Trying to obtain a DOMINO HTTP Session using HttpClient — RESPONSE CODE is always 200

Question

MY Domino Sever is enabled for Session Authentication and the HTTP Port number is configured to 8080.

When I execute the below program to obtain a domino HTTP session I always get the below out put.

I know RESPONSE CODE 200 indicates smooth operation. But I don't see any HTTP session created on the server. Even if I provide wrong credentials to the UsernamePasswordCredentials("xxxxx", "xxxxx") still it is returning 200 as its response code. Any suggestions on this ?

public class ClientAuthentication { 

  public static void main(String[] args) {

         DefaultHttpClient httpclient = new DefaultHttpClient();
            try {


                httpclient.getCredentialsProvider().setCredentials( new AuthScope("10.40.xx.xx", 8080), 
                                                                        new UsernamePasswordCredentials("xxxxx", "xxxxx"));
                HttpPost httppost = new HttpPost("http://10.40.xx.xx:8080/names.nsf?Login");
                System.out.println("executing request" + httppost.getRequestLine());
                HttpResponse response = httpclient.execute(httppost);

                HttpEntity entity = response.getEntity();

                if (response.getStatusLine().getStatusCode() == HttpURLConnection.HTTP_OK){ 
                    System.out.println("---------------OKAY OKAY-------------------------");
                     System.out.println("RESPONSE CODE " + response.getStatusLine().getStatusCode());
                }

                if (entity != null) {
                    System.out.println("Response content length: " + entity.getContentLength());
                }


            } catch (Exception e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }



  }

}

OUTPUT :

executing requestPOST http://10.40.xx.xx:8080/names.nsf?Login HTTP/1.1
---------------OKAY OKAY-------------------------
RESPONSE CODE 200
Response content length: 4256

Answer 1

You are set up for session authentication. but you are attempting to do basic authentication via the default getCredentialsProvider. The 200 response that you are getting is the actual session authentication login form, which you are supposed to POST.

The proper sequence is

• Do a GET with the URL of the database you are logging into
• Receive 200 with the server's login form as the response
• Fill in the username and password name/value pairs for the form data and POST it

Theoretically you should write your own class that implements the CredentialsProvider interface tailored to the Domino session authentication form, and use it with your own DominoHttpClient class extending AbstractHttpClient in order to implement this seuqence cleanly; but I don't think it's really worth that effort.

Answer 2

Narasimha, as @Richard has pointed out, your request does not have session id when you post it. The server considers it as new request and hence offers login page.

Now to get around this problem, you need access the site at least once before actually posting the login request. You can request login page for that.

Put the following code Before execute the post request.

HttpMethod method = new GetMethod("http://10.40.xx.xx:8080/names.nsf?Login");
httpclient.executeMethod(method);

This will create a session id which will be passed in the subsequent requests.