Apache Http Digest Authentication using Java
This code works for me pretty well:
protected static void downloadDigest(URL url, FileOutputStream fos) throws IOException { HttpHost targetHost = new HttpHost(url.getHost(), url.getPort(), url.getProtocol()); CloseableHttpClient httpClient = HttpClients.createDefault(); HttpClientContext context = HttpClientContext.create(); String credential = url.getUserInfo(); if (credential != null) { String user = credential.split(":")[0]; String password = credential.split(":")[1]; CredentialsProvider credsProvider = new BasicCredentialsProvider(); credsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(user, password)); AuthCache authCache = new BasicAuthCache(); DigestScheme digestScheme = new DigestScheme(); authCache.put(targetHost, digestScheme); context.setCredentialsProvider(credsProvider); context.setAuthCache(authCache); } HttpGet httpget = new HttpGet(url.getPath()); CloseableHttpResponse response = httpClient.execute(targetHost, httpget, context); try { ReadableByteChannel rbc = Channels.newChannel(response.getEntity().getContent()); fos.getChannel().transferFrom(rbc, 0, Long.MAX_VALUE); } finally { response.close(); }}
try this code from apache httpClient 4.3.3
final HttpHost targetHost = new HttpHost("localhost", 8080, "http"); final CredentialsProvider credsProvider = new BasicCredentialsProvider(); credsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(user, password)); final AuthCache authCache = new BasicAuthCache(); DigestScheme digestAuth = new DigestScheme(); digestAuth.overrideParamter("realm", "some-realm"); digestAuth.overrideParamter("nonce", "whatever"); authCache.put(targetHost, digestAuth); // Add AuthCache to the execution context HttpClientContext context = HttpClientContext.create(); context.setAuthCache(authCache);HttpGet httpget = new HttpGet("/");CloseableHttpResponse response = httpclient.execute(targetHost , httpget, context );
Please can you give me the site which requires HTTP digest authentication?
Tipp: do not use HTTP Digest :) It is not secure at all. Over HTTPS it has not point.
If you must, below is a code that works with parsing the WWW-Authenticate
header.
This is tested with the following dependency (i use gradle
):
compile group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.6'
The code:
import java.io.IOException;import java.net.MalformedURLException;import java.net.URL;import org.apache.http.Header;import org.apache.http.HttpHost;import org.apache.http.auth.AuthScope;import org.apache.http.auth.MalformedChallengeException;import org.apache.http.auth.UsernamePasswordCredentials;import org.apache.http.client.AuthCache;import org.apache.http.client.CredentialsProvider;import org.apache.http.client.methods.CloseableHttpResponse;import org.apache.http.client.methods.HttpGet;import org.apache.http.client.protocol.HttpClientContext;import org.apache.http.impl.auth.DigestScheme;import org.apache.http.impl.client.BasicAuthCache;import org.apache.http.impl.client.BasicCredentialsProvider;import org.apache.http.impl.client.CloseableHttpClient;import org.apache.http.impl.client.HttpClients;import org.apache.http.util.EntityUtils;public class DigestExample { private final static String uri = "http://my.digest.based.auth.url.com"; private static HttpHost target; public static void main(String[] args) throws IOException { setup(); if (target == null) { System.out.println("Setup was unsuccesfull"); return; } Header challengeHeader = getAuthChallengeHeader(); if (challengeHeader == null) { System.out.println("Setup was unsuccesfull"); return; } // NOTE: challenge is reused for subsequent HTTP GET calls (typo corrected) getWithDigestAuth(challengeHeader, "/", "/schema"); } private static void setup() throws MalformedURLException { URL url = new URL(uri); target = new HttpHost(url.getHost(), url.getPort(), url.getProtocol()); } private static Header getAuthChallengeHeader() { try (CloseableHttpClient httpClient = HttpClients.createDefault()) { CloseableHttpResponse response = httpClient.execute(new HttpGet(uri)); return response.getFirstHeader("WWW-Authenticate"); } catch (IOException e) { e.printStackTrace(); return null; } } private static void getWithDigestAuth(Header challengeHeader, String... requests) throws IOException { CredentialsProvider credsProvider = new BasicCredentialsProvider(); credsProvider.setCredentials( new AuthScope(target.getHostName(), target.getPort()), new UsernamePasswordCredentials("user", "pass")); try (CloseableHttpClient httpclient = HttpClients.custom() .setDefaultCredentialsProvider(credsProvider) .build()) { // Create AuthCache instance AuthCache authCache = new BasicAuthCache(); // Generate DIGEST scheme object, initialize it and add it to the local // auth cache DigestScheme digestAuth = new DigestScheme(); digestAuth.processChallenge(challengeHeader); authCache.put(target, digestAuth); // Add AuthCache to the execution context HttpClientContext localContext = HttpClientContext.create(); localContext.setAuthCache(authCache); for (String request : requests) { System.out.println("Executing request to target " + target + request); try (CloseableHttpResponse response = httpclient .execute(target, new HttpGet(request), localContext)) { System.out.println("----------------------------------------"); System.out.println(response.getStatusLine()); System.out.println(EntityUtils.toString(response.getEntity())); } catch (Exception e) { System.out.println("Error while executing HTTP GET request"); e.printStackTrace(); } } } catch (MalformedChallengeException e) { e.printStackTrace(); } }}