views:

237

answers:

2

Hi all,

I was wondering if any of you know how to 'log-off' basic authentication (BA) using the java.net.Authenticator class. I know that BA doesn't have a log-off method, and that you have to close and reopen the browser to end the session. Question is, how do you 'close and reopen the browser' within java code? That is, I'm connecting via java, not a borwser, so how to I get the JVM to 'deauthenticate' itself?

Context: I'm writing an app to post tweets to multiple twitter accounts using BA. I can use the java.net.* to post the tweet for one account (and can see that it calls my authenticator class) but when I try and post the tweet for the second, I can't see any second call to the authenticator, and the tweet get's fired off to the first account.

Is it possible to get the Authenticator to re-authenticate, or is this a dead end?If so, I may just end up using OAuth instead.

Many thanks in advance for any insight you can offer!

Shane

    static class MyAuthenticator extends Authenticator {

    private String username, password;

    public MyAuthenticator(String user, String pass) {
        username = user;
        password = pass;
    }

    protected PasswordAuthentication getPasswordAuthentication() {
        System.out.println("Requesting Host  : " + getRequestingHost());
        System.out.println("Requesting Scheme : " + getRequestingScheme());
        System.out.println("Requesting Site  : " + getRequestingSite());
        return new PasswordAuthentication(username, password.toCharArray());
    }
}

public void tweet(AutoTwitterAccount acc, String tweet) { Authenticator.setDefault(null);

    Authenticator.setDefault(new MyAuthenticator(acc.getUserName(), acc.getPassword()));
    try {
        /* First login the session and fire off tweet*/
        URL url = new URL(AutoTweeter.TWEET_URL);
        HttpURLConnection conn = (HttpURLConnection) url.openConnection();
        conn.setDoOutput(true);
        conn.setRequestMethod("POST");
        conn.setRequestProperty("User-Agent", "Mozilla/4.0");
        conn.setRequestProperty("User-Agent", AGENT);
        conn.setRequestProperty("Content-Type", TYPE);
        conn.setRequestProperty("Content-Length", "" + tweet.length());
                ...fire off tweet....
        conn.disconnect();

Thanks once again!

+1  A: 

If the Authenticator indeed does not get called again (and even resetting it to another one does not work, which apparently is the case due to a bug), then you can forgo Authenticator and send the HTTP Basic Auth header manually:

URL url = new URL("http://www.example.com/comment");
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
connection.setRequestProperty("Authorization:",
"Basic "+codec.encodeBase64String(("username:password").getBytes());
Thilo
Thanks Thilo, that looks like the money! Will try this out as soon as I can.
A: 

I tried that but it still wouldn't authenticate, but I've gotten around this by using a co-workers utility class to construct HTTP request myself and writing it to the socket directly, bypassing Sun's Http classes. But thanks for your answer anyway!