Search code examples
javaapache-httpclient-4.xhttp-authenticationhttp-status-code-401digest-authentication

Apache HttpClient DigestAuth - 401, Unauthorized. But Credentials are okay

When I try to connect to a webserver using DIGEST authentification, the connection will be refused (401, Not Authenticated). The Answers I could find related to this topic where mostly deprecated, so I wanted to start a discussion about resolving this problem with the current version:

 <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpclient</artifactId>
            <version>4.4.1</version>
        </dependency>

The following code allows to set credentials and connect to my target rest-service using Apache HttpClient. The credentials I am using are correct, so there must be something wrong with my configuration of the credentials or the way I'm using the HTTPClient.

    HttpGet getArticles = new HttpGet("http://myurl.xx/api/");

    Registry<AuthSchemeProvider> authSchemeRegistry =
            RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.DIGEST,new DigestSchemeFactory()).build();
    CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
    credentialsProvider.setCredentials(
            new AuthScope("http://myurl.xx/api/",80),
            new UsernamePasswordCredentials(username,pw));

    CloseableHttpClient client = HttpClients.custom()
            .setDefaultAuthSchemeRegistry(authSchemeRegistry)
            .setDefaultCredentialsProvider(credentialsProvider).build();

    try {
        CloseableHttpResponse response = client.execute(getArticles);
        logger.info(String.valueOf(response.getStatusLine().getStatusCode()));
    } catch (IOException e) {
        logger.error(e.getMessage(),e);
    }finally {
        try {
            client.close();
        } catch (IOException e) {
            logger.error(e.getMessage(),e);
        }
    }

This will return 

HTTP/1.1 401 Unauthorized

I'm not an expert with digest auth but I know you have to connect twice, because the servers will send you some auth data in the first place. But I believe that, when I register DIGEST as the AuthentificationScheme, this should be handled automatically?

When I check the Client client.authSchemeRegistry says:

{digest=org.apache.http.impl.auth.DigestSchemeFactory@481a996b}

So it's successfully registered.

Solution

  • It may or may not be the reason, but the scope of credentials is wrong. The AuthScope constructor takes a host name, not a URL as the first parameter.

    credentialsProvider.setCredentials(
        new AuthScope("myurl.xx",80),
        new UsernamePasswordCredentials(username,pw));