Java HttpClient and Devise Authentication Issues

3
votes

I'm running devise on a web server and I'm trying to get a Java application to authenticate. After the application is authenticated, devise should authorize the application to create and update records on the web server.

I'm looking at the rails server log, to compare what the web form is posting versus my application. Here are the different outputs:

Web Form (Working)

Parameters: {"utf8"=>"Γ£ô", "authenticity_token"=>"vYC9qd0dVIUH7B/wCHW59JwZquX4yaiogXZ32pbn1So=", "user"=>{"username"=>"user", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Sign in"}

Application (Not Working)

Parameters: {"utf8"=>"?", "username"=>"user", "password"=>"[FILTERED]", "commit"=>"Sign in"}

This is my app's code

    public void webLogin(String methodName, String username, String password) {        
        httpPost = new HttpPost(webServiceUrl+methodName);

        try {
            // Add your data
            List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(2);
            nameValuePairs.add(new BasicNameValuePair("utf8", Character.toString('\u2713')));
            nameValuePairs.add(new BasicNameValuePair("username", username));
            nameValuePairs.add(new BasicNameValuePair("password", password));
            nameValuePairs.add(new BasicNameValuePair("commit", "Sign in"));
            httpPost.setEntity(new UrlEncodedFormEntity(nameValuePairs));

            // Execute HTTP Post Request
            HttpResponse response = httpClient.execute(httpPost);

        } catch (ClientProtocolException e) {
            // TODO Auto-generated catch block
        } catch (IOException e) {
            // TODO Auto-generated catch block
        }
    }

The obvious difference is that the username and password are nested into a user structure. So my question is, how do I create that structure?

EDIT HTTP Header Info

    Request URL:http://localhost:3000/users/sign_in
    Request Method:POST
    Status Code:302 Found
    Request Headersview source
    Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
    Accept-Encoding:gzip,deflate,sdch
    Accept-Language:en-US,en;q=0.8
    Cache-Control:max-age=0
    Connection:keep-alive
    Content-Length:197
    Content-Type:application/x-www-form-urlencoded
    Cookie:_WebApp_session=BAh7CEkiCmZsYXNoBjoGRUZvOiVBY3Rpb25EaXNwYXRjaDo6Rmxhc2g6OkZsYXNoSGFzaAk6CkB1c2VkbzoIU2V0BjoKQGhhc2h7BjoKYWxlcnRUOgxAY2xvc2VkRjoNQGZsYXNoZXN7BjsKSSIfSW52YWxpZCBlbWFpbCBvciBwYXNzd29yZC4GOwBUOglAbm93bzokQWN0aW9uRGlzcGF0Y2g6OkZsYXNoOjpGbGFzaE5vdwY6C0BmbGFzaEAHSSIPc2Vzc2lvbl9pZAY7AEZJIiU4ODVjM2QxNmNkMTI4YWYxN2E5YzEyNmRjYWI1OTI1YgY7AFRJIhBfY3NyZl90b2tlbgY7AEZJIjFNVkV4aFNoSnZsQmhxRUFVdjZtZ0ZBblNVQzJjbU1Kb0l3N1U1OHErNUlVPQY7AEY%3D--8b8a1fcee6c194b938781fa60ddb3a91b1ac8c7c
    Host:localhost:3000
    Origin:http://localhost:3000
    Referer:http://localhost:3000/users/sign_in
    User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
    Form Dataview URL encoded
    utf8:✓
    authenticity_token:MVExhShJvlBhqEAUv6mgFAnSUC2cmMJoIw7U58q 5IU=
    user[username]:user
    user[password]:password
    user[remember_me]:0
    commit:Sign in
    Response Headersview source
    Cache-Control:no-cache
    Connection:Keep-Alive
    Content-Length:88
    Content-Type:text/html; charset=utf-8
    Date:Thu, 26 Jan 2012 03:57:57 GMT
    Location:http://localhost:3000/
    Server:WEBrick/1.3.1 (Ruby/1.9.2/2011-07-09)
    Set-Cookie:_WebApp_session=BAh7CUkiCmZsYXNoBjoGRUZvOiVBY3Rpb25EaXNwYXRjaDo6Rmxhc2g6OkZsYXNoSGFzaAk6CkB1c2VkbzoIU2V0BjoKQGhhc2h7ADoMQGNsb3NlZEY6DUBmbGFzaGVzewY6C25vdGljZUkiHFNpZ25lZCBpbiBzdWNjZXNzZnVsbHkuBjsAVDoJQG5vd286JEFjdGlvbkRpc3BhdGNoOjpGbGFzaDo6Rmxhc2hOb3cGOgtAZmxhc2hAB0kiD3Nlc3Npb25faWQGOwBGSSIlYmZkMDkwNDA1ZGZkN2JmZTA1OWM0MDNmZDIxYzU1ODMGOwBUSSIQX2NzcmZfdG9rZW4GOwBGSSIxTVZFeGhTaEp2bEJocUVBVXY2bWdGQW5TVUMyY21NSm9JdzdVNThxKzVJVT0GOwBGSSIZd2FyZGVuLnVzZXIudXNlci5rZXkGOwBUWwhJIglVc2VyBjsARlsGaQciIiQyYSQxMCR0b0tHc0FJTWpHRXQxSXp1aWVCRlBl--9e1e39fb97a4452e3693c65cc5f1ac4ad9855c37; path=/; HttpOnly
    X-Runtime:0.231013
    X-Ua-Compatible:IE=Edge
2
javaruby-on-railsdevisehttpclient
What does the request from the web page look like? I don't think HTTP has a way to send objects like that, I suspect that ror has some way of recognizing certain strings as serialized objects.user684934
Did I post what you were asking for bdares?david

2 Answers

2
votes

Seeing as to what kind of request is working, I'd try this:

nameValuePairs.add(new BasicNameValuePair("authenticity_token", myToken));
nameValuePairs.add(new BasicNameValuePair("user[username]", username));
nameValuePairs.add(new BasicNameValuePair("user[password]", password));
nameValuePairs.add(new BasicNameValuePair("user[remember_me]", 0));
nameValuePairs.add(new BasicNameValuePair("commit", "Sign in"));
0
votes

I think while making post request you also need to send your authenticty_token.

"authenticity_token"=>"vYC9qd0dVIUH7B/wCHW59JwZquX4yaiogXZ32pbn1So="

What authenticity_token does ?

When the user views a form to create, update, or destroy a resource, the rails app would create a random authenticity_token, store this token in the session, and place it in a hidden field in the form. When the user submits the form, rails would look for the authenticity_token, compare it to the one stored in the session, and if they match the request is allowed to continue.

In the last line it says if they match the request is allowed to continue. which is not happening when you are making the post request from your java code.