Java and Windows - Issue with auth over HTTPS

Question

I am using the default API in Eclipse to connect to a server over HTTPS. I have the chained certs installed in my keystore. However, Windows does not like it and throws up a certificate chaining error. On Ubuntu, it actually works fine!

Now, on Windows I have a "hack" that I saw on here that basically creates a TrustManager which enables all certs. For the time being, this is fine. I'll have to come back to it later, but, my current problem is that my code connects to the server, authenticates using uc.setRequestProperty("Authorization", "Basic " + encodedLogin); but returns back the HTML code for my form, which I actually thought I was logging into in the first place. Without that line, I get a 403.

When I went to the site in the browser, a login box popped up. When I logged in, it logged me in no problems. When I clicked Cancel and dismissed the login box, it took me to the exact HTML form that my code is returning. So either I need to somehow login to this popup box, or I need to authenticate a second time to log into the web form. I hope thats a clear enough explanation.

My ultimate goal is obviously to login and return an auth object back to my code for doing further communications with the site. I'm just stuck at this little niggly part for days! Any help is greatly appreciated!!

I have attached my code, plus the code of the HTML form.

Thanks.

My Code:

try
{
    String login = "MyUser:MyPass";
    byte[] encodedLogin = new Base64().encode(login.getBytes());

    StringBuilder parsedContentFromUrl = new StringBuilder();
    HttpsURLConnection uc = (HttpsURLConnection) webURL.openConnection();

    //uc.setRequestProperty("Proxy-Authorization", "Basic " + encodedLogin);
    uc.setRequestProperty("Authorization", "Basic " + encodedLogin);
    //uc.addRequestProperty("User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)");
    uc.connect();

    //uc.getInputStream();

    BufferedInputStream in = new BufferedInputStream(uc.getInputStream());
    //System.out.println(uc.getRequestProperty("WWW-Authenticate"));

    int ch;
    while ((ch = in.read()) != -1) {
       parsedContentFromUrl.append((char) ch);
    }
    System.out.println(parsedContentFromUrl);
}
catch (IOException e)
{
    System.out.println("IOException::"+e.getMessage());
    e.printStackTrace();
}

HTML Web form

<FORM METHOD=POST ACTION="/mylogin.form">
<FONT SIZE="+2">
<TABLE BORDER="0" WIDTH="400">
<TR>
<TD ALIGN="LEFT"><UL><LI>Username</LI></UL></TD>
<TD><INPUT NAME="username" SIZE="15"></TD>
</TR>
<TR>
<TD ALIGN="LEFT"><UL><LI>Password</LI></UL></TD>
<TD><INPUT TYPE="PASSWORD" NAME="password" SIZE="15"></TD>
</TR>
</TABLE>
</FONT>

<INPUT TYPE="HIDDEN" NAME="login-form-type" VALUE="pwd">

<BR><INPUT TYPE="SUBMIT" VALUE="Login">
</FORM>

Answer 1

HTTP authorization is not the same thing as logging into a web form.

You've got HTTP authorization working (i.e., fixed the 403 error) so you are being given the page you requested, which is a login page. The HTML shows you that in order to log into the form, you need to perform a POST on the /mylogin.form URL. Currently you are doing a GET on the URL for the login page.

It is unusual for a server to have two distinct authentication processes in parallel. The server might be misconfigured.