Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Java Development

Reply
New Contributor
Posts: 3
Registered: ‎11-30-2011
My Device: 9930
My Carrier: life
Accepted Solution

HttpConnection and digest authentification

Hello!

I'm trying to make a HttConnection with digest authentification and I'm getting error:

"Stream not in setup state"

First I open url and getting instance of HttpConnection, next I get "www-athenticate" header field of server response.It looks like

"Digest qop="auth", realm="Trade station", stale='FALSE", nonce="Hudbb7j3hjd8shhYhj706gtMo81VdRg5" "

then I need to use it for creation response using MD5 algorhytm-based method auth which returns crypted string.

After that I set request property "Authorization" with that authString and I get "Stream not in setup state" error.

I need to set this property for successful Authorization

 

Here is the code:

 

EventLogger.register(0xeeb9787571dbc971L, "BB",EventLogger.VIEWER_STRING);
            
            InputStream str=null;
            InputStreamReader isr=null;
            HttpConnection conn=null;
            conn=(HttpConnection)Connector.open(url); //I open url
            String header3=conn.getHeaderField(3);      //I get response header field number 3 - www-athenticate
            String authString=auth(  //crypting strings for responce
                        "GET",
                        "http://server_address/xml/logon",
                        "login",
                        "pass",
                        header3);
            conn.setRequestProperty("Authorization", authString);  //set property for authorization but I get error
            
            DataOutputStream dos = conn.openDataOutputStream();                   
            dos.write("something to send".getBytes());
            dos.flush();
            str=conn.openInputStream();
            isr=new InputStreamReader(str,"utf-8");
            int ch;            
            while((ch=isr.read())!=-1){
                result+=(char)ch;
            }    
            conn.close();

 

Thanks in advance!

Developer
Posts: 729
Registered: ‎05-04-2011
My Device: 9700

Re: HttpConnection and digest authentification

You should call this line:

 

conn.setRequestProperty("Authorization", authString);  //set property for authorization but I get error

 

before this one:

 

 String header3=conn.getHeaderField(3);      //I get response header field number 3 - www-athenticate

 

Check out the HTTPConnection docs:

http://www.blackberry.com/developers/docs/4.0.2api/javax/microedition/io/HttpConnection.html

 

E.

 

New Contributor
Posts: 3
Registered: ‎11-30-2011
My Device: 9930
My Carrier: life

Re: HttpConnection and digest authentification

Thanks for reply!

But I need to call

conn.setRequestProperty("Authorization", authString);

after

String header3=conn.getHeaderField(3)

because I use HeaderField(3) for setRequestProperty. In other way I can't authorize.

After my first request the server sends response which contains this field

"Digest qop="auth", realm="Trade station", stale='FALSE", nonce="Hudbb7j3hjd8shhYhj706gtMo81VdRg5" "

then I crypt it and send again and if it matches with server string then authorization will complete. So I should know this field before request. Every time this field is differentMan Sad so I can't get field, close connection, and open new with property "Authorization" from last time.

May be I need another way for http connection with digest authentication.Please advise

Developer
Posts: 729
Registered: ‎05-04-2011
My Device: 9700

Re: HttpConnection and digest authentification

The function 'getHeaderField' tries to read the response headers so once you call it you can not change your request (using 'setRequestProperty').

 

Take a look at these links:

http://supportforums.blackberry.com/t5/Java-Development/How-to-enable-HTTP-Authentication-in-your-Br...

 

http://supportforums.blackberry.com/t5/Java-Development/HttpConnection-Credentials/td-p/735591/highl...

 

I hope that helps,

 

E.

Developer
Posts: 19,636
Registered: ‎07-14-2008
My Device: Not Specified

Re: HttpConnection and digest authentication

This is not an area I have had any dealings with, but you seem to me to be getting the sequence wrong.  You need to go to the server with a request to get the Server to reply, and then use the nonce you get back in your subsequent transmissions.  So you have to fail authentication once to get the information you need subsequently.

 

Have  a read of this WiKi article:

http://en.wikipedia.org/wiki/Digest_access_authentication

Highlighted
New Contributor
Posts: 3
Registered: ‎11-30-2011
My Device: 9930
My Carrier: life

Re: HttpConnection and digest authentication

Hi!

Thanks for answers I found decision. I need to get header field "WWW-authenticate" and also "Set-Cookie", store it and close connection. Then I open new connection with request parameter "Cookie" which contains value of stored "Set-Cookie" field and with parameter "Authorization" wich contains crypted value of header field "WWW-authenticate.

Long time I couldn't get Set-Cookie parameter - it was absent in server resonse!After many actions I've added ";deviceside=true" at the end of url string and I've got it! MDS doesn't allow to store cookie when I use BB Simulator

 

Many thanksMan Happy