java left logo
java middle logo
java right logo
 

Home arrow Other API Tips
 
 
Main Menu
Home
Java Tutorials
Book Reviews
Java SE Tips
Java ME Tips
Java EE Tips
Other API Tips
Java Applications
Java Libraries
Java Games
Java Network
Java Forums
Java Blog




Most Visited Tips
Java SE Tips
Java ME Tips
Java EE Tips
Other API Tips
Java Applications
Java Libraries
Java Games
Book Reviews
Top Rated Tips
Java SE Tips
Java ME Tips
Java EE Tips
Other API Tips
Java Applications
Java Libraries
Java Games
Book Reviews


Statistics
Registered Users: 3899
Java SE Tips: 614
Java ME Tips: 202
Java EE Tips: 183
Other API Tips: 779
Java Applications: 298
Java Libraries: 209
Java Games: 16
Book Reviews:
 
 
 
How to use alternate authentication scheme E-mail
User Rating: / 0
PoorBest 

This tip sontains a simple example that uses alternate authentication scheme selection if several authentication challenges are returned.

Per default HttpClient picks the authentication challenge in the following order of preference: NTLM, Digest, Basic. In certain cases it may be desirable to force the use of a weaker authentication scheme.

/*
 * $Header: 
 * $Revision$
 * $Date$
 * ====================================================================
 *
 *  Copyright 1999-2004 The Apache Software Foundation
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 * ====================================================================
 *
 * This software consists of voluntary contributions made by many
 * individuals on behalf of the Apache Software Foundation.  For more
 * information on the Apache Software Foundation, please see
 * <http://www.apache.org/>.
 *
 * [Additional notices, if required by prior licensing conditions]
 *
 */

import java.util.ArrayList;
import java.util.List;

import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.httpclient.auth.AuthPolicy;
import org.apache.commons.httpclient.auth.AuthScope;
import org.apache.commons.httpclient.methods.GetMethod;

/**
 <p>A simple example that uses alternate authentication scheme selection
 * if several authentication challenges are returned.
 </p>
 *
 <p>Per default HttpClient picks the authentication challenge in the 
 *  following order of preference: NTLM, Digest, Basic. In certain cases 
 *  it may be desirable to force the use of a weaker authentication scheme.
 </p>
 *
 @author Oleg Kalnichevski
 */
public class AlternateAuthenticationExample {
    
    /**
     * Constructor for BasicAuthenticatonExample.
     */
    public AlternateAuthenticationExample() {
        super();
    }
    
    public static void main(String[] argsthrows Exception {
        HttpClient client = new HttpClient();
        client.getState().setCredentials(
                new AuthScope("myhost"80"myrealm"),
                new UsernamePasswordCredentials("username""password"));
        // Suppose the site supports several authetication schemes: 
        // NTLM and Basic   
        // Basic authetication is considered inherently insecure. Hence, 
        // NTLM authentication is used per default
        
        // This is to make HttpClient pick the Basic authentication scheme 
        // over NTLM & Digest
        List authPrefs = new ArrayList(3);
        authPrefs.add(AuthPolicy.BASIC);
        authPrefs.add(AuthPolicy.NTLM);
        authPrefs.add(AuthPolicy.DIGEST);
        
        client.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY,
                authPrefs);
        
        GetMethod httpget = 
                new GetMethod("http://myhost/protected/auth-required.html");
        
        try {
            int status = client.executeMethod(httpget);
            // print the status and response
            System.out.println(httpget.getStatusLine());
            System.out.println(httpget.getResponseBodyAsString());
        finally {
            // release any connection resources used by the method
            httpget.releaseConnection();
        }
    }
}

Source: Apache HttpClient


 Related Tips

 
< Prev   Next >

Page 1 of 0 ( 0 comments )

You can share your information about this topic using the form below!

Please do not post your questions with this form! Thanks.


Name (required)


E-Mail (required)

Your email will not be displayed on the site - only to our administrator
Homepage(optional)



Comment Enable HTML code : Yes No



 
       
         
     
 
 
 
   
 
 
java bottom left
java bottom middle
java bottom right
RSS 0.91 FeedRSS 1.0 FeedRSS 2.0 FeedATOM FeedOPML Feed

Home - About Us - Privacy Policy
Copyright 2005 - 2008 www.java-tips.org
Java is a trademark of Sun Microsystems, Inc.