Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Java 11 HttpClient not sending basic authentication

Tags:

I wrote the following HttpClient code, and it did not result in an Authorization header being sent to the server:

public static void main(String[] args) {
    var client = HttpClient.newBuilder()
            .authenticator(new Authenticator() {
                @Override
                protected PasswordAuthentication getPasswordAuthentication() {
                    return new PasswordAuthentication("username", "password".toCharArray());
                }
            })
            .version(HttpClient.Version.HTTP_1_1)
            .build();
    var request = HttpRequest.newBuilder()
            .uri("https://service-that-needs-auth.example/")
            .build();
    client.sendAsync(request, HttpResponse.BodyHandlers.ofString())
            .thenApply(HttpResponse::body)
            .thenAccept(System.out::println)
            .join();
}

I'm getting an HTTP 401 error from the service I'm calling. In my case, it's the Atlassian Jira Cloud API.

I have confirmed that my getPasswordAuthentication() method is not being invoked by HttpClient.

Why isn't it working, and what should I do instead?

like image 418
Jonathan Fuerth Avatar asked Jan 16 '19 00:01

Jonathan Fuerth

Video Answer

1 Answers

The service I was calling (in this case, Atlassian's Jira Cloud API) supports both Basic and OAuth authentication. I was attempting to use HTTP Basic, but it sends back an auth challenge for OAuth.

As of the current JDK 11, HttpClient does not send Basic credentials until challenged for them with a WWW-Authenticate header from the server. Further, the only type of challenge it understands is for Basic authentication. The relevant JDK code is here (complete with TODO for supporting more than Basic auth) if you'd like to take a look.

In the meantime, my remedy has been to bypass HttpClient's authentication API and to create and send the Basic Authorization header myself:

public static void main(String[] args) {     var client = HttpClient.newBuilder()             .version(HttpClient.Version.HTTP_1_1)             .build();     var request = HttpRequest.newBuilder()             .uri(new URI("https://service-that-needs-auth.example/"))             .header("Authorization", basicAuth("username", "password"))             .build();     client.sendAsync(request, HttpResponse.BodyHandlers.ofString())             .thenApply(HttpResponse::body)             .thenAccept(System.out::println)             .join(); }  private static String basicAuth(String username, String password) {     return "Basic " + Base64.getEncoder().encodeToString((username + ":" + password).getBytes()); }
like image 161
Jonathan Fuerth Avatar answered Sep 20 '22 13:09

Jonathan Fuerth
Sign in to Comment

Related questions

float/double Math.Round in C# [duplicate]
OneHotEncoder categorical_features deprecated, how to transform specific column
Razor pages and webapi in the same project
React Material-UI Modal TypeError: Cannot read property 'hasOwnProperty' of undefined
iOS 13 Killing app because it never posted an incoming call to the system after receiving a PushKit VoIP callback
How to best capture and log scp output?
Representing unlimited in database with integer data type
How good is FreeBSD as a development platform?
How can I implement a global RewriteCond / RewriteRule in Apache that applies to all virtual hosts?
clone node on drag
How to recursively add subdirectories to the PATH?
What's causing xcopy to tell me Access Denied?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!