java - Android 401 Error connecting to REST service using HttpURLConnection -
i developing android application , want connect rest service using urlconnection. resource protected using digest authentication. can access rest service via browser. do not want use httpclient because urlconnection more current way connect future.
but when try access resource via the code below, 401 error java.io.filenotfoundexception. have researched thoroughly no success, solutions appreciated.
note: rest service has been developed using grails, running code in android emulator code developed in eclipse on windows 64 bit os.
code
url myurl = new url("http://10.0.2.2:8080/myrest/customers"); httpurlconnection myurlconnection = (httpurlconnection) myurl.openconnection(); string basicauth = "basic " + (base64.encode(userpass.getbytes(),android.util.base64.default)).tostring(); myurlconnection.setrequestproperty ("authorization", basicauth); try { int responsecode1 = ((httpurlconnection) myurlconnection).getresponsecode(); log.i("mylongoperation", "check connection" +integer.tostring(responsecode1) ); inputstream in = new bufferedinputstream(myurlconnection.getinputstream()); readstream(in); } { myurlconnection.disconnect(); }
i have tried setting authentication @ global level no effect
authenticator.setdefault(new authenticator() { protected passwordauthentication getpasswordauthentication() { return new passwordauthentication(username, password.tochararray()); } } );
i have referred article - no success. connecting remote url requires authentication using java
if resource protected "digest" sending "basic" authorization scheme in code not work because server not recognize it.
secondly, using "preemptive" authentication, setting authorization header w/o being requested kind of security hole. sending information server has not requested.
thirdly, "authenticator.setdefault" not requested there significant back-and-forth caused microsoft's implementation of http digest authentication (ymmv may vary on recollection of this). such, sun/oracle decided leave behavior disabled default per this document.
that said, may better off looking utilizing apache http client bundled android this. there bundled implementation digest authentication included. there example of "preemptive" digest authentication located here.
couple of caveats aware of:
- pay close attention "httphost" stored in "target" - must match exactly host name, protocol port, , protocol scheme used in url being retrieved.
- the example provided http client 4.2.x. not 100% sure of version included in android should able locate working examples.
update submitter has provided additional comments regard statement recommended google use httpurlconnection articles here , here.
while trust statements made tim bray regard reasoning why should using provided httpurlconnection object performing these calls, not agree should accepted on face value.
there no indication level of support of digest authentication provided implementation in android. mentioned earlier, httpurlconnection not support has been known buggy.
if decided going use http digest authentication, regardless of fact has been deemed unstable majority of community, attempt set following system properties in application possible during android lifecycle:
- http.auth.digest.validateserver="true"
- http.auth.digest.validateproxy="true"
by doing so, should enable digest authentication scheme.
i am, again, going re-iterate apache http client bundled android developed , designed address short-comings of basic java httpurlconnection, providing much broader , robust client dealing http(s) based data streams.
i recommend trying couple of things well, see if can configure container provide "basic" authentication protection. other, more complex option, possibly provide x.509 certificate based authentication.
i hope clarification helps goal.
Comments
Post a Comment