Getting URL after a redirect using HttpClient.Execute(HttpGet)

user1286412 picture user1286412 · Apr 26, 2012 · Viewed 25.5k times · Source

I have searched for a while and I am not finding a clear answer. I am trying to log into a webstie. https://hrlink.healthnet.com/ This website redirects to a login page that is not consitent. I have to post my login credentials to the redirected URL.

Im am trying to code this in Java but I do not understand how to get the URL from the response. It may look a bit messy but I have it this way while I am testing.

    HttpGet httpget = new HttpGet("https://hrlink.healthnet.com/");
    HttpResponse response = httpclient.execute(httpget);HttpEntity entity = response.getEntity();

    String redirectURL = "";

    for(org.apache.http.Header header : response.getHeaders("Location")) {
        redirectURL += "Location: " + header.getValue()) + "\r\n";
        }        

    InputStream is;
    is = entity.getContent();

    BufferedReader reader = new BufferedReader(new InputStreamReader(is,"iso-8859-1"),8); 
    StringBuilder sb = new StringBuilder(); 
    String line = null; 
    while ((line = reader.readLine()) != null) { 
            sb.append(line + "\n"); 
    } 
    is.close(); 

    String result = sb.toString();

I know i get redirected because my result string shows be the actual login page but I am not able to get the new URL.

In FireFox I am using TamperData. When I navigate to this website https://hrlink.healthnet.com/ I have a GET with a 302 - Found and the Location of the Login Page. Then another GET to the actual Login Page

Any help is greatly appreciated thank you.

Answer

yorkw picture yorkw · Apr 27, 2012

Check out w3c documentation:

10.3.3 302 Found

The temporary URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s).

If the 302 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued.

One solution is to use POST method to break auto-redirecting at client side:

HttpPost request1 = new HttpPost("https://hrlink.healthnet.com/");
HttpResponse response1 = httpclient.execute(request1);

// expect a 302 response.
if (response1.getStatusLine().getStatusCode() == 302) {
  String redirectURL = response1.getFirstHeader("Location").getValue();
  
  // no auto-redirecting at client side, need manual send the request.
  HttpGet request2 = new HttpGet(redirectURL);
  HttpResponse response2 = httpclient.execute(request2);

  ... ...
}

Hope this helps.