HttpClientBuilder basic auth

by

From the Preemptive Authentication Documentation here:

http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html

By default, httpclient will not provide credentials preemptively, it will first create a HTTP request without authentication parameters. This is by design, as a security precaution, and as part of the spec. But, this causes issues if you don’t retry the connection, or wherever you’re connecting to expects you to send authentication details on the first connection. It also causes extra latency to a request, as you need to make multiple calls, and causes 401s to appear in the logs.

The workaround is to use an authentication cache to pretend that you’ve already connected to the server once. This means you’ll only make one HTTP call and won’t see a 401 in the logs: 

CloseableHttpClient httpclient = HttpClientBuilder.create().build();

HttpHost targetHost = new HttpHost("localhost", 80, "http");
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(
        new AuthScope(targetHost.getHostName(), targetHost.getPort()),
        new UsernamePasswordCredentials("username", "password"));

// Create AuthCache instance
AuthCache authCache = new BasicAuthCache();
// Generate BASIC scheme object and add it to the local auth cache
BasicScheme basicAuth = new BasicScheme();
authCache.put(targetHost, basicAuth);

// Add AuthCache to the execution context
HttpClientContext context = HttpClientContext.create();
context.setCredentialsProvider(credsProvider);
context.setAuthCache(authCache);

HttpGet httpget = new HttpGet("https://stackoverflow.com/");
for (int i = 0; i < 3; i++) {
    CloseableHttpResponse response = httpclient.execute(
            targetHost, httpget, context);
    try {
        HttpEntity entity = response.getEntity();

    } finally {
        response.close();
    }
}

Please note: You need to trust the host you’re connecting to, and if you’re using HTTP, your username and password will be sent in cleartext (well, base64, but that doesn’t count).

You should also be using a much more specific Authscope rather than relying on AuthScope .ANY_HOST and AuthScope.ANY_PORT like in your example.

More Related Contents:

  1. What is the difference between CloseableHttpClient and HttpClient in Apache HttpClient API?
  2. Trusting all certificates using HttpClient over HTTPS
  3. How can I get an HTTP response body as a string?
  4. Android project using httpclient –> http.client (apache), post/get method
  5. HttpClient 4.0.1 – how to release connection? [duplicate]
  6. How to read Excel cell having Date with Apache POI?
  7. Docx to Pdf Converter in java
  8. How do I use an SSL client certificate with Apache HttpClient?
  9. Apache poi Excel line chart points
  10. how to make log4j to write to the console as well
  11. The type MultipartEntity is deprecated
  12. Apache HTTPClient SSLPeerUnverifiedException
  13. Removing a row from an Excel sheet with Apache POI HSSF
  14. Apache POI autoSizeColumn Resizes Incorrectly
  15. java.net.SocketException: Too many open files
  16. java.lang.NoSuchFieldError: org.apache.http.message.BasicLineFormatter.INSTANCE from Mashape Unirest in Java application
  17. Apache HttpClient timeout
  18. How to get an Excel Blank Cell Value in Apache POI?
  19. Apache HttpClient 4.0.3 – how do I set cookie with sessionID for POST request?
  20. Jsoup connection with basic access authentication
  21. How to perform Basic Authentication for FirefoxDriver, ChromeDriver and IEdriver in Selenium WebDriver?
  22. HTTPClient Example – Exception in thread “main” java.lang.NoSuchFieldError: INSTANCE
  23. Receiving Multipart Response on client side (ClosableHttpResponse)
  24. HttpClient.getParams() deprecated. What should I use instead?
  25. javax.net.ssl.SSLPeerUnverifiedException: Host name does not match the certificate subject provided by the peer
  26. Sending HTTP Post request with SOAP action using org.apache.http
  27. apache POI java.lang.NoClassDefFoundError: org/apache/commons/compress/archivers/zip/ZipFile
  28. How to use Socks 5 proxy with Apache HTTP Client 4?
  29. Reading data from xlsx with Apache POI’s SXSSFSheet
  30. Spring Security HTTP Basic Authentication

Leave a Comment