Archived Forum Post

Index of archived forum posts

Question:

CkRest#SetAuthBasic does not seem to work?

Oct 16 '16 at 12:19

Hi all,

[Using the Java Bundle version 9.5.0.59]

I want to retrieve data from a REST-resource that requires a valid user to be authenticated using Basic HTTP access authentication. If I use CkRest#SetAuthBasic, like in this code fragment (error handling etc. removed for clarity), a HTTP Status 401 is returned:

CkRest rest = new CkRest();
//
rest.SetAuthBasic("kermit", "kermit");
//
rest.Connect("localhost", 9090, false, true);
rest.AddHeader("Content-Type","application/json; charset=UTF-8");
String jsonResponseStr = rest.fullRequestNoBody("GET","/activiti-rest/service/runtime/tasks");
System.out.println(jsonResponseStr);

Returns: HTTP Status 401

If I explicitly calculate and insert an 'Authorization' header, the request gets authenticated and a result is returned:

CkRest rest = new CkRest();
//
CkByteData data = new CkByteData();
CkString authString = new CkString();
data.appendStr("kermit:kermit");
data.encode("base64", authString);
//
rest.Connect("localhost", 9090, false, true);
rest.AddHeader("Authorization", "Basic "+authString.getString());
rest.AddHeader("Content-Type","application/json; charset=UTF-8");
String jsonResponseStr = rest.fullRequestNoBody("GET","/activiti-rest/service/runtime/tasks");
System.out.println(jsonResponseStr);

Returns: valid data.

We would prefer to use the SetAuthBasic() method, but for some reason this does not work. Can anybody tell me how I should use this method or why this is going wrong?

Regards, Rui


Accepted Answer

Chilkat will not allow sending Basic Authentication over a non-secure connection. In other words, an SSL/TLS connection is required to send the Basic Authentication, otherwise the login/password is visible for all to see.

However, in this case, I see that it is a connection to localhost, and Chilkat should allow for that exception. I'll make this exception automatic in the next version released (9.5.0.62).