Java: fetch URL with HTTPBasic Authentication

Paul Tarjan picture Paul Tarjan · Jan 13, 2010 · Viewed 13.1k times · Source

I'm doing some simple HTTP authentication and am getting a

java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic OGU0ZTc5ODBk(...trimmed from 76 chars...)
(...more password data...)

which I think is due to me having a really long username and password and the encoder wraps it with a \n at 76 chars. Is there any way I can get around this? The URL only supports HTTP Basic Auth.

Here is my code:

private class UserPassAuthenticator extends Authenticator {
    String user;
    String pass;
    public UserPassAuthenticator(String user, String pass) {
        this.user = user;
        this.pass = pass;
    }

    // This method is called when a password-protected URL is accessed
    protected PasswordAuthentication getPasswordAuthentication() {
        return new PasswordAuthentication(user, pass.toCharArray());
    }
}

private String fetch(StoreAccount account, String path) throws IOException {
    Authenticator.setDefault(new UserPassAuthenticator(account.getCredentials().getLogin(), account.getCredentials().getPassword()));

    URL url = new URL("https", account.getStoreUrl().replace("http://", ""), path);
    System.out.println(url);

    URLConnection urlConn = url.openConnection();
    Object o = urlConn.getContent();
    if (!(o instanceof String)) 
        throw new IOException("Wrong Content-Type on " + url.toString());

    // Remove the authenticator back to the default
    Authenticator.setDefault(null);
    return (String) o;
}

Answer

Thilo picture Thilo · Jan 13, 2010

That seems to be a bug in Java.

Have you tried using alternative HTTP clients, such as the library from Apache?

Or instead of using the Authenticator, manually setting the header?

URL url = new URL("http://www.example.com/");
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
connection.setRequestProperty("Authorization", "Basic OGU0ZTc5ODBkABcde....");

The token value is encodeBase64("username:password").