0

I am attempting to help a student write an android app that will contact a specific webserver. From the looks of the website, you can issue a GET requestion with your web browser and you get back a cookie session and an "authenticity token" (see the source of the page as an invisible input)

We issue a GET request and then want to follow it up with the post, but we are receiving a status code of 404 on the post. On a side note, the first GET request returns a code of 200.

Does anyone have any ideas? Below is the code that gets executed...

public void run()
    {
        HttpClient httpClient = new DefaultHttpClient();
        HttpGet httpGet = new HttpGet("https://co22.herokuapp.com/login/");
        HttpPost httpPost = new HttpPost("https://co22.herokuapp.com/login/sessions");
        HttpResponse response;

        try
        {
            response = httpClient.execute(httpGet);


            Log.d("matt",response.getStatusLine().toString());


            List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(2);
            nameValuePairs.add(new BasicNameValuePair("session[network_id]", username));
            nameValuePairs.add(new BasicNameValuePair("session[password]", password));
            nameValuePairs.add(new BasicNameValuePair("authenticity_token","9yvxPOUpRFdsTeHAZtISEfBHpElDTHzvMjAbQnxOHDM="));
            httpPost.setEntity(new UrlEncodedFormEntity(nameValuePairs));


            response = httpClient.execute(httpPost);
            Log.d("matt",response.getStatusLine().toString());

        } 
        catch (ClientProtocolException e)
        {
            // TODO Auto-generated catch block
            e.printStackTrace();
        } 
        catch (IOException e)
        {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }


    }
Matthew
  • 3,886
  • 7
  • 47
  • 84
  • "help a student write" - doesn't "to study" means doing something on your own? – Marcin Orlowski Nov 21 '12 at 23:24
  • Well if the prof can't help him study, what good is the prof? – Matthew Nov 21 '12 at 23:29
  • Then, perhaps, he should not be a student. – Marcin Orlowski Nov 21 '12 at 23:30
  • You say you get back a cookie with an authenticity token on the GET request, but here it looks like the authenticity token is hard-coded in. Which is it? – John Leehey Nov 21 '12 at 23:38
  • @JohnLeehey Both actually... there is a cookie returned and a hard-coded token. You can view the token in the source HTML file – Matthew Nov 22 '12 at 00:50
  • are you sure you are supposed to be hard-coding the token? In my previous experience with authentication sources, you must parse the authentication token from the GET request and use it in the following requests. It is all dependent on the site's security mechanisms though. – John Leehey Nov 22 '12 at 00:54
  • Yeah, sorry, this question isn't about the website, because we don't control that. We control the Android app that uses the httpGet, httpPost, httpClient. We just know if we navigate using a web browser to the site, it works just fine, but we can't do the same exchange of data with the above mentioned objects – Matthew Nov 22 '12 at 01:01
  • Would it have anything to do with the fact that the website is https? – Matthew Nov 22 '12 at 01:48
  • That could very well be it. You can configure your HTTP requests to have an accept-all policy from a custom SSL Socket factory. Take a look at [this answer](http://stackoverflow.com/a/4837230/342745) for an example. – John Leehey Nov 22 '12 at 02:04

1 Answers1

0

It appears that the above will work correctly, but we were just sending the second post request to the wrong website.

Matthew
  • 3,886
  • 7
  • 47
  • 84