HttpURLConnection worked fine in Android 2.x but NOT in 4.1: No authentication challenges found

android authentication httpurlconnection

19,123

Solution 1

I am currently facing the same problem. On 4.1 Jelly Bean I receive an IOException "No authentication challenges found" when calling getResponseCode() on the HttpURLConnection.

I have searched online to see what has changed in the Android source code and found the following: 4.0.4 (working): https://bitbucket.org/seandroid/libcore/src/7ecbe081ec95/luni/src/main/java/libcore/net/http/HttpURLConnectionImpl.java 4.1.1 (not working): https://bitbucket.org/seandroid/libcore/src/6b27266a2856/luni/src/main/java/libcore/net/http/HttpURLConnectionImpl.java

As one can see in 4.1 JB the method getAuthorizationCredentials() throws the IOException. It parses the challenge headers it finds in the response using HeaderParser.parseChallenges(..), if the response code is 401 or 407. If the returned List is empty the Exception is thrown.

https://bitbucket.org/seandroid/libcore/src/6b27266a2856/luni/src/main/java/libcore/net/http/HeaderParser.java

We are currently investigating what exactly causes that List to be empty, but have the suspicion that our server might use realm=... instead of realm="..." in the challenge header. Missing quotation marks might be the cause for this problem. We have to investigate further if that is indeed the case and if we can make it work.

Solution 2

Per RFC2617:

The 401 (Unauthorized) response message is used by an origin server to challenge the authorization of a user agent. This response MUST include a WWW-Authenticate header field containing at least one challenge applicable to the requested resource.

In Android, the HttpURLConnection getResponseCode() method throws java.io.IOException: No authentication challenges found when the server returns either a 401 Unauthorized or 407 Proxy Authentication Required status code without the WWW-Authenticate header set.

If you own the server-side API, then you can fix it by adding the required WWW-Authenticate header when you return 401 or 407. In my case, I fixed it in PHP as follows:

header('WWW-Authenticate: OAuth realm="users"');
header('HTTP/1.1 401 Unauthorized');

Solution 3

I have the same problem. I found this workaround, but it is not working on Android 2. On Jelly Bean, it works fine. Just use getErrorStream() instead of getInputStream().

try
{
    responseStream = new BufferedInputStream(connection.getInputStream());
}
catch(IOException e)
{
    responseStream = new BufferedInputStream(connection.getErrorStream());
}

Solution 4

Heading

I have fixed the problem for the Jelly bean. Please use the below code for the above scenario

DefaultHttpClient client = new DefaultHttpClient();
client.getCredentialsProvider().setCredentials(new AuthScope(null, -1), new UsernamePasswordCredentials(userName,userPass));
HttpGet request = new HttpGet();
request.addHeader("Accept", "application/xml");
request.setURI(new URI(service));
HttpResponse response = client.execute(request);

you got the proper response as you needed.

View more solutions

19,123

Author by

firebear

Android Developer C/C++ Developer @ Beijing, China

Updated on June 14, 2022

Comments

firebear almost 2 years

I have some typical codes which used HttpURLConnection to get a file with an URL. They worked fine in android 1.x and 2.x. But failed in Android 4.1!

I searched on the web but found little similar information. Would anybody please help to investigate this issue?

private String mURLStr; 
private HttpURLConnection mHttpConnection;

...

url = new URL(mURLStr);

...

mHttpConnection = (HttpURLConnection) url.openConnection();
mHttpConnection.setDoOutput(true);
mHttpConnection.setRequestMethod("GET");

...

InputStream is = mHttpConnection.getInputStream();

The getInputStream method throws an exception:

08-01 15:56:48.856: W/System.err(13613): java.io.IOException: No authentication challenges found
08-01 15:56:48.856: W/System.err(13613):      at libcore.net.http.HttpURLConnectionImpl.getAuthorizationCredentials(HttpURLConnectionImpl.java:427)
08-01 15:56:48.866: W/System.err(13613):      at libcore.net.http.HttpURLConnectionImpl.processAuthHeader(HttpURLConnectionImpl.java:407)
08-01 15:56:48.866: W/System.err(13613):      at libcore.net.http.HttpURLConnectionImpl.processResponseHeaders(HttpURLConnectionImpl.java:356)
08-01 15:56:48.866: W/System.err(13613):      at libcore.net.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:292)
08-01 15:56:48.866: W/System.err(13613):      at libcore.net.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:168)
...

J_D over 11 years

+1 For a clear explanation and the links to the code. The code also expects realm=" to be the first parameter after the scheme.
Hendrik over 11 years

By now we have been able to verify that the usage of realm= without quotation marks was indeed the reason which caused this error for us. We were able to change this on our backend side and now everything is working as expected.
firebear over 11 years

I made my app work under android 4.x finally by just removing mHttpConnection.setDoOutput(true);。But I still had not knewn clearly about the root cause.
SysHex over 10 years

+1 for Excellent response. Problem on my side was the server return of realm=... instead of realm="..." . Fixed that and app started working on both ICS and JB
Blackbelt about 10 years

did you find a workaround for this? It works on kitkat, but not on JB