CODEWITHSUNDEEP
javahttpssl
Rabbit Guy
Rabbit Guy

Reputation: 1892

HttpsURLConnection authenticating twice?

I establish a secure http connection and attempt to get the InputStream from it afterwards. The connection occurs, and I am able to get the data, but I am actually sending two authorization requests to the server?? Here is my code that is getting the connection and getting the input stream established:

someConnection = (HttpsURLConnection) url.openConnection();
String userPass = username + ":" + password;
String basicAuth = "Basic" + new String(new Base64().encode(userPass.getBytes()));
someConnection.setRequestProperty("Authorization", basicAuth);            
if (header != null) someConnection.setRequestProperty(header, headerValue);
InputStream is = someConnection.getInputStream();

There is no traffic until the .getInputStream() method is called. Then I see two requests for authorization:

Wireshark output

Any ideas why it is doing that? the first request appears to be failing for some reason.

Upvotes: 1

Views: 77

Answers (2)

Ales Dolecek
Ales Dolecek

Reputation: 533

There should be space between "Basic" and the base64 encoded data.

Without this the Authorization header is wrong. I would guess that you receive 401 on the first request and send the next with other credentials possibly obtained from different source (JAAS?).

Upvotes: 1

Nicolas Filotto
Nicolas Filotto

Reputation: 44965

The value of your header Authorization doesn't match with the expected format, it should be "Basic " followed by ${username}:${password} encoded with RFC2045-MIME variant of Base 64 (more details about Basic access authentication).

Here you forgot to add the trailing space after Basic such that authentication is never done properly which leads to this unexpected behavior.

Upvotes: 1

Related Questions