP authorization working (i.e., fixed the 403 error) so you are being given the page you requested, which is a login page. The HTML shows you that in order to log into the form, you need to perform a POST on the /mylogin.form URL. Currently you are doing a GET on the URL for the login page.

It is unusual for a server to have two distinct authentication processes in parallel. The server might be misconfigured.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

FYI, this was correct. The server required 2 seperate logins with the same details. On a browser, you can just log in once and it forwards it on. Not sure how to do this in my program though, so I just did it twice, the second time with the form POST.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.