It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Follow this question
Question details

×10,826
×5,819
×489

question asked: Apr 10 '17, 8:56 a.m.
question was seen: 2,030 times
last updated: Apr 16 '17, 9:37 p.m.

Related questions

FAQ - How this Forum works

How to see if authentification failed when making rest calls

0
Staffan Solin (1319) | asked Apr 10 '17, 8:56 a.m.
edited Apr 10 '17, 9:06 a.m.

 I've been doing the OLSC labs so im using the HttpUtils package with a built in connection to the NDG database. However I'm not able to find out when the authentication fails eventho there is an if statement in the code that is checking for this. But for some reason that part is allways null so the if statement is allways false. When login and password is correct the datafecthing works fine.


Declaring variables: 

String serverURI = "https://<Server>.com/rm";
String rootServices = "https://<Server>.com/rm/oslc_rm/catalog"
HttpGet request = new HttpGet(rootServices);
rootServiceDoc.addHeader("Accept", "application/rdf+xml");
rootServiceDoc.addHeader("OSLC-Core-Version", "2.0");
String login= username;
String password = password;
HttpClient httpclient = new DefaultHttpClient();
public static HttpResponse sendGetForSecureDocument(String serverURI, HttpGet request, String login, String password, HttpClient httpClient)
throws IOException, InvalidCredentialsException {
// Step (1): Request the protected resource
if (DEBUG) System.out.println(">> GET(1) "+request.getURI());
HttpResponse documentResponse = httpClient.execute(request);
if (DEBUG) {
System.out.println(">> Response Headers:");
HttpUtils.printResponseHeaders(documentResponse);
}
if (documentResponse.getStatusLine().getStatusCode() == 200) {
Header header = documentResponse.getFirstHeader(AUTHREQUIRED);
if ((header!=null) && ("authrequired".equals(header.getValue()))) {
documentResponse.getEntity().consumeContent();
// The server requires an authentication: Create the login form
HttpPost formPost = new HttpPost(serverURI+"/j_security_check");
List<NameValuePair> nvps = new ArrayList<NameValuePair>();
nvps.add(new BasicNameValuePair("j_username", login));
nvps.add(new BasicNameValuePair("j_password", password));
formPost.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));

// Step (2): The client submits the login form
if (DEBUG) System.out.println(">> POST "+formPost.getURI());
HttpResponse formResponse = httpClient.execute(formPost);
if (DEBUG) HttpUtils.printResponseHeaders(formResponse);
header = formResponse.getFirstHeader(AUTHREQUIRED);
if ((header!=null) && ("authfailed".equals(header.getValue()))) {
System.out.println("");
// The login failed
throw new InvalidCredentialsException("Authentication failed");
} else {
System.out.println("False");
formResponse.getEntity().consumeContent();
// The login succeed
// Step (3): Request again the protected resource
if (DEBUG) System.out.println(">> GET(2) "+request.getURI());
HttpGet documentGet2;
try {
documentGet2 = (HttpGet)(request.clone());
return httpClient.execute(documentGet2);
} catch (CloneNotSupportedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
}
return  documentResponse;
}

One answer

Most liked answers|Newest answers ↑|Oldest answers

1
permanent link
Donald Nong (14.5k414) | answered Apr 16 '17, 9:37 p.m.

You should carefully examine the response code and header, rather than assume how it works.

First of all, there is no /rm/authenticated/j_security_check, as RM delegates the authentication duty to JTS. If you POST to this URL, you will get HTTP 401 error, without the response header "X-com-ibm-team-repository-web-auth-msg" you are expecting. In case of correct username/password combination, you will get HTTP 302 then 404, which I can't explain why.

And, if you POST to /jts/authenticated/j_security_check and the authentication fails, you will get HTTP 302, redirecting to /jts/auth/authfailed, and again without the response header "X-com-ibm-team-repository-web-auth-msg". If your code is set to follow the redirecting, you will then get HTTP 200 and the response header "X-com-ibm-team-repository-web-auth-msg" with value "authfailed".

If you don't want to put in too many different codes, an easier way to do it is after the authentication, access the protected resource straightaway and check again. This is the same as the accepted answer in this post.
https://jazz.net/forum/questions/78605/how-can-i-do-the-oauth-authentication-from-another-webcontrol

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.