Apache HttpClient Basic Authentication Examples
This article shows you how to use Apache HttpClient to perform an HTTP basic authentication.
P.S Tested with HttpClient 4.5.10
pom.xml
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.10</version>
</dependency>
Start a simple Spring Security WebApp providing HTTP basic authentication, and test it with the HttpClient
1. Basic Authentication
The key is to configure CredentialsProvider
and pass it to the HttpClientBuilder
.
HttpClientAuth1.java
package com.mkyong.http;
import org.apache.http.HttpEntity;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;
import java.io.IOException;
public class HttpClientAuth1 {
public static void main(String[] args) throws IOException {
HttpGet request = new HttpGet("http://localhost:8080/books");
CredentialsProvider provider = new BasicCredentialsProvider();
provider.setCredentials(
AuthScope.ANY,
new UsernamePasswordCredentials("user", "password")
);
try (CloseableHttpClient httpClient = HttpClientBuilder.create()
.setDefaultCredentialsProvider(provider)
.build();
CloseableHttpResponse response = httpClient.execute(request)) {
// 401 if wrong user/password
System.out.println(response.getStatusLine().getStatusCode());
HttpEntity entity = response.getEntity();
if (entity != null) {
// return it as a String
String result = EntityUtils.toString(entity);
System.out.println(result);
}
}
}
}
Output
200
[
{"id":1,"name":"A Guide to the Bodhisattva Way of Life","author":"Santideva","price":15.41},
{"id":2,"name":"The Life-Changing Magic of Tidying Up","author":"Marie Kondo","price":9.69},
{"id":3,"name":"Refactoring: Improving the Design of Existing Code","author":"Martin Fowler","price":47.99}
]
If the login is incorrect!
401
{
"timestamp":"2019-10-09T07:06:57.966+0000",
"status":401,
"error":"Unauthorized",
"message":"Unauthorized",
"path":"/books"
}
2. Preemptive Basic Authentication
This preemptive basic authentication will reduce the overhead of making the connection, read this HttpClient Authentication
HttpClientAuth2.java
package com.mkyong.http;
import org.apache.http.HttpEntity;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.AuthCache;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.impl.client.BasicAuthCache;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;
import java.io.IOException;
public class HttpClientAuth2 {
public static void main(String[] args) throws IOException {
HttpGet request = new HttpGet("http://localhost:8080/books");
HttpHost target = new HttpHost("localhost", 8080, "http");
CredentialsProvider provider = new BasicCredentialsProvider();
provider.setCredentials(
new AuthScope(target.getHostName(), target.getPort()),
new UsernamePasswordCredentials("user", "password")
);
AuthCache authCache = new BasicAuthCache();
authCache.put(target, new BasicScheme());
HttpClientContext localContext = HttpClientContext.create();
localContext.setAuthCache(authCache);
try (CloseableHttpClient httpClient = HttpClientBuilder.create()
.setDefaultCredentialsProvider(provider)
.build();
CloseableHttpResponse response = httpClient.execute(target, request, localContext)) {
// 401 if wrong user/password
System.out.println(response.getStatusLine().getStatusCode());
HttpEntity entity = response.getEntity();
if (entity != null) {
// return it as a String
String result = EntityUtils.toString(entity);
System.out.println(result);
}
}
}
}
Note
More Apache HttpClient Examples
More Apache HttpClient Examples
Error Unsupported or unrecognized SSL message. Asking for SSL, how can I skip it? I tried different methods from others but doesn’t work. BTW, really thank you for sharing! I’ve learned a lot!!!
Your “read this HttpClient Authentication” link points to httpClient Version 3.5 page.
Maybe you want to adjust it to the httpClient 4.5 page (https://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html)
Thanks brother. It solved my problem 🙂
I am trying to login jasper server, but after successful login, I got the below response.
200
window.location=”home.html”;
If your browser doesn’t automatically go there,
you may want to go to the destination
manually.