It's all about the answers!

Ask a question

Problems with Form Based Authentication in Java


Edwin Chan (3631) | asked Mar 03 '11, 4:01 p.m.
I want to use REST to query and update work items in RTC 2.0.0.2. I looked at some guides to get a good concept of it:
http://jazz.net/library/article/352
https://jazz.net/wiki/bin/view/Main/ResourceOrientedWorkItemAPIv2#Form_based_authentication_using

I'm trying to use the discovery chain and I can get the catalog link successfully from rootservices. But to access the catalog, I would need to be authenticated, which is where I'm stuck.

I tried following this guide for form based authentication, but I'm not having any luck. Tomcat 5 is the application server.

I outputted my cookie store and I can see that it has a JSESSIONID and JazzFormAuth.

httpClient = new DefaultHttpClient();

CookieStore cookieStore = new BasicCookieStore();
localContext = new BasicHttpContext();
localContext.setAttribute(ClientContext.COOKIE_STORE,cookieStore);
HttpGet httpGetID = new HttpGet("http://"+rtcHost+":"+rtcPort+"/jazz/authenticated/identity");
httpClient.execute(httpGetID, localContext);
httpGetID.abort();
List<NameValuePair> authFormParams = new ArrayList<NameValuePair>();
authFormParams.add(new BasicNameValuePair("j_username", rtcUsername));
authFormParams.add(new BasicNameValuePair("j_password", rtcPassword));
UrlEncodedFormEntity entity = new UrlEncodedFormEntity(authFormParams, "UTF-8");
HttpPost httpPostAuth = new HttpPost("http://"+rtcHost+":"+rtcPort+"/jazz/authenticated/j_security_check");
httpPostAuth.setEntity(entity);
httpClient.execute(httpPostAuth, localContext);
httpPostAuth.abort();

HttpGet httpget = new HttpGet("http://"+rtcHost+":"+rtcPort+"/jazz/oslc/workitems/catalog");
httpget.setHeader("Accept", "text/xml");
HttpResponse response = httpClient.execute(httpget, localContext);
httpget.abort();

One answer



permanent link
Edwin Chan (3631) | answered Mar 04 '11, 10:31 a.m.
Resolved.

After authenticating (posting to j_security_check), you need hit another page (ex. identity) to receive the another cookie:
X-com-ibm-team-foundation-auth-loop-avoidance=false

Your answer


Register or to post your answer.