CODEWITHSUNDEEP
javajava-8bearer-token
Alex
Alex

Reputation: 13

Bearer token using HttpURLConnection (Java 8)

Good afternoon,

I'm working on a project with 2 apps, the first one is a php app that provides me an API. The second one is the app that I'm working on (Java 8 base, no Spring) My question is : Can I use the Bearer token authorization using the HttpURLConnection object ?

I'm still trying to make this work but it seems to make the value of "Authorization" null.

            //responseLogin is the token that the php app provides.
            String token = "Bearer " + responseLogin.toString();
            HttpURLConnection httpApi = (HttpURLConnection) apiUrl.openConnection();
            httpApi = (HttpURLConnection) apiUrl.openConnection();
            httpApi.setRequestMethod("GET");
            httpApi.setDoOutput(true);
            httpApi.setRequestProperty("Content-Type", "application/json");
            httpApi.setRequestProperty("Accept", "*/*");
            httpApi.setRequestProperty("Authorization", token);
            httpApi.setRequestProperty("Connection", "keep-alive");
            httpApi.setRequestProperty("Accept-Encoding", "gzip, deflate, br");
            LOG.info("Token : " + httpApi.getRequestProperty("Authorization"));
            LOG.info("Accept : " + httpApi.getRequestProperty("Accept"));

httpApi.getRequestProperty("Authorization")); this part gets me a null response, I have no idea why.

I Hope anyone can help me with that, feel free to ask me if you need more information about my code.

Thanks :)

Upvotes: 1

Views: 2046

Answers (1)

Andreas Berheim Brudin
Andreas Berheim Brudin

Reputation: 2280

There is a constant String array in HttpURLConnection that is called EXCLUDE_HEADERS and has the following comment:

// the following http request headers should NOT have their values
// returned for security reasons.
private static final String[] EXCLUDE_HEADERS = {
        "Proxy-Authorization",
        "Authorization"
};

The purpose is probably to not accidentally dump those headers, e.g. while logging the request.

Note! This doesn't mean they do not get set, just that they aren't being returned when you query for them. To test the actual values, one idea could be to use something like WireMock (or any custom server) to inspect what is actually sent.

Upvotes: 1

Related Questions