1

I am trying to set up an Android app where I can access URL's behind arbitrary proxies or HTTP authentications. That is, the app won't know immediately if a URL needs authentication and will repond to an authentication request by asking the user for credentials, the same way it does for the Android Browser.

I recently worked out how to request user authentication for a WebView, responding to authentication requests from the browser, bringing up a dialog, and advancing the user to the destination page. I am looking to do the same with HttpClient.

The basic process, as I see it, is to:

  1. Perform the request via HttpClient.execute.
    • If not 401 or 407 with proper headers, trigger a "done" callback.
    • Otherwise...
  2. Pop up a dialog asking for the username and password.
  3. Set the http credentials in the HTTP client via HttpClient.getCredentialsProvider().setCredentials.
  4. Return to step 1 until the the user clicks cancel or the server gives up. In that case, trigger a "failed" callback with the last response received.

Am I on the right track or has someone already implemented something similar? I would hate to be reinventing the wheel on this.

Community
  • 1
  • 1
Brian Nickel
  • 26,890
  • 5
  • 80
  • 110

2 Answers2

0

You should try the authentication example on the apache site

httpclient.getCredentialsProvider().setCredentials(
                    new AuthScope("localhost", 443),
                    new UsernamePasswordCredentials("username", "password"));

The direct link to the java file is http://hc.apache.org/httpcomponents-client-ga/httpclient/examples/org/apache/http/examples/client/ClientAuthentication.java

Moog
  • 10,193
  • 2
  • 40
  • 66
  • Right, that's the third step in my solution. The first two steps are validating that there is an auth requirement (getting `AuthScope` from the response) and displaying the dialog (getting `UsernamePasswordCredentials` from the user). I'm really interested in if there's an existing implementation of the whole flow or if not, if there are any issues to be addressed within the flow. – Brian Nickel Jun 20 '12 at 22:54
  • Not a final answer but you might want to look at http://stackoverflow.com/a/10850182/808940 – Moog Jun 21 '12 at 07:22
0

The reactive approach described above did work. Responding to an arbitrary 401 or 407 request is effective with the caveat that you need to suppor each authentication scheme you expect to encounter so something like UsernamePasswordCredentials won't work for NTLM.

Brian Nickel
  • 26,890
  • 5
  • 80
  • 110