Setting custom HTTP request headers in an URL object doesn't work

Blagovest Buyukliev picture Blagovest Buyukliev · Jun 24, 2011 · Viewed 13.5k times · Source

I am trying to fetch an image from an IP camera using HTTP. The camera requires HTTP basic authentication, so I have to add the corresponding request header:

URL url = new URL("http://myipcam/snapshot.jpg");
URLConnection uc = url.openConnection();
uc.setRequestProperty("Authorization", 
  "Basic " + new String(Base64.encode("user:pass".getBytes())));

// outputs "null"
System.out.println(uc.getRequestProperty("Authorization"));

I am later passing the url object to ImageIO.read(), and, as you can guess, I am getting an HTTP 401 Unauthorized, although user and pass are correct.

What am I doing wrong?

I've also tried new URL("http://user:pass@myipcam/snapshot.jpg"), but that doesn't work either.

Answer

Buhake Sindi picture Buhake Sindi · Jun 24, 2011

In class sun.net.www.protocol.http.HttpURLConnection, which extends java.net.HttpURLConnection, the following method getRequestProperty(String key) was overridden to return null when requesting security sensitive information.

public String getRequestProperty(String key) {
    // don't return headers containing security sensitive information
    if (key != null) {
        for (int i = 0; i < EXCLUDE_HEADERS.length; i++) {
        if (key.equalsIgnoreCase(EXCLUDE_HEADERS[i])) {
            return null;
        }
        }
    }
    return requests.findValue(key);
}

Here is the declaration for EXCLUDE_HEADERS:

// the following http request headers should NOT have their values
// returned for security reasons.
private static final String[] EXCLUDE_HEADERS = {
    "Proxy-Authorization", "Authorization" };

That's why you're having a null on uc.getRequestProperty("Authorization"). Have you tried using HttpClient from Apache?