Reputation: 53
Android HTTP authentication on Lotus Domino server
I am developing an android application capable of read data from a Lotus Domino database. I started to create a page to test the HTTP authentication and I encountered many difficulties. This is my code snippet:
public void GoAuth(View v){
final String httpsURL = "http://xxx.xxx.xxx.xxx/names.nsf/mypage?openpage";
final DefaultHttpClient client = new DefaultHttpClient();
final HttpPost httppost = new HttpPost(httpsURL);
String userName = "demo";
String password = "demo";
try {
//authentication block:
final List<BasicNameValuePair> nvps = new ArrayList<BasicNameValuePair>();
nvps.add(new BasicNameValuePair("Username", userName));
nvps.add(new BasicNameValuePair("Password", password));
final UrlEncodedFormEntity p_entity = new UrlEncodedFormEntity(nvps, HTTP.UTF_8);
httppost.setEntity(p_entity);
//sending the request and retrieving the response:
HttpResponse response = client.execute(httppost);
HttpEntity responseEntity = response.getEntity();
if (response.getStatusLine().getStatusCode() == HttpURLConnection.HTTP_OK){
//handling the response
final InputSource inputSource = new InputSource(responseEntity.getContent());
TextView res=(TextView)findViewById(R.id.result);
res.setText("Server response: "+inputSource.toString());
}
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (ClientProtocolException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IllegalStateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
The server response is: org.xml.sax InputSource@40575700
Trying the same in a browser I see the login page and after then the content of "mypage". I am a bit confused about the right approach and mechanism I have to follow on android. Any help will be greatly appreciated!
Upvotes: 3
Views: 2298
Answers (3)
Reputation: 1450
As mentioned the code above will work for posting the credentials to the Domino Server but you will need to handle any issues with a login failure - whether its due to authentication or authorization.
BTW Bypassing the Domino Login form is often done client side as demonstrated here - http://www.codestore.net/store.nsf/unid/BLOG-20081008 and has the same issues.
On my blog I talk about creating a custom Login Form on the server within the Domino Configuration Database - this is a standard and inbuilt configuration database. This custom login form is not designed to be directly opened, instead its designed for third party systems to authenticate against, it will then return JSON data with any authentication / authorization issues.
You could use the same approach and convert to XML if you would find it easier to consume within the Java code.
The link to the article is here: http://www.markbarton.com/?p=314
A link to information about the Domino Configuration DB (domconfig.nsf) is here http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=%2Fcom.ibm.help.domino.admin.doc%2FDOC%2FH_CREATING_THE_DOMINO_CONFIGURATION_DATABASE.html
Upvotes: 1
Reputation: 167
Here is the central part of some code I have been using in a couple of Android apps that synchronize with Lotus Domino:
private boolean authenticateWithDomino() throws Exception {
String fullLoginUrl = "";
if (useSSL) {
fullLoginUrl = "https://" + hostName + ":" + httpPort + "/names.nsf?Login";
} else {
fullLoginUrl = "http://" + hostName + ":" + httpPort + "/names.nsf?Login";
}
DominoHttpRequest dominoRequest = DominoHttpClient.getInstance()
.createRequest();
dominoRequest.setUrl(fullLoginUrl);
dominoRequest.setMethod("POST");
dominoRequest.addParam("username", notesName);
dominoRequest.addParam("password", notesPassword);
dominoRequest.addParam("redirectto", "/icons/ecblank.gif");
dominoRequest.execute();
}
Some notes on useage:
- This works with Session based authentication, but not with Basic authentication.
- names.nsf might not be the file name of the server directory, but it usually is.
- Note the the port number. Usually it is 80 for regular http and 443 for https, but they are configurable on the Domino server.
Added later... Here is a link to a Java Class that does "replication" with Domino: DiscussionReplicator.java. Look for a method called getAuthenticationToken which returns either a "DominoAuthSessID=xyz" or a "LtpaToken=abc"
Upvotes: 1
Reputation: 1492
As Richard mentioned in the comments, you are probably seeing the "session based authentication form" which is rather cumbersome to work around with any kind of code.
In order, to get "HTTP Basic Authentication", which probably any language can handle easily (the browser based username/password prompt), you can/should implement a Override Session Authentication Rule on the server side.
See also Domino 7.0.2 allows for overriding of session-based authentication
Upvotes: 2
Related Questions
- How to login to Domino session based authentication using Postman?
- Java Notes API: Create Client Session with Domino Libraries
- Basic authentication session management Domino
- .NET - Consuming HTTP services on (Domino) server with form based authentication
- Authenticate in Lotus Notes on localhost
- How to authenticate users in Lotus Domino 8.5.3 through Domino Data Service REST API
- Lotus Domino Java security issue using Google GSON
- Exception in connection to remote DOMINO server through JAVA application
- Trying to obtain a DOMINO HTTP Session using HttpClient -- RESPONSE CODE is always 200
- PhoneGap application and authentication against Domino server(xPages application ) - how to do it?