forms authentication - How to login in web site using Java

Question

I want to access some pages of web site https://myoffice.bt.com which requires user authentication using java. We have to sign in first to access pages. I have wriiten following code.

package root;

import java.io.IOException;

import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.httpclient.auth.AuthScope;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.params.HttpMethodParams;


public class Url
{
 public static void main(String[] args) throws IOException
 {
  HttpClient client = new HttpClient();

  client.getParams().setParameter(
      HttpMethodParams.USER_AGENT,
      "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2"
  );

  client.getState().setCredentials(
     new AuthScope("https://myoffice.bt.com", 443,  AuthScope.ANY_REALM),
     new UsernamePasswordCredentials("username", "password")  ); 

  PostMethod get = new PostMethod("https://myoffice.bt.com/youraccount/default.aspx");
  get.setDoAuthentication( true );
  System.out.println(get.getFollowRedirects());
  //get.setFollowRedirects(true);


  try {
    // execute the GET
     int status = client.executeMethod( get );

     // print the status and response
     System.out.println(status + "
" + get.getResponseBodyAsString());

     } finally {
     // release any connection resources used by the method
      get.releaseConnection();
     } 


 }

}

But it gives following errors.

> Jun 22, 2010 12:14:40 PM org.apache.commons.httpclient.HttpMethodDirector isRedirectNeeded
INFO: Redirect requested but followRedirects is disabled
302

If I uncomment get.setFollowingRedirects line, It gives another error.

Exception in thread "main" java.lang.IllegalArgumentException: Entity enclosing requests cannot be redirected without user intervention
 at org.apache.commons.httpclient.methods.EntityEnclosingMethod.setFollowRedirects(Unknown Source)
 at root.Url.main(Url.java:30)

Can any one help me here? Can we do form based authentication using HttpClient?

Thanks.

Answer 1

First - please don't name your PostMethod variable get.

Second, try this:

PostMethod post = new PostMethod("yourUrl")
{
    @Override
    public boolean getFollowRedirects()
    {
        return true;
    }
};

If you ever happen to be on the "other side" and want to prevent your users from suffering, use the response code 303 (See Other) when redirecting a POST request to a GET, instead of the common 302 and 301 (per RFC). Regular browsers tend to be nice, break the rules and NOT ask us to confirm these redirects, but a lot of mobile browsers still do.

Regarding your question about form based authentication - you just need to figure out the parameter names to use (by looking at the source of the website where you "normally" log in, for example), and then populate them with the appropriate values:

post.addParameter("username", username);
post.addParameter("password", password);

---

I played around with the login form at myoffice.bt.com, there's a few things going on in JavaScript.

The form is submitted to https://myoffice.bt.com/siteminderagent/forms/login.fcc

The form elements that are submitted were as follows (name=value, some values were empty):

Segment=btb.hub
SubSegment=
searchType=0
searchPlatform=BEA
lob=btb.hub
queryText=
searchText=
ctl00$masterWebpartManager$gwpCustomLogin1$CustomLogin1$UserName=your@email.com
ctl00$masterWebpartManager$gwpCustomLogin1$CustomLogin1$PWD=yourpwd
ctl00$masterWebpartManager$gwpCustomLogin1$CustomLogin1$RememberMe=on
USER=your@email.com
PASSWORD=yourpwd
SMENC=ISO-8859-1
SMLOCALE=US-EN
userFirstLoginUrl=https://myoffice.bt.com/ManageBusinessApplications/SecretQA.aspx
PrivateLoginSuccessUrl=https://myoffice.bt.com/sm/privatecreatesession.aspx?siteArea=btb.mya
PublicLoginSuccessUrl=https://myoffice.bt.com/sm/createsession.aspx?siteArea=btb.mya
target=https://myoffice.bt.com/sm/privatecreatesession.aspx?siteArea=btb.mya&TARGET=https%3a%2f%2fmyoffice.bt.com%2fdefault.aspx (hidden)
submitStatus=
smauthreason=
smagentname=
postpreservationdata=
AnonUserName=anon@myoffice.bt.com
authMode=SITEMINDER
smUrl=https://myoffice.bt.com/siteminderagent/forms/login.fcc
notSMUrl=https://myoffice.bt.com/default.aspx
smIdentifier=1

Try adding some or all of these (at least USER and PASSWORD) to your PostMethod, and make sure you are submitting to the correct URL.