1

I'm new to writing network code, and not very familiar with Java programming.

I'm trying to write a snippet to log into a website. I need to use http POST to submit the username and password.

I wrote a version using Apache http components and it worked fine, I could see there was a HTTP POST when monitoring the connection using Wireshark.

StringEntity loginForm = new StringEntity(postData);
HttpPost loginPost = new HttpPost(LOG_IN_URL);
loginPost.addHeader("Content-Type", "application/x-www-form-urlencoded");
loginPost.setEntity(loginForm);
client.execute(loginPost);

The version above worked.

The postData is 

private static String getPostData(String checkCode) {
    String postinfo1 = "operation=&usercode_text=myusername&userpwd_text=password&checkcode_text=";
    String postinfo2 = "&submittype=%C8%B7+%C8%CF";
    String postData = postinfo1 + checkCode + postinfo2;
    return postData;
}

Then I wrote another one using HttpUrlConnection

URL logInUrl = new URL(LOG_IN_URL);
HttpURLConnection logConn = (HttpURLConnection) logInUrl.openConnection();
logConn.setDoOutput(true);
logConn.setRequestMethod("POST");
logConn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
logConn.setChunkedStreamingMode(0);
OutputStream out = logConn.getOutputStream();
BufferedWriter logPost = new BufferedWriter(new OutputStreamWriter(out));
logPost.print(postData);
logPost.close();

After this block is executed, I can only see some TCP packages on Wireshark, but not a HTTP POST after them (as in the case with the Apache http components version), and I cannot log in to the website.

I am curious about the possible difference in the two versions of code the cause the latter to fail.

UPDATE I don't know why. But after I added 

logConn.getResponseCode();

It works now. (Deleting this line it will fail). Can anyone explain why?

leafpile
  • 143
  • 1
  • 9
  • Is the URL you are trying to access secure? If so, then you would need to access it via HTTPS using `HttpsURLConnection`. Can you share the url with us? – Tim Biegeleisen Feb 19 '16 at 06:32
  • @Tim Nope, it's not using HTTPS. I will post the Apache http client code which worked. – leafpile Feb 19 '16 at 06:33
  • How could you possibly be logging in when you never pass any credentials to the site? And I believe that a request is going out, perhaps you are reading Wireshark wrongly. – Tim Biegeleisen Feb 19 '16 at 06:35
  • 1
    what is your `postData`? – Scary Wombat Feb 19 '16 at 06:37
  • @Tim It's my school's website. I don't know the detail, but in the postData, I put the username, encrypted password and a validate code (to ensure I'm not a robot), then the website gives back a JSESSIONID cookie, with which I can access my class schedule, etc. – leafpile Feb 19 '16 at 06:38
  • The wombat noticed that you don't appear to be ever setting any post data in your Java code. Can you include this code if you actually even have it? – Tim Biegeleisen Feb 19 '16 at 06:40
  • One last question: What is your current output from the POST call? Is there any error message present? – Tim Biegeleisen Feb 19 '16 at 06:46
  • @Tim I think I got a 200, and then redirected to the "log in" page again when I try to access other parts of the website. In the version that worked, I could then go on to access my schedule in the website with the cookie. – leafpile Feb 19 '16 at 06:47
  • If you're getting a 200, then this implies the call succeeded. I'm not even convinced you have a problem right now. Just take the access token and get on with the rest of your project. – Tim Biegeleisen Feb 19 '16 at 06:49
  • Don't use `PrintWriter` over the network. It swallows exceptions you need to know about. Use `BufferedWriter.write()`. – user207421 Feb 19 '16 at 06:49
  • @Tim But I cannot access other parts of the website, which means that I haven't successfully logged in. I will check the response code, just to be sure. My school's website is not a well-written one though! – leafpile Feb 19 '16 at 06:51
  • @EJP Could you give some more detail? I'm really new to this :) – leafpile Feb 19 '16 at 06:52
  • Please investigate the response you are getting back, as it seems you are getting something back. And pay heed to the comment by @EJP. – Tim Biegeleisen Feb 19 '16 at 06:52
  • @Tim It's a 200. This is weird. – leafpile Feb 19 '16 at 06:54
  • No, it's not weird at all. The `200` response just means that the HTTP call completed end-to-end without a network failure, drop, etc. The response body itself you got back can be chock full of errors. Please investigate this before making more comments. – Tim Biegeleisen Feb 19 '16 at 06:56
  • @Tim I tried to use wrong username in the Apache http client version before, and the response is always 200 with empty body. The difference was only that I got redirected to log in page when trying to access other pages. – leafpile Feb 19 '16 at 06:58
  • This is my last comment: Try using SOAP UI as a sanity check to make sure you have the right credentials. Then check the contents of that `200` response and get your house in order. – Tim Biegeleisen Feb 19 '16 at 06:59

0 Answers0