Authentication

To challenge a client, the originating server issues a "401 Unauthorized" message. This message includes a WWW-Authenticate HTTP header that identifies an authentication scheme via a case-insensitive token. The client replies with an Authorization header that provides the credentials.

Basic Authentication and the Authenticator Class

HTTP 1.0 introduced the basic authentication scheme by which a client identifies itself via a username and a password.

 
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.util.List;
import java.util.Map;

public class Main {
  public static void main(String[] args) throws IOException {
    String s = "http://test.webdav.org/auth-basic/";

    URL url = new URL(s);
    URLConnection urlc = url.openConnection();
    Map<String, List<String>> hf = urlc.getHeaderFields();
    for (String key : hf.keySet())
      System.out.println(key + ": " + urlc.getHeaderField(key));
    System.out.println(((HttpURLConnection) urlc).getResponseCode());
  }
}
  

Output:


null: HTTP/1.1 401 Authorization Required
WWW-Authenticate: Basic realm="basic auth area"
Date: Tue, 14 Aug 2012 17:44:22 GMT
Content-Length: 401
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Server: Apache/2.0.54 (Debian GNU/Linux) DAV/2 SVN/1.3.2
401

In order to pass this username and password back to the HTTP server, the application must work with the java.net.Authenticator class.

The following code performs basic authentication

 
import java.io.IOException;
import java.net.Authenticator;
import java.net.HttpURLConnection;
import java.net.PasswordAuthentication;
import java.net.URL;
import java.net.URLConnection;
import java.util.List;
import java.util.Map;

public class Main {

  public static void main(String[] args) throws IOException {
    Authenticator.setDefault(new BasicAuthenticator());
    URL url = new URL("http://test.webdav.org/auth-basic/");
    URLConnection urlc = url.openConnection();
    Map<String, List<String>> hf = urlc.getHeaderFields();
    for (String key : hf.keySet()){
      System.out.println(key + ": " + urlc.getHeaderField(key));
    }
      
    System.out.println(((HttpURLConnection) urlc).getResponseCode());
  }
}

class BasicAuthenticator extends Authenticator {
  final static String USERNAME = "user1";
  final static String PASSWORD = "user1";

  @Override
  public PasswordAuthentication getPasswordAuthentication() {
    System.out.println("Password requested " + getRequestingHost()
        + " for scheme " + getRequestingScheme());
    return new PasswordAuthentication(USERNAME, PASSWORD.toCharArray());
  }
}
  

Output:


Password requested test.webdav.org for scheme basic
null: HTTP/1.1 404 Not Found
Date: Tue, 14 Aug 2012 17:45:55 GMT
Content-Length: 209
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Server: Apache/2.0.54 (Debian GNU/Linux) DAV/2 SVN/1.3.2
404
Home 
  Java Book 
    Networking