Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Java Development

Reply
Developer
Posts: 174
Registered: ‎08-20-2008
My Device: Not Specified

MDS Stripping out Basic Authorization Headers

Hi,

 

I did mention this in another post but under a different problem. I have found that I keep getting 401 errors when posting data to webservices via a httpConnection. It always occurs on the first post, either if that device hasn't posted for a while then fine after that or just happens all the time. When it happens all the time it tends to be that just one person can post and the other users constantly get 401 error. The latter can happen even when I enable anonymous access on the web server. I have found from sniffing packets on the webserver that MDS is stripping out the Authorization headers from time to time or sometimes all the time. Is there any reason for this. If I set 'Support HTTP Authentication' to false then it works fine but other services on the device no longer work so that's not a fix I can employ. I have read up and tried changing configuration in the JAAS config file on the server but with no joy.

BlackBerry Development Advisor
Posts: 15,882
Registered: ‎07-09-2008
My Device: BlackBerry PRIV
My Carrier: Bell

Re: MDS Stripping out Basic Authorization Headers

It is expected that the first connection would result in a 401.  The client should then reply back with the appropriate authentication information.  Including the authentication information in the first connection shouldn't work (the web server should ignore it).  You can see a sample that implements basic HTTP authentication here.

 

How To - Implement basic HTTP authentication
Article Number: DB-00468

http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/348583/800332/800429/How_To_...

 

However, this sounds like a configuration issue.  If you are receiving 401 errors when anonymous access is enabled, something else must be triggering the 401.  Is there a proxy server in your environment that could be blocking access?

Mark Sohm
BlackBerry Development Advisor

Please refrain from posting new questions in solved threads.
Problem solved? Click the Accept As Solution button.
Developer
Posts: 174
Registered: ‎08-20-2008
My Device: Not Specified

Re: MDS Striping out Basic Authorization Headers

No,from sniffing packets I can see the traffic is coming straight from the BES. I have a call raised with RIM regarding this at the moment. They seem to be looking into at some depth. I have implemented a one time loop back as a work around but some times that fails. I am wondering if the time when we got the 401 every time, when anonymous access was enable was a one off which just happened to occur twice. What would I do if I wanted to authenticate from my script using NTLM? If I just sent the correct http headers to each challenge would the MDS be able to cope with this?
Highlighted
New Developer
Posts: 1
Registered: ‎05-07-2009
My Device: Not Specified

Re: MDS Stripping out Basic Authorization Headers

I have the same problem that the "Authentication" header will be stripped. The tcpdump shows that all other headers arrive at the server. If i rename the header but use the same value for it, the header also arrives.

The implementation is straight forward and looks like at it is shown at: http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/348583/800332/800429/How_To_... 

 

 

             HttpConnection httpConnection = (HttpConnection)Connector.open(url);

                

                if(postBody != null) {

                    httpConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");

                    httpConnection.setRequestProperty("Content-Length", Integer.toString(postBody.length));

                }

                if(HttpProtocolConstants.HTTP_METHOD_POST.equalsIgnoreCase(method)) {

                httpConnection.setRequestMethod(HttpConnection.POST);

                } else {

                httpConnection.setRequestMethod(HttpConnection.GET);

                }

                if(authChallenge != null) {

                httpConnection.setRequestProperty("Authorization",authChallenge);

                //httpConnection.setRequestProperty("Password",authChallenge);

                }

                if(postBody != null) {

                    // get output data and do some sanity check

                        os = httpConnection.openOutputStream();

                        os.write(postBody, 0, postBody.length);

                        os.close();

                        os = null;

                        postBody = null;

                }

                int status = httpConnection.getResponseCode(); 

 

So, what is the solution for teh problem? I use the simulator from the JDE version 4.6.  

Developer
Posts: 174
Registered: ‎08-20-2008
My Device: Not Specified

Re: MDS Stripping out Basic Authorization Headers

I found in the end not sending the authorisation headers on the first initial connection attempt and wait for at least one 401 before passing them worked great. Also looping through 2 401s after that before declaring authentication unsuccessful seem to cover it. Not a nice work around but works great. I have steered towards NTLM authentication now instead which works a lot better.
New Developer
Posts: 5
Registered: ‎06-11-2009
My Device: Not Specified

Re: MDS Stripping out Basic Authorization Headers

[ Edited ]

I'm experiencing the same problem with the 401

 

BeMor when you mentioned you where waiting for at least one 401 before passing the authorization headers, where you talking about something like this

 

I'm including the code of my test app. 

 

********** 

import java.io.InputStream;import 

javax.microedition.io.Connector;

import javax.microedition.io.HttpConnection;

import javax.microedition.io.StreamConnection;

import net.rim.device.api.ui.MenuItem;

import net.rim.device.api.ui.component.LabelField;

import net.rim.device.api.ui.component.Menu;

import net.rim.device.api.ui.component.RichTextField;

import net.rim.device.api.ui.component.EditField;

import net.rim.device.api.ui.component.SeparatorField;

import net.rim.device.api.ui.container.MainScreen;

import net.rim.device.api.io.Base64OutputStream;

 

public class HttpTestScreen extends MainScreen {

    private EditField _urlTxt;

    private RichTextField _responseTxt;

    

    public HttpTestScreen(){

 

        setTitle(new LabelField("My app - Http Test Screen"));

        

        //For HTTP test

        _urlTxt    = new EditField("Enter url: ", "www.myurl.com");

        _responseTxt = new RichTextField();

        

        add(_urlTxt);

        add(new SeparatorField());

        add(new LabelField("HTTP Response: "));

        add(_responseTxt); }

        

    private MenuItem _getUrl = new MenuItem("Get URL", 110, 10) {

        public void run() {          

 

            HttpConnection httpConn = null;

            StreamConnection s    = null;

            boolean keepGoing    = true;          

            InputStream is;          

            int rc            = -1;

            

            if(_urlTxt.getText()!= null){

                try {

                    String username = "username";

                    String password = "password";

                    String authorization = username + ":" + password;

                    

                    byte[] encoded = Base64OutputStream.encode(

                                         authorization.getBytes(), 0, authorization.length(), false, false);

                                         

                    s    = (StreamConnection)Connector.open(_urlTxt.getText());

                    httpConn = (HttpConnection)s;

                    int tries = 0;

                    

                    while(keepGoing){                

                        

                        int status = httpConn.getResponseCode();

                        

                        switch (status){

                            case (HttpConnection.HTTP_OK):

                            

                                //Connection is 200 OK.

                                //Download and process data.

                                is              = httpConn.openInputStream( );

                                int i           = is.read( );

                                StringBuffer sb = new StringBuffer( );        

                                

                                while (i!=-1) {        

                                    sb.append((char)i);

                                    i = is.read( ); 

                                }

                                _responseTxt.setText(sb.toString( ));

                                

                                keepGoing = false;

                                break;

                            

                            case (HttpConnection.HTTP_UNAUTHORIZED):

                                //Close the connection. 

                                s.close();

                                

                                //Open a new connection

                                s = (StreamConnection)Connector.open(_urlTxt.getText()); 

                                httpConn = (HttpConnection)s;

                                

                                //Add the authorized header.

                                httpConn.setRequestProperty("Authorization", "Basic " + new String(encoded));

                                

                                _responseTxt.setText(_responseTxt.getText() + "\n This is the status so far : " + status ); 

                                

                                if (tries >= 3)

                                    keepGoing = false; 

                                else 

                                    tries++;

                                

                                break;

                                

                            default:

                            //The connection failed for some other reason.

                            //Handle failed connection. 

                                keepGoing = false;    

                                break;

                        }

                    }

                }

                catch (Exception e) {

                    _responseTxt.setText("Error: "+e.getMessage());

                }

            }

        }

    };

    

    protected void makeMenu( Menu menu, int instance ){

        menu.add(_getUrl);    

    }

}

 

**********                           

 

If I execute similar code (With different librairies of course) as a java app I'm able to make a successful connection but when I run this code  trough the BB simulator and MDS it never fails. I get a 401 .

Let me know if I missunderstood what BeMor meant, or if I should do things differently. Any help will be more then welcome at this point

 

Thanks in advance 

 

 

 

Message Edited by alaniel on 06-11-2009 09:05 AM
Message Edited by alaniel on 06-11-2009 09:05 AM
Developer
Posts: 174
Registered: ‎08-20-2008
My Device: Not Specified

Re: MDS Stripping out Basic Authorization Headers

Hi alaniel,

 

That was along the lines of what I was talking about. Do you get 401s all the time? Has this ever worked?

New Developer
Posts: 5
Registered: ‎06-11-2009
My Device: Not Specified

Re: MDS Stripping out Basic Authorization Headers

Yes I'm getting 401s all the time with this code when I try to access the URL for the API I need to work with. This code never worked for me.

 If I try a similar code but as a plain java project. Not going trough the blackberry simulator and MDS I can access the API fine.

 

I use the MDS that ships with  JDE 4.5.0 and The config file rimpublic.property looks OK

 

[HTTP HANDLER]

application.handler.http.logging = true

application.handler.http.CookieSupport = true

application.handler.http.AuthenticationSupport = true

application.handler.http.AuthenticationTimeout = 3600000

application.handler.http.device.connection.timeout = 120000 

application.handler.http.server.connection.timeout = 120000 

 

So what your saying, from what you see, the code above in my previous reply should work right?

 

I'm really at a loss here.

Developer
Posts: 174
Registered: ‎08-20-2008
My Device: Not Specified

Re: MDS Stripping out Basic Authorization Headers

Is it Basic Authentication as the other end of what you are trying to connect to or are you using NTLM (AD / NT) authentication. If you change the application.handler.http.AuthenticationSupport = false what happens?
New Developer
Posts: 5
Registered: ‎06-11-2009
My Device: Not Specified

Re: MDS Stripping out Basic Authorization Headers

BeMor your a genius!

It works when I set the MDS property to application.handler.http.AuthenticationSupport = false

 

But this property is set to true by default. So what does it mean for me when I will distribute my app to other user. Will they a the same connection problem? Is this a representation of let say the Enterprise server basic config or the Blackberry internet service?

 

Thank you very much  for your time BeMor