Help please trying to do Digest Authentication

[Paul Taylor]

Hi, I am trying to use digest authentication, and it is currently 
failing. I only found one example in a post in the August 2005 Archive, 
and I have tried to modify this but to be honest although I am an 
experienced Java developer , my knowledge of the http protocol is fairly 
basic.

The details I have for the webservice are as follows:
URL:http://test.musicbrainz.org/ws/1/track/";
sent as POST
Authentication:digest
realm:musicbrainz.org
username:testuser100
password:testuser100
(Full details of the webservice can be found from 
here:http://wiki.musicbrainz.org/XMLWebService?highlight=%28xml%29%7C%28schema%29)

The code and the log output are below, I think it is nearly working 
because it does get the 401 code back from MusicBrainz then trys to 
perform digest authentication, but then the MusicBrainz server complains 
that either the username/password are invalid or the credentials have 
been performed incorrectly, and I have doublechecked the username and 
password.

Any help appreciated

paul

import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.Credentials;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.auth.AuthPolicy;
import org.apache.commons.httpclient.auth.AuthScope;

import java.net.HttpURLConnection;
import java.net.URL;
import java.net.MalformedURLException;
import java.io.PrintWriter;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.util.*;

public static void main(String []args) throws Exception
{

   //For debugging

   System.setProperty("org.apache.commons.logging.Log",
   "org.apache.commons.logging.impl.SimpleLog");
   System.setProperty("org.apache.commons.logging.simplelog.showdatetime",
   "true");
   
System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire",
   "debug");
   
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient",
   "debug");

   URL url = new URL("http://test.musicbrainz.org/ws/1/track/";);
   HttpClient httpClient = new HttpClient();
   List authPrefs = new ArrayList(1);
   authPrefs.add(AuthPolicy.DIGEST);
   httpClient.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY,
   authPrefs);
   final String username = "testuser100";
   final String password = "testuser100";
   Credentials credentials = new UsernamePasswordCredentials(username,
   password);
   AuthScope authScope = new AuthScope(url.getHost(),
   url.getPort(),"musicbrainz.org");
   httpClient.getState().setCredentials(authScope, credentials);

   PostMethod postMethod = new PostMethod(url.toExternalForm());
   postMethod.setDoAuthentication(true);
   postMethod.addParameter("client","TestProg1");
   postMethod.addParameter("puid","4d8cad37-054d-4421-855e-60f111cf574a
   B2660da86-081f-eca6-12c7-739b37228326");

   try

   {

       int result = httpClient.executeMethod(postMethod);

       if (result != 200)
       {

           System.out.println("erro handling: " + result +
           postMethod.getStatusText());
           }

   }
   catch (Exception e)
   {

       e.printStackTrace();

   }
   finally
   {

       postMethod.releaseConnection();

   }

}


Output here:
2006/12/19 20:48:46:843 GMT [DEBUG] HttpClient - Java version: 1.5.0
2006/12/19 20:48:46:843 GMT [DEBUG] HttpClient - Java vendor: Sun 
Microsystems Inc.
2006/12/19 20:48:46:843 GMT [DEBUG] HttpClient - Java class path: 
C:\Apps\java\sun\j2sdk1.5.0\jre\lib\charsets.jar;C:\Apps\java\sun\j2sdk1.5.0\jre\lib\deploy.jar;C:\Apps\java\sun\j2sdk1.5.0\jre\lib\javaws.jar;C:\Apps\java\sun\j2sdk1.5.0\jre\lib\jce.jar;C:\Apps\java\sun\j2sdk1.5.0\jre\lib\jsse.jar;C:\Apps\java\sun\j2sdk1.5.0\jre\lib\plugin.jar;C:\Apps\java\sun\j2sdk1.5.0\jre\lib\rt.jar;C:\Apps\java\sun\j2sdk1.5.0\jre\lib\ext\dnsns.jar;C:\Apps\java\sun\j2sdk1.5.0\jre\lib\ext\jdic.jar;C:\Apps\java\sun\j2sdk1.5.0\jre\lib\ext\localedata.jar;C:\Apps\java\sun\j2sdk1.5.0\jre\lib\ext\packager.jar;C:\Apps\java\sun\j2sdk1.5.0\jre\lib\ext\sunjce_provider.jar;C:\Apps\java\sun\j2sdk1.5.0\jre\lib\ext\sunpkcs11.jar;D:\Code\jthink\Jaikoz\classes;D:\Code\jthink\opensrc\jaudiotagger\testclasses;D:\Code\jthink\opensrc\jaudiotagger\classes;D:\Code\jthink\libs\client\xercesImpl.jar;D:\Code\jthink\libs\client\MRJAdapter.jar;D:\Code\jthink\libs\client\quaqua.jar;D:\Code\jthink\libs\client\jtrm.jar;D:\Code\jthink\libs\client\jl1.0.jar;D:\Code\jthink\libs\client\jena.jar;D:\Code\jthink\libs\client\AppleJavaExtensions.jar;D:\Code\jthink\libs\client\musicbrainz.jar;D:\Code\jthink\libs\client\commons-codec-1.2.jar;D:\Code\jthink\libs\client\log4j-1.2.7.jar;D:\Code\jthink\libs\client\icu4j.jar;D:\Code\jthink\libs\client\xml-apis.jar;D:\Code\jthink\libs\client\rdf-api-2001-01-19.jar;D:\Code\jthink\libs\client\xalan.jar;D:\Code\jthink\libs\client\jakarta-oro-2.0.5.jar;D:\Code\jthink\libs\client\antlr.jar;D:\Code\jthink\libs\client\jhall.jar;D:\Code\jthink\libs\client\concurrent.jar;D:\Code\jthink\libs\client\jaxb-api.jar;D:\Code\jthink\libs\client\jaxb-impl.jar;D:\Code\jthink\libs\client\jsr173_1.0_api.jar;D:\Code\jthink\libs\client\activation.jar;C:\JThink\Jaikoz1018\lib\jaikoz.jar;C:\JThink\Jaikoz1018\lib;D:\Code\jthink\conf;D:\Code\jthink\libs\client\looks-2.1.1.jar;D:\Code\jthink\opensrc\commons-httpclient-3.1-beta1\commons-httpclient-3.1-beta1.jar;D:\Code\jthink\opensrc\commons-logging-1.1\commons-logging-1.1.jar;C:\Apps\java\JetBrains\JIdea5\lib\idea_rt.jar 

2006/12/19 20:48:46:875 GMT [DEBUG] HttpClient - Operating system name: 
Windows XP
2006/12/19 20:48:46:875 GMT [DEBUG] HttpClient - Operating system 
architecture: x86
2006/12/19 20:48:46:875 GMT [DEBUG] HttpClient - Operating system 
version: 5.1
2006/12/19 20:48:47:203 GMT [DEBUG] HttpClient - SUN 1.5: SUN (DSA 
key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; 
X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX 
CertPathBuilder; LDAP, Collection CertStores)
2006/12/19 20:48:47:203 GMT [DEBUG] HttpClient - SunRsaSign 1.5: Sun RSA 
signature provider
2006/12/19 20:48:47:203 GMT [DEBUG] HttpClient - SunJSSE 1.5: Sun JSSE 
provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
2006/12/19 20:48:47:203 GMT [DEBUG] HttpClient - SunJCE 1.5: SunJCE 
Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, 
PBE, Diffie-Hellman, HMAC)
2006/12/19 20:48:47:203 GMT [DEBUG] HttpClient - SunJGSS 1.0: Sun 
(Kerberos v5)
2006/12/19 20:48:47:203 GMT [DEBUG] HttpClient - SunSASL 1.5: Sun SASL 
provider(implements client mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL, 
PLAIN, CRAM-MD5; server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5)
2006/12/19 20:48:47:218 GMT [DEBUG] DefaultHttpParams - Set parameter 
http.useragent = Jakarta Commons-HttpClient/3.1-beta1
2006/12/19 20:48:47:218 GMT [DEBUG] DefaultHttpParams - Set parameter 
http.protocol.version = HTTP/1.1
2006/12/19 20:48:47:234 GMT [DEBUG] DefaultHttpParams - Set parameter 
http.connection-manager.class = class 
org.apache.commons.httpclient.SimpleHttpConnectionManager
2006/12/19 20:48:47:234 GMT [DEBUG] DefaultHttpParams - Set parameter 
http.protocol.cookie-policy = default
2006/12/19 20:48:47:234 GMT [DEBUG] DefaultHttpParams - Set parameter 
http.protocol.element-charset = US-ASCII
2006/12/19 20:48:47:234 GMT [DEBUG] DefaultHttpParams - Set parameter 
http.protocol.content-charset = ISO-8859-1
2006/12/19 20:48:47:234 GMT [DEBUG] DefaultHttpParams - Set parameter 
http.method.retry-handler = 
[EMAIL PROTECTED]
2006/12/19 20:48:47:250 GMT [DEBUG] DefaultHttpParams - Set parameter 
http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz, EEEE, 
dd-MMM-yy HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy 
HH:mm:ss z, EEE, dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE 
dd-MMM-yyyy HH:mm:ss z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy 

HH-mm-ss z, EEE dd-MMM-yy HH:mm:ss z, EEE dd MMM yy HH:mm:ss z, 
EEE,dd-MMM-yy HH:mm:ss z, EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy 
HH:mm:ss z]
2006/12/19 20:48:47:265 GMT [DEBUG] DefaultHttpParams - Set parameter 
http.auth.scheme-priority = [Digest]
2006/12/19 20:48:47:531 GMT [DEBUG] HttpConnection - Open connection to 
test.musicbrainz.org:80
2006/12/19 20:48:47:781 GMT [DEBUG] header - >> "POST /ws/1/track/ 
HTTP/1.1[\r][\n]"
2006/12/19 20:48:47:781 GMT [DEBUG] HttpMethodBase - Adding Host request 
header
2006/12/19 20:48:47:843 GMT [DEBUG] HttpMethodBase - Default charset 
used: ISO-8859-1
2006/12/19 20:48:47:843 GMT [DEBUG] HttpMethodBase - Default charset 
used: ISO-8859-1
2006/12/19 20:48:47:843 GMT [DEBUG] header - >> "User-Agent: Jakarta 
Commons-HttpClient/3.1-beta1[\r][\n]"
2006/12/19 20:48:47:843 GMT [DEBUG] header - >> "Host: 
test.musicbrainz.org[\r][\n]"
2006/12/19 20:48:47:843 GMT [DEBUG] header - >> "Content-Length: 
96[\r][\n]"
2006/12/19 20:48:47:843 GMT [DEBUG] header - >> "Content-Type: 
application/x-www-form-urlencoded[\r][\n]"
2006/12/19 20:48:47:843 GMT [DEBUG] header - >> "[\r][\n]"
2006/12/19 20:48:47:859 GMT [DEBUG] content - >> 
"client=TestProg1&puid=4d8cad37-054d-4421-855e-60f111cf574a+B2660da86-081f-eca6-12c7-739b37228326" 

2006/12/19 20:48:47:859 GMT [DEBUG] EntityEnclosingMethod - Request body 
sent
2006/12/19 20:48:48:062 GMT [DEBUG] header - << "HTTP/1.1 401 
Authorization Required[\r][\n]"
2006/12/19 20:48:48:062 GMT [DEBUG] header - << "Date: Tue, 19 Dec 2006 
20:48:44 GMT[\r][\n]"
2006/12/19 20:48:48:062 GMT [DEBUG] header - << "Server: Apache/1.3.34 
(Ubuntu) mod_perl/1.29[\r][\n]"
2006/12/19 20:48:48:062 GMT [DEBUG] header - << "WWW-Authenticate: 
Digest realm="musicbrainz.org", 
nonce="577488e4a0e016da36e312b74e0015901166561324"[\r][\n]"
2006/12/19 20:48:48:062 GMT [DEBUG] header - << "Content-Type: 
text/html; charset=iso-8859-1[\r][\n]"
2006/12/19 20:48:48:062 GMT [DEBUG] header - << "Via: 1.1 
test.musicbrainz.org[\r][\n]"
2006/12/19 20:48:48:062 GMT [DEBUG] header - << "Connection: close[\r][\n]"
2006/12/19 20:48:48:062 GMT [DEBUG] header - << "Transfer-Encoding: 
chunked[\r][\n]"
2006/12/19 20:48:48:062 GMT [DEBUG] HttpMethodDirector - Authorization 
required
2006/12/19 20:48:48:078 GMT [DEBUG] AuthChallengeProcessor - Supported 
authentication schemes in the order of preference: [Digest]
2006/12/19 20:48:48:078 GMT [INFO] AuthChallengeProcessor - Digest 
authentication scheme selected
2006/12/19 20:48:48:109 GMT [DEBUG] AuthChallengeProcessor - Using 
authentication scheme: digest
2006/12/19 20:48:48:109 GMT [DEBUG] AuthChallengeProcessor - 
Authorization challenge processed
2006/12/19 20:48:48:109 GMT [DEBUG] HttpMethodDirector - Authentication 
scope: DIGEST 'musicbrainz.org'@test.musicbrainz.org:80
2006/12/19 20:48:48:109 GMT [DEBUG] HttpMethodDirector - Retry 
authentication
2006/12/19 20:48:48:109 GMT [DEBUG] content - << "1"
2006/12/19 20:48:48:109 GMT [DEBUG] content - << "d"
2006/12/19 20:48:48:109 GMT [DEBUG] content - << "a"
2006/12/19 20:48:48:109 GMT [DEBUG] content - << "[\r]"
2006/12/19 20:48:48:109 GMT [DEBUG] content - << "[\n]"
2006/12/19 20:48:48:109 GMT [DEBUG] content - << "<!DOCTYPE HTML PUBLIC 
"-//IETF//DTD HTML 2.0//EN">[\n]"
2006/12/19 20:48:48:109 GMT [DEBUG] content - << "<HTML><HEAD>[\n]"
2006/12/19 20:48:48:109 GMT [DEBUG] content - << "<TITLE>401 
Authorization Required</TITLE>[\n]"
2006/12/19 20:48:48:109 GMT [DEBUG] content - << "</HEAD><BODY>[\n]"
2006/12/19 20:48:48:109 GMT [DEBUG] content - << "<H1>Authorization 
Required</H1>[\n]"
2006/12/19 20:48:48:109 GMT [DEBUG] content - << "This server could not 
verify that you[\n]"
2006/12/19 20:48:48:109 GMT [DEBUG] content - << "are authorized to 
access the document[\n]"
2006/12/19 20:48:48:109 GMT [DEBUG] content - << "requested. Either you 
supplied the wrong[\n]"
2006/12/19 20:48:48:109 GMT [DEBUG] content - << "credentials (e.g., bad 
password), or your[\n]"
2006/12/19 20:48:48:109 GMT [DEBUG] content - << "browser doesn't 
understand how to supply[\n]"
2006/12/19 20:48:48:109 GMT [DEBUG] content - << "the credentials 
required.<P>[\n]"
2006/12/19 20:48:48:109 GMT [DEBUG] content - << "<HR>[\n]"
2006/12/19 20:48:48:109 GMT [DEBUG] content - << "<ADDRESS>Apache/1.3.34 
Server at test.musicbrainz.org Port 80</ADDRESS>[\n]"
2006/12/19 20:48:48:109 GMT [DEBUG] content - << "</BODY></HTML>[\n]"
2006/12/19 20:48:48:109 GMT [DEBUG] content - << "[\r]"
2006/12/19 20:48:48:109 GMT [DEBUG] content - << "[\n]"
2006/12/19 20:48:48:109 GMT [DEBUG] content - << "0"
2006/12/19 20:48:48:109 GMT [DEBUG] content - << "[\r]"
2006/12/19 20:48:48:109 GMT [DEBUG] content - << "[\n]"
2006/12/19 20:48:48:109 GMT [DEBUG] content - << "[\r]"
2006/12/19 20:48:48:156 GMT [DEBUG] content - << "[\n]"
2006/12/19 20:48:48:187 GMT [DEBUG] HttpMethodBase - Should close 
connection in response to directive: close
2006/12/19 20:48:48:187 GMT [DEBUG] HttpConnection - Connection is 
locked. Call to releaseConnection() ignored.
2006/12/19 20:48:48:187 GMT [DEBUG] HttpMethodDirector - Authenticating 
with DIGEST 'musicbrainz.org'@test.musicbrainz.org:80
2006/12/19 20:48:48:187 GMT [DEBUG] HttpMethodParams - Credential 
charset not configured, using HTTP element charset
2006/12/19 20:48:48:187 GMT [DEBUG] DigestScheme - Using null qop method
2006/12/19 20:48:48:187 GMT [DEBUG] HttpConnection - Open connection to 
test.musicbrainz.org:80
2006/12/19 20:48:48:421 GMT [DEBUG] header - >> "POST /ws/1/track/ 
HTTP/1.1[\r][\n]"
2006/12/19 20:48:48:421 GMT [DEBUG] HttpMethodBase - Adding Host request 
header
2006/12/19 20:48:48:421 GMT [DEBUG] header - >> "User-Agent: Jakarta 
Commons-HttpClient/3.1-beta1[\r][\n]"
2006/12/19 20:48:48:421 GMT [DEBUG] header - >> "Content-Length: 
96[\r][\n]"
2006/12/19 20:48:48:421 GMT [DEBUG] header - >> "Content-Type: 
application/x-www-form-urlencoded[\r][\n]"
2006/12/19 20:48:48:421 GMT [DEBUG] header - >> "Authorization: Digest 
username="testuser100", realm="musicbrainz.org", 
nonce="577488e4a0e016da36e312b74e0015901166561324", uri="/ws/1/track/", 
response="16c61a4097d654054d1f9d0ff4de20f3"[\r][\n]"
2006/12/19 20:48:48:421 GMT [DEBUG] header - >> "Host: 
test.musicbrainz.org[\r][\n]"
2006/12/19 20:48:48:437 GMT [DEBUG] header - >> "[\r][\n]"
2006/12/19 20:48:48:437 GMT [DEBUG] content - >> 
"client=TestProg1&puid=4d8cad37-054d-4421-855e-60f111cf574a+B2660da86-081f-eca6-12c7-739b37228326" 

2006/12/19 20:48:48:437 GMT [DEBUG] EntityEnclosingMethod - Request body 
sent
2006/12/19 20:48:51:671 GMT [DEBUG] header - << "HTTP/1.1 400 Bad 
Request[\r][\n]"
2006/12/19 20:48:51:671 GMT [DEBUG] header - << "Date: Tue, 19 Dec 2006 
20:48:45 GMT[\r][\n]"
2006/12/19 20:48:51:671 GMT [DEBUG] header - << "Server: Apache/1.3.34 
(Ubuntu) mod_perl/1.29[\r][\n]"
2006/12/19 20:48:51:671 GMT [DEBUG] header - << "Content-Type: 
text/html; charset=iso-8859-1[\r][\n]"
2006/12/19 20:48:51:671 GMT [DEBUG] header - << "Via: 1.1 
test.musicbrainz.org[\r][\n]"
2006/12/19 20:48:51:671 GMT [DEBUG] header - << "Connection: close[\r][\n]"
2006/12/19 20:48:51:671 GMT [DEBUG] header - << "Transfer-Encoding: 
chunked[\r][\n]"
erro handlin: 400Bad Request
2006/12/19 20:48:51:671 GMT [DEBUG] content - << "1"
2006/12/19 20:48:51:671 GMT [DEBUG] content - << "9"
2006/12/19 20:48:51:671 GMT [DEBUG] content - << "9"
2006/12/19 20:48:51:671 GMT [DEBUG] content - << "[\r]"
2006/12/19 20:48:51:671 GMT [DEBUG] content - << "[\n]"
2006/12/19 20:48:51:671 GMT [DEBUG] content - << "<!DOCTYPE HTML PUBLIC 
"-//IETF//DTD HTML 2.0//EN">[\n]"
2006/12/19 20:48:51:671 GMT [DEBUG] content - << "<HTML><HEAD>[\n]"
2006/12/19 20:48:51:671 GMT [DEBUG] content - << "<TITLE>400 Bad 
Request</TITLE>[\n]"
2006/12/19 20:48:51:671 GMT [DEBUG] content - << "</HEAD><BODY>[\n]"
2006/12/19 20:48:51:671 GMT [DEBUG] content - << "<H1>Bad Request</H1>[\n]"
2006/12/19 20:48:51:671 GMT [DEBUG] content - << "Your browser sent a 
request that this server could not understand.<P>[\n]"
2006/12/19 20:48:51:671 GMT [DEBUG] content - << "<P>Additionally, a 400 
Bad Request[\n]"
2006/12/19 20:48:51:671 GMT [DEBUG] content - << "error was encountered 
while trying to use an ErrorDocument to handle the request.[\n]"
2006/12/19 20:48:51:671 GMT [DEBUG] content - << "<HR>[\n]"
2006/12/19 20:48:51:671 GMT [DEBUG] content - << "<ADDRESS>Apache/1.3.34 
Server at test.musicbrainz.org Port 80</ADDRESS>[\n]"
2006/12/19 20:48:51:671 GMT [DEBUG] content - << "</BODY></HTML>[\n]"
2006/12/19 20:48:51:671 GMT [DEBUG] content - << "[\r]"
2006/12/19 20:48:51:671 GMT [DEBUG] content - << "[\n]"
2006/12/19 20:48:51:671 GMT [DEBUG] content - << "0"
2006/12/19 20:48:51:671 GMT [DEBUG] content - << "[\r]"
2006/12/19 20:48:51:671 GMT [DEBUG] content - << "[\n]"
2006/12/19 20:48:51:671 GMT [DEBUG] content - << "[\r]"
2006/12/19 20:48:51:671 GMT [DEBUG] content - << "[\n]"
2006/12/19 20:48:51:671 GMT [DEBUG] HttpMethodBase - Should close 
connection in response to directive: close
2006/12/19 20:48:51:671 GMT [DEBUG] HttpConnection - Releasing 
connection back to connection manager.

Process finished with exit code 0


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]