I am responsible for an Android app that monitors test results from various IDSs and network monitoring systems. For this we used a very basic company-wide API that was not protected in any way. In last week's update the team responsible for the API decided to implement basic access authentication. Since there are multiple servers running this API, not all of which use HTTPS we kept the client-side code protocol-agnostic. The code in question looks like this:
private String url;
public String obtainResource() throws IOException {
URL u;
try {
u = new URL(url);
} catch (MalformedURLException e) {
android.util.Log.e("obtainResource", e.getMessage());
//code for error message on device
return null;
}
BufferedReader reader;
try {
reader = new BufferedReader(new InputStreamReader(u.openStream()));
} catch (IOException e) {
android.util.Log.e("obtainResource", e.getMessage());
//code for error message on device
return null;
}
String line;
String ret = "";
while ((line = reader.readLine()) != null) {
if (ret != "") {
ret += "\n";
}
ret += line;
}
return ret;
}
Now we need to implement basic access authentication for both HTTP and HTTPS. Is it possible to do this without checking the URL string itself for the protocol so it stays protocol-agnostic?
