1 year ago
#388763
Jawad-Dev
Session Control Java - GET Cookie from Request and Pass it to POST request
I am actually stuck in a data fetching API. In its documentation it has been mentioned that I have to make a call to the login API first then using its Authorization header and cookie (returned in Login API response) I have to make subsequent calls (keeping session control).
The first call is successful and I have received the Cookie i.e. X-SESSIONID and Authorization Header from response Headers. But the subsequent call is returning: 401 Unauthorized even I am passing session Id and authorization header.
May be I am doing something wrong in session management or making subsequent call. Can someone help?
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLEncoder;
import java.util.HashMap;
import java.util.Map;
import javax.ws.rs.core.*;
import org.apache.commons.codec.digest.*;
import org.codehaus.jettison.json.*;
import com.sun.jersey.api.*;
import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.WebResource;
import com.sun.jersey.api.client.config.ClientConfig;
import com.sun.jersey.api.client.config.DefaultClientConfig;
public class DigestClient {
// Dividing into two parts because we need to send the last part of uri in our
// second request to service.
static String baseUri = "http://data.crea.ca";
static String subUri = "/Login.svc/Login";
public static void main(String[] args) throws JSONException, IOException {
ClientConfig cc = new DefaultClientConfig();
Client client = Client.create(cc);
WebResource webResource = client.resource(baseUri + subUri);
ClientResponse response = webResource.get(ClientResponse.class);
// Basically in Digest-Authentication mechanism, we hit the rest service two
// times.
// First time with No Authentication, which returns some values (qop, nonce,
// realm) which are used as inputs in second call to rest service.
/*--------------- First call-----------------*/
// We get 401, Unauthorized
System.out.println(response.getStatus() );
// Here is the complete header information
System.out.println(response.getHeaders());
// We need "WWW-Authenticate" part information for our second call to rest
System.out.println("WWW-Authenticate: \t" + response.getHeaders().get("www-Authenticate"));
String noAuthResp = response.getHeaders().get("www-Authenticate").toString();
noAuthResp = noAuthResp.replace("Digest ", "");
noAuthResp = noAuthResp.replace('[', '{');
noAuthResp = noAuthResp.replace(']', '}');
// Creating a JSONObject for easy information retrieval
JSONObject resp = new JSONObject(noAuthResp);
/*--------------- Second call-----------------*/
// Here client has to set the fields which was returned from the first call
String user = "CXLHfDVrziCfvwgCuL8nUahC"; // username
String password = "mFqMsCSPdnb5WO1gpEEtDCHH"; // password
String realm = resp.getString("realm"); // realm value from the first rest-call response
String qop = resp.getString("qop"); // qop value from the first rest-call response
String nonce = resp.getString("nonce"); // nonce value from the first rest-call response
String opaque = "";//resp.getString("opaque"); // Some times if we don't get this value, set it with ""
String algorithm = "MD5"; // The algorithm set by the client
int nonceCount = 678; // Some numerical input from the client
String clientNonce = "afdjas0"; // Some random text from the client for encryption
String method = "GET"; // HTTP method
String ha1 = new DigestClient().formHA1(user, realm, password);
String ha2 = new DigestClient().formHA2(method, subUri);
String responseCode = new DigestClient().generateResponse(ha1, nonce, nonceCount, clientNonce, qop, ha2);
// Header to be sent to the service
String value = "Digest username=\"" + user + "\", realm=\"" + realm + "\", nonce=\"" + nonce + "\", uri=\""
+ subUri + "\", qop=" + qop + ", nc=" + nonceCount + ", cnonce=\"" + clientNonce + "\", response=\""
+ responseCode + "\", opaque=\"" + opaque + "\"";
System.out.println("Digest Header: " + value );
// Hitting the service
response = webResource.header("authorization", value).type(MediaType.TEXT_PLAIN).accept("*")
.get(ClientResponse.class);
System.out.println("\nComplete Response:\n" + response + "\n");
String output = response.getEntity(String.class);
MultivaluedMap<String, String> responseHeaders = response.getHeaders();
System.out.println("Response header: " + prepareParameters(responseHeaders).toString());
System.out.println("Cookie: " + response.getCookies().get(1).toString());
// System.out.println("Response Text: " + output);
String sessionId = response.getCookies().get(1).toString();
/****************************SUBSEQUENT CALL (WHERE I AM PASSING SESSION ID AS COOKIE AND AUTHORIZATION HEADER ***************************/
System.out.println("Getting metadata..");
System.out.println("SessionID: " + sessionId.split(";")[0]);
System.out.println("Digest Header: " + value);
String sid = sessionId.split(";")[0];
String request = "<Employee><Name>Sunil</Name></<Employee>";
webResource = client.resource("http://data.crea.ca/Metadata.svc/GetMetadata");
ClientResponse response2 = webResource.get(ClientResponse.class);
response2 = webResource.header("authorization", value).header("Cookie", sid).type(MediaType.APPLICATION_XML).accept("*")
.post(ClientResponse.class, request);
if (response2.getStatus() != 200) {
System.out.println("MetaDataError: " + response2.getStatus());
}
String output2 = response2.getEntity(String.class);
//
// URL url = new URL("http://data.crea.ca/Metadata.svc/GetMetadata");
// HttpURLConnection connection = (HttpURLConnection) url.openConnection();
//
// // Set timeout as per needs
// connection.setConnectTimeout(20000);
// connection.setReadTimeout(20000);
//
// // Set DoOutput to true if you want to use URLConnection for output.
// // Default is false
// connection.setDoOutput(true);
//
// connection.setUseCaches(true);
// connection.setRequestMethod("POST");
//
// // Set Headers
// connection.setRequestProperty("Accept", "application/xml");
// connection.setRequestProperty("Content-Type", "application/xml");
// connection.setRequestProperty("Authorization", value);
// connection.setRequestProperty("Cookie", sid);
//
// // Write XML
// OutputStream outputStream = connection.getOutputStream();
// byte[] b = request.getBytes("UTF-8");
// outputStream.write(b);
// outputStream.flush();
// outputStream.close();
//
// // Read XML
// InputStream inputStream = connection.getInputStream();
// byte[] res = new byte[2048];
// int i = 0;
// StringBuilder response2 = new StringBuilder();
// while ((i = inputStream.read(res)) != -1) {
// response2.append(new String(res, 0, i));
// }
// inputStream.close();
System.out.println("Response of metadata= " + output2.toString());
//getMetadata( response.getCookies().get(1).toString(), value);
}
public static void getMetadata(String sessionId, String header) throws IOException {
System.out.println("Getting metadata..");
System.out.println("SessionID: " + sessionId.split(";")[0]);
System.out.println("Digest Header: " + header);
String sid = sessionId.split(";")[0];
String request = "<Employee><Name>Sunil</Name></<Employee>";
URL url = new URL("http://data.crea.ca/Metadata.svc/GetMetadata");
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
// Set timeout as per needs
connection.setConnectTimeout(20000);
connection.setReadTimeout(20000);
// Set DoOutput to true if you want to use URLConnection for output.
// Default is false
connection.setDoOutput(true);
connection.setUseCaches(true);
connection.setRequestMethod("POST");
// Set Headers
connection.setRequestProperty("Accept", "application/xml");
connection.setRequestProperty("Content-Type", "application/xml");
connection.setRequestProperty("Authorization", header);
connection.setRequestProperty("Cookie", sid);
// Write XML
OutputStream outputStream = connection.getOutputStream();
byte[] b = request.getBytes("UTF-8");
outputStream.write(b);
outputStream.flush();
outputStream.close();
// Read XML
InputStream inputStream = connection.getInputStream();
byte[] res = new byte[2048];
int i = 0;
StringBuilder response = new StringBuilder();
while ((i = inputStream.read(res)) != -1) {
response.append(new String(res, 0, i));
}
inputStream.close();
System.out.println("Response of metadata= " + response.toString());
}
private static Map<String,String> prepareParameters(MultivaluedMap<String, String> queryParameters) {
Map<String,String> parameters = new HashMap<String,String>();
for(String str : queryParameters.keySet()){
parameters.put(str, queryParameters.getFirst(str));
}
return parameters;
}
// For generating HA1 value
public String formHA1(String userName, String realm, String password) {
String ha1 = DigestUtils.md5Hex(userName + ":" + realm + ":" + password);
return ha1;
}
// For generating HA2 value
public String formHA2(String method, String uri) {
String ha2 = DigestUtils.md5Hex(method + ":" + uri);
return ha2;
}
// For generating response at client side
public String generateResponse(String ha1, String nonce, int nonceCount, String clientNonce, String qop,
String ha2) {
String response = DigestUtils
.md5Hex(ha1 + ":" + nonce + ":" + nonceCount + ":" + clientNonce + ":" + qop + ":" + ha2);
return response;
}
}
Output
401
{Cache-Control=[private], Server=[Microsoft-IIS/10.0], WWW-Authenticate=[Digest realm="CREA.Distribution", nonce="NjM3ODQ5NTI2NzgzNjk6OTRmMjM0NDJlMmVkZGY0MDI1YmE0MzkxNTM5NDhhNmY=", qop="auth"], X-AspNet-Version=[4.0.30319], Set-Cookie=[ARRAffinity=eb0215f43a7fdf079429ba39da6cd0de66afa6b4085fd1016024d539de9de1b3;Path=/;HttpOnly;Domain=data.crea.ca, ASP.NET_SessionId=y5ylejdp2f5q3siitg410lk5; path=/; HttpOnly; SameSite=Lax], Content-Length=[0], Date=[Thu, 07 Apr 2022 18:24:38 GMT], X-Powered-By=[ASP.NET], Content-Type=[application/xml; charset=utf-8]}
WWW-Authenticate: [Digest realm="CREA.Distribution", nonce="NjM3ODQ5NTI2NzgzNjk6OTRmMjM0NDJlMmVkZGY0MDI1YmE0MzkxNTM5NDhhNmY=", qop="auth"]
Digest Header: Digest username="CXLHfDVrziCfvwgCuL8nUahC", realm="CREA.Distribution", nonce="NjM3ODQ5NTI2NzgzNjk6OTRmMjM0NDJlMmVkZGY0MDI1YmE0MzkxNTM5NDhhNmY=", uri="/Login.svc/Login", qop=auth, nc=678, cnonce="afdjas0", response="f7d2445a27173c5e876e3b2833369e64", opaque=""
Complete Response:
GET http://data.crea.ca/Login.svc/Login returned a response status of 200 OK
Response header: {RETS-Request-ID=, Cache-Control=private, Server=Microsoft-IIS/10.0, X-AspNet-Version=4.0.30319, Set-Cookie=ARRAffinity=eb0215f43a7fdf079429ba39da6cd0de66afa6b4085fd1016024d539de9de1b3;Path=/;HttpOnly;Domain=data.crea.ca, RETS-Version=RETS/1.7.2, Content-Length=591, Date=Thu, 07 Apr 2022 18:24:38 GMT, X-Powered-By=ASP.NET, Content-Type=text/xml}
Cookie: X-SESSIONID=95b7bcc5-6d47-4494-936b-5bfaf3485679;Version=1
Getting metadata..
SessionID: X-SESSIONID=95b7bcc5-6d47-4494-936b-5bfaf3485679
Digest Header: Digest username="CXLHfDVrziCfvwgCuL8nUahC", realm="CREA.Distribution", nonce="NjM3ODQ5NTI2NzgzNjk6OTRmMjM0NDJlMmVkZGY0MDI1YmE0MzkxNTM5NDhhNmY=", uri="/Login.svc/Login", qop=auth, nc=678, cnonce="afdjas0", response="f7d2445a27173c5e876e3b2833369e64", opaque=""
MetaDataError: 401
Response of metadata=
java
cookies
jersey
realm
0 Answers
Your Answer