6

I have an application connecting to sites that require basic authentication. The sites are provided at run time and not known at compile time.

I am using HttpClient 4.2.

I am not sure if the code below is how I am supposed to specify basic authentication, but the documentation would suggest it is. However, I don't know what to pass in the constructor of AuthScope. I had thought that a null parameter meant that the credentials supplied should be used for all URLs, but it throws a NullPointerException, so clearly I am wrong.

m_client = new DefaultHttpClient();
UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(m_userName, m_password);
((DefaultHttpClient)m_client).getCredentialsProvider().setCredentials(new AuthScope((HttpHost)null), credentials);
Magnilex
  • 11,584
  • 9
  • 62
  • 84
user265330
  • 2,533
  • 6
  • 31
  • 42
  • client.getCredentialsProvider(). setCredentials( new AuthScope(proxyHost, proxyPort), new UsernamePasswordCredentials( proxyUser, proxyPassword)); This is correct way – MayurB Oct 10 '14 at 08:32

2 Answers2

7

AuthScope.ANY is what you're after: http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/auth/AuthScope.html

Try this:

    final HttpClient client = new HttpClient();
    client.getParams().setAuthenticationPreemptive(true);
    client.getState().setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(user.getUsername(), user.getPassword()));
    final GetMethod method = new GetMethod(uri);
    client.executeMethod(method);
Kieran
  • 5,906
  • 3
  • 24
  • 34
  • 1
    Thank you Kieran. I don't have a `getState` method on the client, but I guess we are just using different versions. I tried `AuthScope.ANY` as you suggested and it worked - thank you. Can I just ask you one other question - is the `setAuthenticationPreemptive(true)` necessary/recommended? – user265330 Jun 01 '12 at 12:47
  • 1
    Took me a while to see this comment. The `setAuthenticationPreemptive(true)` means the crendentials will be sent in the initial request without requiring an attempted request first without credentials and then getting a 401 and then providing them once challenged. – Kieran Jul 02 '12 at 10:16
  • 2
    This methods are not available in HttpClient4.1 – MayurB Oct 10 '14 at 08:31
3

From at least version 4.2.3 (I guess after version 3.X), the accepted answer is no longer valid. Instead, do something like:

private HttpClient createClient() {
    HttpParams params = new BasicHttpParams();
    HttpProtocolParams.setContentCharset(params, "UTF-8");

    Credentials credentials = new UsernamePasswordCredentials("user", "password");
    DefaultHttpClient httpclient = new DefaultHttpClient(params);
    httpclient.getCredentialsProvider().setCredentials(AuthScope.ANY, credentials);

    return httpclient;
}

The JavaDoc for AuthScope.ANY says In the future versions of HttpClient the use of this parameter will be discontinued, so use it at your own risk. A better option would be to use one of the constructors defined in AuthScope.

For a discussion on how to make requests preemptive, see:

Preemptive Basic authentication with Apache HttpClient 4

Community
  • 1
  • 1
Magnilex
  • 11,584
  • 9
  • 62
  • 84