Reputation: 51

Digest Authentication java.net.http.HttpClient

I'm trying to connect to a website protected with digest authentication. My credentials work fine if I try to log in via Insomnia or Firefox but I fail to get it to work in Java 17 (Insomnia's automatically generated Code also doesn't work).

I tried to follow and understand the following tutorials/docs:

https://www.baeldung.com/java-9-http-client

https://docs.oracle.com/javase/7/docs/technotes/guides/net/http-auth.html

Both mention that Digest is supported, as far as I understand.

The result I get is always status code 401 & the expected header when digest auth fails:

www-authenticate=[Digest realm="api-realm", qop="auth", nonce="NONCE=="

Here is the current code. The method getPasswordAuthentication doesn't get executed:

public void checkIsAPIRunning() {

    HttpRequest request = HttpRequest.newBuilder()
            .uri(URI.create("https://the-site-I-try-to-connect-with:443/api/function"))
            .method("GET", HttpRequest.BodyPublishers.noBody()).build();
    HttpResponse<String> response = null;
    try {
        response = HttpClient.newBuilder().authenticator(new Authenticator() {
            @Override
            protected PasswordAuthentication getPasswordAuthentication() {
                return new PasswordAuthentication("user", "pass".toCharArray());
            }
        }).build().send(request, BodyHandlers.ofString());          
    } catch (IOException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (InterruptedException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

}

Am I misunderstanding the docs? I'd appreciate any help or pointers :)

Upvotes: 5