Https authenticate and get redirected page source

[Revolter]

Hi, I'm trying to authenticate to a website ( `https://myaccount.romtelecom.ro/info/login.jsp` ) using this code:

Code:

byte[] be=Base64.encode("username:password".getBytes()); //Base64 class from http://www.bouncycastle.org/latest_releases.htm

StringBuffer sbe=new StringBuffer();

for(int i=0;i<be.length;i++)
	sbe.append((char) be[i]);

HttpsConnection hc=(HttpsConnection) Connector.open(url);

hc.setRequestProperty("Authorization","Basic "+sbe.toString());

DataInputStream is=hc.openDataInputStream();

StringBuffer sb = new StringBuffer();

int rc;

while((rc=is.read())!=-1)
	sb.append((char) rc);

System.out.println(sb.toString());

but I receive the login page source and not the page source that I'm being redirected to when I login using the browser.

[traud]

First of all, you do not need to type-cast to HttpsConnection. HttpConnection is enough because you do not use anything special in the API of that class. You can go for the more generic one.

Second, is that your webserver? Do you get HTTP redirected, have you handled that in your code? Is it really using Basic Auth? Are any cookies involved?

[wizard_hu_]

Getting the page source is a good thing actually, because then you can read it.
I am not familar with HTTP authentication methods, but the page seems to apply MD5 hashing on the password which your code does not (see use of the hidden txtMD5Pass field). The login thing appears to be a form submission in general.

[traud]

Ups, I missed that a URL is specified. Yes, this is a HTTP POST request which needs the parameters within the HTTP content. That is not a HTTP GET with an HTTP header Authorization.

And as noted, on submit the form calls onLogin() which call setHash() which hex_md5() the parameter txtPassword into the parameter txtMD5Pass. Looking at the code, I am not sure why that is done. You have to experiment. Or said differently: It is much more complicated than you might have thought. You should contact the author of that webpage, if there is a more simple API. Often there is. Such a phone call saves a lot of work and is much more future proof.

[Revolter]

First of all, you do not need to type-cast to HttpsConnection. HttpConnection is enough because you do not use anything special in the API of that class. You can go for the more generic one.

Second, is that your webserver? Do you get HTTP redirected, have you handled that in your code? Is it really using Basic Auth? Are any cookies involved?

I didn't knowm I just copied it from a website.
No, it's not my webserver, I don't even know exactly what is Basic Auth, and yes, there are cookies involved. It's the website of an important phone company in Romania and if I login I have access to a simple table that shows me how much and how many calls I made in the current month, and I want to send those informations through a message without the need of a pc, without the need of manual login and without the need of typing it each time manually.

Getting the page source is a good thing actually, because then you can read it.
I am not familar with HTTP authentication methods, but the page seems to apply MD5 hashing on the password which your code does not (see use of the hidden txtMD5Pass field). The login thing appears to be a form submission in general.

Ups, I missed that a URL is specified. Yes, this is a HTTP POST request which needs the parameters within the HTTP content. That is not a HTTP GET with an HTTP header Authorization.

And as noted, on submit the form calls onLogin() which call setHash() which hex_md5() the parameter txtPassword into the parameter txtMD5Pass. Looking at the code, I am not sure why that is done. You have to experiment. Or said differently: It is much more complicated than you might have thought. You should contact the author of that webpage, if there is a more simple API. Often there is. Such a phone call saves a lot of work and is much more future proof.

I didn't think it's easy ) I know it's complicated and I can't get it to work. I don't think they have any API, pretty sure they don't ... Can I md5 a string in J2ME? Or do I need a library for it?

[wizard_hu_]

As it is crypto stuff, it is pretty probable that Bouncy Castle can calculate MD5 for you.

[traud]

I don't think they have any API

Do not think, ask, so you know.

Can I md5 a string in J2ME? Or do I need a library for it?

You can do all that in J2ME because you can replicate a whole web-browser. If you use a library like Bouncy Castle you might be faster. However, I would start such a project on a desktop computer environment, in a programming language you are comfortable with. When you understood all that stuff, which is HTML and JavaScript reverse engineering, then you can go over to the even more complicated Java 2 Micro Edition platform. We cannot help you, because your project takes around three days even for experienced HTML programmers. or said differently: It is not as easy as you have might thought. First, understand what is happing on that login webpage and what is important for the login.

[rchadalawada]

hi,

please do test it on a real device i had the same issue with bing on emulator but it works fine in real device....

regards rahul

[Revolter]

hi,

please do test it on a real device i had the same issue with bing on emulator but it works fine in real device....

regards rahul

I will, thanks