authenticate does not work #7

Open
wheineman opened this Issue Jan 17, 2012 · 8 comments

Comments

Projects
None yet
6 participants

authenticate method is not working. There doesn't seem to be a testcase for authenticate.

Owner

beders commented Jan 17, 2012

Do you have an example where it doesn't work?
r.authenticate expects an URL prefix that is matched exactly.
Resty will send the authentication headers for any URL that starts with that prefix.
What URLs are you using?

Hi @beders,

I'm using Resty 0.3.1, and I can't seem to get HTTP Basic Authentication to work. I receive an error when I use the json() method. Here is the stack trace:

java.lang.NullPointerException
at us.monoid.web.auth.RestyAuthenticator.getPasswordAuthentication(RestyAuthenticator.java:30)
at java.net.Authenticator.requestPasswordAuthentication(Authenticator.java:162)
at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.getAuthorizationCredentials(HttpURLConnectionImpl.java:1182)
at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.processAuthHeader(HttpURLConnectionImpl.java:1155)
at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.processResponseHeaders(HttpURLConnectionImpl.java:1095)
at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.retrieveResponse(HttpURLConnectionImpl.java:1048)
at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:512)
at us.monoid.web.AbstractResource.fill(AbstractResource.java:34)
at us.monoid.web.Resty.fillResourceFromURL(Resty.java:417)
at us.monoid.web.Resty.doGET(Resty.java:373)
at us.monoid.web.Resty.json(Resty.java:189)
at us.monoid.web.Resty.json(Resty.java:177)
...

I'm new to Java, so I could be completely wrong, but I noticed that there's a reference to the method getRequestingURL(), but it's not defined anywhere else in the code:
https://github.com/beders/Resty/blob/master/src/main/java/us/monoid/web/auth/RestyAuthenticator.java#L28

To work around this bug, I'm using the alwaysSend() method instead, performing the Base64 encoding myself, like so:

Resty resty = new Resty();
String encodedString = Base64.encodeToString((username + ":" + password).getBytes("UTF-8"), android.util.Base64.DEFAULT);
resty.alwaysSend("Authorization", "Basic " + encodedString);

Object name = resty.json(baseURI + "/users/new").get("user.firstName");
System.out.println(name);

Thanks for this library!

Owner

beders commented Feb 28, 2012

Thank you for trying Resty.

The problem is that sometimes the request URL for an authentication is null, which is unexpected.
I need to work around this issue somehow.

Thank you so much for sharing your work-around!

Cheers,
Jochen

On Feb 27, 2012, at 1:54 PM, Todd Mazierski wrote:

Hi @beders,

I'm using Resty 0.3.1, and I can't seem to get HTTP Basic Authentication to work. I receive an error when I use the json() method. Here is the stack trace:

java.lang.NullPointerException
at us.monoid.web.auth.RestyAuthenticator.getPasswordAuthentication(RestyAuthenticator.java:30)
at java.net.Authenticator.requestPasswordAuthentication(Authenticator.java:162)
at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.getAuthorizationCredentials(HttpURLConnectionImpl.java:1182)
at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.processAuthHeader(HttpURLConnectionImpl.java:1155)
at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.processResponseHeaders(HttpURLConnectionImpl.java:1095)
at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.retrieveResponse(HttpURLConnectionImpl.java:1048)
at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:512)
at us.monoid.web.AbstractResource.fill(AbstractResource.java:34)
at us.monoid.web.Resty.fillResourceFromURL(Resty.java:417)
at us.monoid.web.Resty.doGET(Resty.java:373)
at us.monoid.web.Resty.json(Resty.java:189)
at us.monoid.web.Resty.json(Resty.java:177)
...

I'm new to Java, so I could be completely wrong, but I noticed that there's a reference to the method getRequestingURL(), but it's not defined anywhere else in the code:
https://github.com/beders/Resty/blob/master/src/main/java/us/monoid/web/auth/RestyAuthenticator.java#L28

To work around this bug, I'm using the alwaysSend() method instead, performing the Base64 encoding myself, like so:

Resty resty = new Resty();
String encodedString = Base64.encodeToString((username + ":" + password).getBytes("UTF-8"), android.util.Base64.DEFAULT);
resty.alwaysSend("Authorization", "Basic " + encodedString);

Object name = resty.json(baseURI + "/users/new").get("user.firstName");
System.out.println(name);

Thanks for this library!


Reply to this email directly or view it on GitHub:
#7 (comment)

Owner

beders commented Feb 28, 2012

Todd, what version of Java are you using?

org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.getAuthorizationCredentials(
is not a Sun Java class.
I suspect we are dealing with a compatibility problem here and the requestingURL of the Authenticator class I'm using is not set up correctly by the harmony implementation.

On Feb 27, 2012, at 1:54 PM, Todd Mazierski wrote:

Hi @beders,

I'm using Resty 0.3.1, and I can't seem to get HTTP Basic Authentication to work. I receive an error when I use the json() method. Here is the stack trace:

java.lang.NullPointerException
at us.monoid.web.auth.RestyAuthenticator.getPasswordAuthentication(RestyAuthenticator.java:30)
at java.net.Authenticator.requestPasswordAuthentication(Authenticator.java:162)
at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.getAuthorizationCredentials(HttpURLConnectionImpl.java:1182)
at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.processAuthHeader(HttpURLConnectionImpl.java:1155)
at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.processResponseHeaders(HttpURLConnectionImpl.java:1095)
at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.retrieveResponse(HttpURLConnectionImpl.java:1048)
at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:512)
at us.monoid.web.AbstractResource.fill(AbstractResource.java:34)
at us.monoid.web.Resty.fillResourceFromURL(Resty.java:417)
at us.monoid.web.Resty.doGET(Resty.java:373)
at us.monoid.web.Resty.json(Resty.java:189)
at us.monoid.web.Resty.json(Resty.java:177)
...

I'm new to Java, so I could be completely wrong, but I noticed that there's a reference to the method getRequestingURL(), but it's not defined anywhere else in the code:
https://github.com/beders/Resty/blob/master/src/main/java/us/monoid/web/auth/RestyAuthenticator.java#L28

To work around this bug, I'm using the alwaysSend() method instead, performing the Base64 encoding myself, like so:

Resty resty = new Resty();
String encodedString = Base64.encodeToString((username + ":" + password).getBytes("UTF-8"), android.util.Base64.DEFAULT);
resty.alwaysSend("Authorization", "Basic " + encodedString);

Object name = resty.json(baseURI + "/users/new").get("user.firstName");
System.out.println(name);

Thanks for this library!


Reply to this email directly or view it on GitHub:
#7 (comment)

@beders beders added a commit that referenced this issue Feb 28, 2012

@beders beders Support for authentication realms if the underlying connection URL is…
… not delivering requestingURL to the Authenticator class

(fix for issue #7)
9881b96
Owner

beders commented Feb 28, 2012

The current head version has a new call Resty.authenticateForRealm
which allows you to set login/password for the HTTP realm send by the server.
(The realm can be found in header WWW-Authenticate)

On Feb 27, 2012, at 1:54 PM, Todd Mazierski wrote:

Hi @beders,

I'm using Resty 0.3.1, and I can't seem to get HTTP Basic Authentication to work. I receive an error when I use the json() method. Here is the stack trace:

java.lang.NullPointerException
at us.monoid.web.auth.RestyAuthenticator.getPasswordAuthentication(RestyAuthenticator.java:30)
at java.net.Authenticator.requestPasswordAuthentication(Authenticator.java:162)
at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.getAuthorizationCredentials(HttpURLConnectionImpl.java:1182)
at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.processAuthHeader(HttpURLConnectionImpl.java:1155)
at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.processResponseHeaders(HttpURLConnectionImpl.java:1095)
at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.retrieveResponse(HttpURLConnectionImpl.java:1048)
at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:512)
at us.monoid.web.AbstractResource.fill(AbstractResource.java:34)
at us.monoid.web.Resty.fillResourceFromURL(Resty.java:417)
at us.monoid.web.Resty.doGET(Resty.java:373)
at us.monoid.web.Resty.json(Resty.java:189)
at us.monoid.web.Resty.json(Resty.java:177)
...

I'm new to Java, so I could be completely wrong, but I noticed that there's a reference to the method getRequestingURL(), but it's not defined anywhere else in the code:
https://github.com/beders/Resty/blob/master/src/main/java/us/monoid/web/auth/RestyAuthenticator.java#L28

To work around this bug, I'm using the alwaysSend() method instead, performing the Base64 encoding myself, like so:

Resty resty = new Resty();
String encodedString = Base64.encodeToString((username + ":" + password).getBytes("UTF-8"), android.util.Base64.DEFAULT);
resty.alwaysSend("Authorization", "Basic " + encodedString);

Object name = resty.json(baseURI + "/users/new").get("user.firstName");
System.out.println(name);

Thanks for this library!


Reply to this email directly or view it on GitHub:
#7 (comment)

ecdiddy commented Jul 28, 2012

I'm also having problems with the authentication. But with my case for some reason I'm always getting the 401 unauthorized error. I believe there is something wrong with setting the parameters for username and password. I am absolutely sure the credentials I set are correct and I verified this by using Poster plugin in the Chrome browser.

below is the code that i am using...

resty.authenticate("http://localhost/drupal/rest-api/user/login", "ecxxxx", "xxxx".toCharArray());
resty.json("http://localhost/drupal/rest-api/user/login.json");

And below is the error output.

java.io.IOException: Server returned HTTP response code: 401 for URL: http://localhost/drupal/rest-api/user/login.json
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1436)
    at us.monoid.web.AbstractResource.fill(AbstractResource.java:34)
    at us.monoid.web.Resty.fillResourceFromURL(Resty.java:417)
    at us.monoid.web.Resty.doPOSTOrPUT(Resty.java:379)
    at us.monoid.web.Resty.json(Resty.java:208)
    at us.monoid.web.Resty.json(Resty.java:213)
    at MassimoDuttiItem.saveResty(MassimoDuttiItem.java:56)
    at EmParisParser.main(EmParisParser.java:43)

I also tried setting the form values like so ...

resty.json("http://localhost/drupal/rest-api/user/login", Resty.form(Resty.data("username", "ecdiddy")));

and receive the same error. I checked my server logs and my login module doesn't recognize the username that was set. It thinks it is accessing as an anonymous user. That is why I believe there is something wrong with the setting form parameters with this resty function.

I'm not sure if authenticateForRealm is the solution for this issue which mentions about not delivering the URL. Is anyone else facing this issue?

I have the same problem as ecdiddy re: authenticate() not working. Maybe the author could provide an example and some more explanation in the documentation? I'm doing HTTPS, as will most real-world users wanting to authenticate.

Non-Android version of Todd's solution:
byte[] encoded = Base64.encodeBase64((uid + ":" + pw).getBytes());
String value = "Basic " + new String(encoded);
resty.alwaysSend("Authorization",value );

djschny commented Feb 24, 2016

Seeing this issue as well, appears that not authentication is being attempted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment