Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Java Development

Reply
New Developer
Posts: 6
Registered: ‎07-29-2008
My Device: Not Specified

HTTPConnection with Authentication fails with WAP2 or Direct TCP

I am writing a Blackberry application that will Post data over http to a server that requires basic authentication. This works fine on the Simulator with MDS. However the actual device does not use MDS, so I tried with both direct TCP (;deviceside=true;apn=wap.voicestream.com) and WAP2 by looking up the Service Book and getting the approporiate UID (WAP2 trans) in case of T-Mobile. I even tried BIBS IPPP.

 

I use Basic authentication using the HTTP Authorization header and Base64 credentials but this works only with the Simulator and MDS.

 

However httpConn.getResponseCode() always returns 401 (unauthorized) on the actual device (using either TCP or WAP2). I know the first 401 is to be expected so I placed it in a loop for 3 attempts. I know the password is correct and I am not locked out of the server.

It works fine if I use simple HTTP GET without authentication. Can anyone please tell me the best way to use HTTPConnection with authentication on T-Mobile Blackberry without MDS or enterprise activation? 

Developer
Posts: 77
Registered: ‎08-01-2008
My Device: Not Specified

Re: HTTPConnection with Authentication fails with WAP2 or Direct TCP

did you find a solution for this ?
Developer
Posts: 4,764
Registered: ‎07-21-2008
My Device: Not Specified

Re: HTTPConnection with Authentication fails with WAP2 or Direct TCP

When folks say "my basic auth works on the sim but not the device", the usual reason is that they are not managing the cookies.

 

Using basic HTTP auth, the transaction flow looks like this:

 

Client requests URL

Server responds with auth challenge

Client provides basic credentials (user ID and password)

Server responds with the requested URL.

 

In the HTTP header of this last server response is attached a session cookie. This cookie is how the server identifies your client session, and must be provided for all subsequent access of this host. If not, your next access will result in another security challenge (since the host does not recognize you).

 

Now, on MDS, the cookies are managed for you. Using Direct TCP or WAP, you'll need to provide your own cookie management; i.e. store the sessions cookie(s) and return then for all subsequent requests to this host.

 

New Developer
Posts: 6
Registered: ‎07-29-2008
My Device: Not Specified

Re: HTTPConnection with Authentication fails with WAP2 or Direct TCP

RexDoug, Thank you for the response. Unfortunately, the issue is not because of Cookie or session management. I am trying to post data to a URL that requires authentication. I include Basic authentication in the header and make three attempts to post the data and this fails. This works in the device if I have a Blackberry Server and MDS but fails if I try connecting over WAP2 or Direct TCP.
Developer
Posts: 4,764
Registered: ‎07-21-2008
My Device: Not Specified

Re: HTTPConnection with Authentication fails with WAP2 or Direct TCP

If you haven't already done so, I suggest that you trace out the HTTP response headers and record the results for both MDS and WAP connections.

 

Something like this:

 

if (DEBUG) { for (int i = 0; ; i++){ String h = m_httpConnection.getHeaderFieldKey(i); if (h == null) break; else{ String value = m_httpConnection.getHeaderField(i); System.out.println("Header: " + h + "=" + value); } } // debug }

 

New Developer
Posts: 6
Registered: ‎07-29-2008
My Device: Not Specified

Re: HTTPConnection with Authentication fails with WAP2 or Direct TCP

RexDoug, I did as suggested. The response headers with WAP2 (with HTTP 401) is

 

Header: content-type=text/html; charset=utf-8
Header: content-length=2131
Header: sap-system=BIS
Header: www-authenticate=Basic realm="SAP Web Application Server [BIS]"
Header: sap-client=800
Header: server=SAP Web Application Server (1.0;701)

 

This is essentially the web server asking me to authenticate. I get the same headers for all three attempts.

 

If I use MDS, I get the above headers the first time and the second time I get (with http 200)

 

Set-Cookie: MYSAPSSO2=<Encrypted Session Cookie>; path=/; domain=<domain>
Content-Type: text/xml; charset=utf-8
Content-Length: 400
Server: SAP Web Application Server (1.0;701)

Should I try a "Keep-Alive"?