Thank you Kim,
yes I did not mention how I came up with the idea of a missing session ID.
I traced the network communication with Wireshark and compared the
successful browser trace with the Java trace.
The first difference in the traces is that the client does not send a
session ID in the Java case. In the browser case the session ID is sent
by the client and responded by the server. I am not 100 % sure but the
session ID might be required for the data encryption.
The protocol is explained here
http://en.wikipedia.org/wiki/Transport_Layer_Security#Basic_TLS_handshake
where the random number is the session ID
and here
http://commons.wikimedia.org/wiki/File:SSL_handshake_with_two_way_authentication_with_certificates.svg
kind regards
Horst
Am 04.11.2013 23:25, schrieb kim young ill:
200 is a http-response code, only means the request comes & handled by
server correcly, no error/exception, doesnt mean the username/password is
correct.
try to use the browser to see how the login-request looks like in both
cases or simply log the server-response.
hth
On Sat, Nov 2, 2013 at 2:39 PM, Horst Weigelt <[email protected]> wrote:
|I want to logon to a https URL using Apache HTTP Client 4.3
The login fails. However I receive HTTP status 200 when posting the
request.
One issue for the login failure might be that there is no session ID send
in the|
|TLSv1 handshake protocol (Length: 0)
That raises 2 questions:
1) Is a session ID required for the login. If yes how can I set the
session ID.
2) Is there something else missing in the Java code below (except for the
correct URL + login/password ;-) )
This question is also posted (more or less identically) in
http://stackoverflow.com/questions/19737218/session-id-
missing-in-https-post-using-apache-httpclient-4-3
HttpClientContext context= HttpClientContext.create();
/* to follow redirections */ RedirectStrategy redirectStrategy=
new LaxRedirectStrategy();
RequestConfig globalConfig= RequestConfig.custom()
.setCookieSpec(CookieSpecs.BEST_MATCH)
.build();
RequestConfig localConfig= RequestConfig.copy(globalConfig)
.setCookieSpec(CookieSpecs.BROWSER_COMPATIBILITY)
.build();
try {
SSLContext sslcontext= SSLContexts.custom()
.build();
SSLConnectionSocketFactory sslsf= new
SSLConnectionSocketFactory(sslcontext,
SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_
VERIFIER);
/* setup client for https and redirections */
httpclient= HttpClients.custom()
.setRedirectStrategy(redirectStrategy)
.setSSLSocketFactory(sslsf)
.build();
HttpPost httpost= new HttpPost("https://myURL";);
httpost.setConfig(localConfig);
/* set login and password */
httpost.setEntity(new UrlEncodedFormEntity(login_and_passwd,
Consts.UTF_8));
CloseableHttpResponse httpresponse= httpclient.execute(httpost);
}
} finally {
httpclient.close();
}
return httpclient;
Thanks for any help
Horst
|
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
