Link to home
Start Free TrialLog in
Avatar of Sreejith22
Sreejith22Flag for India

asked on

Java - Constructor question

Hi experts,
I have a constructor as shown below.
>>public static String sendRequestString(String address)
      {
          System.out.println("Inside constructor");
            Authenticator.setDefault(new MyAuthenticator());
                ........................................
                ........................................

class MyAuthenticator extends Authenticator {
    protected PasswordAuthentication getPasswordAuthentication() {
          System.out.println("Inside authenticator");
               ........................................
                ........................................

When I call the constructor (sendRequestString(String address))  for the first time, both the SOP's get printed. But for subsequent calls of this constructor, the SOP inside authenticator class does not get printed.
Why does this happen and how can I overcome this?
Any help in this regard will be well appreciated with points.

Warm Regards,
Anees


Avatar of quincydude
quincydude
Flag of Hong Kong image
Hi,
It depends on the behaviour of Authenticator.setDefault() or MyAuthenticator() constructor. Any one of them would invoke getPasswordAuthentication() at some point. Please check your code as the information given is not enough for me.
Avatar of Sreejith22
Sreejith22
Flag of India image

ASKER

Thanks for your valuable comment.
I am attaching my java source here.
Please have a look.

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.Authenticator;
import java.net.MalformedURLException;
import java.net.PasswordAuthentication;
import java.net.URL;
import com.lynxoft.dld.utils.UtilsHTTPS;
 
public class GetAuthenticatedData
{
	public static String sendRequestString(String address)
	{
	    System.out.println("Inside constructor");
		Authenticator.setDefault(new MyAuthenticator());
	    String str = null;
	    try {
	        URL url = new URL(address);
	        BufferedReader in = new BufferedReader(new InputStreamReader(url.openStream()));
	        
	        while (( str = in.readLine()) != null) {
	        	System.out.println("string returned by server is "+str);
	        	return str;
	        }
	        in.close();
	    } catch (MalformedURLException e) {
	    } catch (IOException e) {
	    }
	    Authenticator.setDefault(null);
		return str;
	}
}
class MyAuthenticator extends Authenticator {
    protected PasswordAuthentication getPasswordAuthentication() {
    	System.out.println("Inside authenticator");
    	System.out.println("pwdddddddddd"+UtilsHTTPS.password);
        return new PasswordAuthentication(UtilsHTTPS.username, UtilsHTTPS.password.toCharArray());
    }
}

Open in new window

Avatar of quincydude
quincydude
Flag of Hong Kong image
The given code does not show when is  getPasswordAuthentication() called,
do you have the access to Authenticator.setDefault() method?
Avatar of Sreejith22
Sreejith22
Flag of India image

ASKER

>>do you have the access to Authenticator.setDefault() method

It is the method inside  Authenticator class which is a JDK class.
Avatar of quincydude
quincydude
Flag of Hong Kong image
Then I think this method invoke getPasswordAuthentication()  when being called.
So does it cause any problem if it's only invoked once?
Avatar of Sreejith22
Sreejith22
Flag of India image

ASKER

>>So does it cause any problem if it's only invoked once?

Yes. When I logout from the application and log in as other user, the first users authentication details persist since new MyAuthenticator() is not called.
Avatar of rbrindl
rbrindl
Flag of Austria image
Are you using HTTP Protocol?
The problem might be that the authentication is only called when needed (see javadoc forjava.net.Authenticator), i.e. when the server requests authentication.
In a webbrowser, cookies or url-rewriting are used to maintain session state, I have not looked into URLConnection (or better sun.net.www.protocol.http.HTTPURLConnection). Might be, it also stores cookie in some static cache. There is no source available for the sun implementation classes, so the only way would be to decompile and look into that.

So the only way to get unauthenticated without hacking into the implementation classes is to provide a URL that does the logoff on the server side, like you would do with a web application.

BTW: There is not a single constructor in your code, just methods. This was a bit confusing.
Avatar of rbrindl
rbrindl
Flag of Austria image
some more details can be found on:
http://httpd.apache.org/docs/1.3/howto/auth.html#basicworks

I was not quite correct in the last post: not the server recognizes that you are authenticated. It sends a 401 authentication request each time. But the client (in this case the HTTPURLConnection implementation class) recognizes that it is already authenticated against that realm and resends username/password (which it caches, not even the PasswordAuthentication is called a second time).
ASKER CERTIFIED SOLUTION
Avatar of quincydude
quincydude
Flag of Hong Kong image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of rbrindl
rbrindl
Flag of Austria image
@quincydude: I dont understand that completely, could you please explain?  What do you mean with "Authenticator.setDefault() used correctly" ?  I understand that getPasswordAuthentication() is not called each time (as i wrote above), but I don't see a relationship to Authenticator.setDefault.

@Sreejith22: does it work now? could you post the working code? i am quite interested in it!

Thank you both!