How to deal with multi-step WWW-Authenticate with the new HttpClient
Weijun Wang
weijun.wang at oracle.com
Wed Apr 17 03:09:02 UTC 2019
Hi, All,
I am trying the new HttpClient to deal with a multi-step Negotiate authentication with Windows IIS, and here is my code.
HttpClient hc = HttpClient.newBuilder().build();
var req = HttpRequest.newBuilder().uri(new URI(args[0]));
while (true) {
var resp = hc.send(req.build(), HttpResponse.BodyHandlers.ofString());
System.out.println("--------------------");
System.out.println(resp.statusCode());
String auth = resp.headers().allValues("WWW-Authenticate")
.stream()
.filter(s -> s.startsWith("Negotiate"))
.findFirst()
.orElseThrow()
.substring(9)
.trim();
System.out.println("incoming " + auth);
byte[] in = auth.isEmpty() ? new byte[0] :Base64.getDecoder().decode(auth);
byte[] out = calculate_token_from_incoming(in);
if (out == null) break; // if status is still >400. No way to continue
String sent = Base64.getEncoder().encodeToString(out);
System.out.println("--------------------");
System.out.println("outgoing " + sent);
req.header("Authorization", "Negotiate " + sent);
}
This works when there is only one request and one reply, but fails when there is more.
Is this the correct way? Is there some keep-connnection thing I need to care about?
Thanks,
Max
p.s. Or maybe there is something wrong with IIS. This is a corner case.
More information about the net-dev
mailing list