users@jersey.java.net

Re: [Jersey] Basic Auth on the client side

From: Matthieu Riou <matthieu.riou_at_gmail.com>
Date: Wed, 28 Jan 2009 09:51:57 -0800

On Wed, Jan 28, 2009 at 9:16 AM, Steve Sims <steve_at_steveandgeorge.co.uk>wrote:

> Hi Matthieu,
>
> I originally used java.net.Authenticator.setDefault() but had problems
> setting it to null after each test (as in it would continue to send the same
> credentials). The other way to do it, as detailed in the thread that you
> mention, is to add a filter to the Jersey client which will create the HTTP
> Authorization header in the outgoing message which is required for Basic
> authentication.
>
> The following code snippet requires the Apache Commons Digest library to do
> the Base64 encoding:
>
> class BasicAuthenticationFilter extends ClientFilter {
>
> private String username;
> private String password;
>
> public BasicAuthenticationFilter(String username, String password) {
> this.username = username;
> this.password = password;
> }
>
> @Override
> public ClientResponse handle(ClientRequest cr) throws
> ClientHandlerException {
> if (null != username && null != password) {
> byte[] unencoded = (username + ":" +
> password).getBytes(Charset.forName("UTF-8"));
> byte[] cred = new Base64().encode(unencoded);
> String credString = new String(cred);
> String authHeader = "Basic " + credString;
> cr.getMetadata().add("authorization", authHeader);
> }
> // Call the next client handler in the filter chain
> return this.getNext().handle(cr);
> }
> }
>
> and then you just add it to the client like so:
>
> Client client = Client.create();
> ClientFilter authFilter = new BasicAuthenticationFilter("userid",
> "password);
> client.addFilter(authFilter);
>
> There's a minor issue (#196) which was fixed today in the trunk (thanks
> Paul!) which means that client.removeFilter(authFilter) will throw an
> exception, but then I'm only removing the filter because in some tests I
> wanted to change the credentials. I just worked around it by calling
> client.removeAllFilters() because that was the only filter I had attached.
>
> Obviously the above filter is pretty rough and won't do everything such as
> only sending the credentials when requested by the server etc. but it's
> something else that may fit the bill if Authenticator.setDefault() doesn't
> quite work.
>

Thanks Steve, much appreciated. I think I'll still try to build a client
from the current SVN content but if I can't make it work I'll fall back to
your approach.

Cheers,
Matthieu


>
> Hope this helps,
>
> Steve
>
>
> Paul Sandoz wrote:
>
>>
>> On Jan 28, 2009, at 5:22 PM, Matthieu Riou wrote:
>>
>> Hi,
>>>
>>> I was wondering what were the options to do Basic Auth with the Jersey
>>> client in 1.0.1. I've seen an e-mail thread dating back from November where
>>> a patch had been proposed but it doesn't seem it's been integrated in 1.0.1
>>> or maybe in a different form. I've been staring at the Javadoc for quite
>>> some time but couldn't find anything that looked like auth methods.
>>>
>>>
>> Currently the only way is to use the java.net.Authenticator [1] because by
>> default HttpURLConnection is utilized. Which is not ideal because it is a
>> static, per JVM, configuration.
>>
>> We are working on support using the Apache HTTP client where basic auth
>> can be set up on a per client basis. I hope this can make the 1.0.2 release,
>> i just need to work on the implementation to ensure it is thread safe.
>>
>> Paul.
>>
>> [1] http://java.sun.com/javase/6/docs/technotes/guides/net/http-auth.html
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
>> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>>
>>
>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>
>