Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Apache HttpClient Digest authentication

Tags:

java

android

digest-authentication

apache-commons-httpclient

Basically what I need to do is to perform digest authentication. First thing I tried is the official example available here. But when I try to execute it(with some small changes, Post instead of the the Get method) I get a

Click to copy
org.apache.http.auth.MalformedChallengeException: missing nonce in challange
at org.apache.http.impl.auth.DigestScheme.processChallenge(DigestScheme.java:132)

When this failed I tried using:

Click to copy
DefaultHttpClient client = new DefaultHttpClient();
client.getCredentialsProvider().setCredentials(new AuthScope(null, -1, null), new UsernamePasswordCredentials("<username>", "<password>"));

HttpPost post = new HttpPost(URI.create("http://<someaddress>"));
        List<NameValuePair> nvps = new ArrayList<NameValuePair>();
nvps.add(new BasicNameValuePair("domain", "<username>"));
post.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));

DigestScheme digestAuth = new DigestScheme();
digestAuth.overrideParamter("algorithm", "MD5");
digestAuth.overrideParamter("realm", "http://<someaddress>");
digestAuth.overrideParamter("nonce", Long.toString(new Random().nextLong(), 36));
digestAuth.overrideParamter("qop", "auth");
digestAuth.overrideParamter("nc", "0");
digestAuth.overrideParamter("cnonce", DigestScheme.createCnonce());

Header auth = digestAuth.authenticate(new
      UsernamePasswordCredentials("<username>", "<password>"), post);
System.out.println(auth.getName());
System.out.println(auth.getValue());
post.setHeader(auth);


HttpResponse ret = client.execute(post);
ByteArrayOutputStream v2 = new ByteArrayOutputStream();
ret.getEntity().writeTo(v2);
System.out.println("----------------------------------------");
System.out.println(v2.toString());
System.out.println("----------------------------------------");
System.out.println(ret.getStatusLine().getReasonPhrase());
System.out.println(ret.getStatusLine().getStatusCode());

At first I have only overridden "realm" and "nonce" DigestScheme parameters. But it turned out that PHP script running on the server requires all other params, but no matter if I specify them or not DigestScheme doesn't generate them in the Authorization RequestPreperty when I call its authenticate() method. And PHP script returns HTTP response code 200 with a message that PHP script requires cnonce, nc and qop parameters.

I've been struggling with this for two days, and no luck. Based on everything I think that the cause of the problem is the PHP script. It looks to me that it doesn't send a challenge when app tries to access it unauthorized.

Any ideas anyone?

Edit: One more thing, I've tried connecting with cURL and it works.

like image 601
Milan Avatar asked Jun 02 '10 01:06

Milan

2 Answers

This code snippet worked for me. You have to provide the realm which you can get by looking at the 401 response header you get from the host.

Click to copy
val credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(AuthScope.ANY,
  new UsernamePasswordCredentials(user, password));
val authCache = new BasicAuthCache();
val digestScheme = new DigestScheme();

digestScheme.overrideParamter("realm", "**Name of the Realm**");
// Nonce value
digestScheme.overrideParamter("nonce", "whatever");

authCache.put(targetHost, digestScheme);

context.setCredentialsProvider(credsProvider);
context.setAuthCache(authCache);

val httpget = new HttpGet(url);

val response = httpClient.execute(targetHost, httpget, context);
like image 120
Ted Yang Avatar answered Sep 20 '22 15:09

Ted Yang

I managed to do a Digest login using digestScheme after verifying the code.

Click to copy
digestAuth.processChallenge(null);

Forces the previous input parameters to be interpreted. The null parameter is a header, based on the header sent, if any.

Now qop/nc is used and digestScheme works as required. Running it on android

Click to copy
digestAuth.overrideParamter("algorithm", "MD5");
digestAuth.overrideParamter("realm", serverRealm);
digestAuth.overrideParamter("nonce", Long.toString(new Random().nextLong(), 36));
digestAuth.overrideParamter("qop", "auth");//   not effective 
digestAuth.overrideParamter("nc",""+sequence);//nt effective 
digestAuth.overrideParamter("cnonce", DigestScheme.createCnonce());
digestAuth.overrideParamter("opaque","ba897c2f0f3de9c6f52d");
String err;
try
{
    digestAuth.processChallenge(null);
    //force  qop in use  chalange  on return header ????!!!!
}
catch (Exception e)
{ 
    err=e.getLocalizedMessage();
}
like image 38
user1107423 Avatar answered Sep 20 '22 15:09

user1107423
Sign in to Comment

Related questions

Spring boot Could not resolve placeholder application.yml
Using JUnit 5 with Java 9 without Maven or Gradle
Spring Security - multiple configurations - add LogoutHandler
Spring @PreDestroy: No logging because Logback stops too soon
Android Studio 3.0 laggy typing experience [closed]
Invalid parameter: Token Reason: iOS device tokens must be no more than 400 hexadecimal characters
Get the list of paths of all the Storage Devices connected to an Android device
Avoid reporting Broken Pipe errors to Sentry in a Spring Boot application
Kotlin Spring bean validation nullability
What is the function of springdoc-openapi-maven-plugin configuration/apiDocsUrl?
Open source Java library to produce webpage thumbnails server-side [closed]
Listing the files in a directory of the current JAR file
How to debug JVM resources loading?
Why use stateful session beans?
PreUpdate not firing when adding to a collection [duplicate]
Using Protocol buffer as general Data object?
Java: MiGLayout: How to use `hidemode`?
Best way to add annotations to inherited methods
ability to get the progress on a Future<T> object
App-Engine (Java) File Upload

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!