HTTP POST request with authorization on android
Solution 1
Thanks to Samuh for a hint :) There was an extra newline character inserted which has no means in GET requests, but matters in POST ones. This is proper way to generate Authorization header in android (in getB64Auth in this case):
private String getB64Auth (String login, String pass) {
String source=login+":"+pass;
String ret="Basic "+Base64.encodeToString(source.getBytes(),Base64.URL_SAFE|Base64.NO_WRAP);
return ret;
}
The Base64.NO_WRAP flag was lacking.
Solution 2
use simply this :
String authorizationString = "Basic " + Base64.encodeToString(
("your_login" + ":" + "your_password").getBytes(),
Base64.NO_WRAP); //Base64.NO_WRAP flag
post.setHeader("Authorization", authorizationString);
koral
Updated on November 10, 2020Comments
-
koral over 3 years
When I set "Authorization" header with setHeader from HttpPost then hostname disappears from request and there is always error 400 (bad request) returned. Same code is working fine on pure java (without android) and when I remove setting "Authorization" header also on android it works fine, but I need authorization. This is a code (domain changed):
HttpClient client = new DefaultHttpClient(); HttpPost post = new HttpPost("http://myhost.com/test.php"); post.setHeader("Accept", "application/json"); post.setHeader("User-Agent", "Apache-HttpClient/4.1 (java 1.5)"); post.setHeader("Host", "myhost.com"); post.setHeader("Authorization",getB64Auth()); List <NameValuePair> nvps = new ArrayList <NameValuePair>(); nvps.add(new BasicNameValuePair("data[body]", "test")); AbstractHttpEntity ent=new UrlEncodedFormEntity(nvps, HTTP.UTF_8); ent.setContentType("application/x-www-form-urlencoded; charset=UTF-8"); ent.setContentEncoding("UTF-8"); post.setEntity(ent); post.setURI(new URI("http://myhost.com/test.php")); HttpResponse response =client.execute(post);
Method getB64Auth() returns "login:password" encoded using Base64 like: "YnxpcYRlc3RwMTulHGhlSGs=" but it's not important.
This is a piece of lighttpd's error.log when above code is invoked on pure java:
2011-02-23 15:37:36: (request.c.304) fd: 8 request-len: 308 POST /test.php HTTP/1.1 Accept: application/json User-Agent: Apache-HttpClient/4.1 (java 1.5) Host: myhost.com Authorization: Basic YnxpcYRlc3RwMTulHGhlSGs= Content-Length: 21 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Encoding: UTF-8 Connection: Keep-Alive HTTP/1.1 200 OK Content-type: text/html Transfer-Encoding: chunked
and record from access.log (IP changed):
1.1.1.1 myhost.com - [23/Feb/2011:15:37:36 +0100] "POST /test.php HTTP/1.1" 200 32 "-" "Apache-HttpClient/4.1 (java 1.5)"
When the same code is invoked on android, I get this in logs:
POST /test.php HTTP/1.1 Accept: application/json User-Agent: Apache-HttpClient/4.1 (java 1.5) Host: myhost.com Authorization: Basic YnxpcYRlc3RwMTulHGhlSGs= Content-Length: 21 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Encoding: UTF-8 Connection: Keep-Alive Expect: 100-Continue 2011-02-23 15:45:10: (response.c.128) Response-Header: HTTP/1.1 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close
access.log:
1.1.1.1 - - [23/Feb/2011:15:45:10 +0100] "POST /test.php HTTP/1.1" 400 349 "-" "Apache-HttpClient/4.1 (java 1.5)"
How to get Authorization with POST working on android? When I use HttpURLConnection instead of HttpClient it is no difference.
-
Raluca Lucaci almost 13 yearsthis saved me ,i had base64.default instead Base64.URL_SAFE|Base64.NO_WRAP
-
QuantumLicht over 9 yearsAmazing! Can someone explain why the line-ending matters in post but not get requests ?
-
Sudheer Kumar Palchuri about 9 years@Koral: Your solution really helped alot for Authentication Challenge.
-
Schäfer almost 4 yearsThanks my guy,
Base64.URL_SAFE|Base64.NO_WRAP
did the trick