LWP::UserAgent HTTP Basic Authentication

XoR picture XoR · Nov 20, 2011 · Viewed 28.5k times · Source

I tried to run this perl5 program:

 #!/usr/bin/env perl                                                             

use strict;                                                                     
use warnings;                                                                   
use LWP;                                                                        

my $ua = LWP::UserAgent->new('Mozilla');                                        
$ua->credentials("test.server.com:39272", "realm-name", 'user_name', 'some_pass');                       
my $res = $ua->get('http://test.server.com:39272/');                  

print $res->content;

On other hand I have HTTP::Daemon:

#!/usr/bin/env perl                                                                                       

use strict;                                                                     
use warnings;                                                                   

use HTTP::Daemon;                                                               

my $hd = HTTP::Daemon->new or die;                                              

print "Contact URL: ", $hd->url, "\n";                                          
while (my $hc = $hd->accept) {                                                  
  while (my $hr = $hc->get_request) {                                           
    if ($hr->method eq 'GET') {                                                 
      print $hr->as_string, "\n";                                               
    }                                                                           
  }                                                                             
  $hc->close;                                                                   
  undef($hc);                                                                   
}    

And it just prints:

Contact URL: http://test.server.com:39272/
GET / HTTP/1.1
Connection: TE, close
Host: test.server.com:39272
TE: deflate,gzip;q=0.3
User-Agent: libwww-perl/6.03

So I see that LWP::UserAgent don't send HTTP Basic auth, but I don't know why.

I seen some post on this web site, but they have this same basic code, and it doesn't work...

If I use HTTP::Request then it works:

my $req = GET 'http://test.server.com:39272/';                        
$req->authorization_basic('my_id', 'my_pass');                                  
my $res = $ua->request($req);

Outputs:

GET / HTTP/1.1
Connection: TE, close
Authorization: Basic bXlfaWQ6bXlfcGFzcw==
Host: test.server.com:39272
TE: deflate,gzip;q=0.3
User-Agent: libwww-perl/6.03

Did I done something wrong before?

Answer

brian d foy picture brian d foy · Nov 20, 2011

LWP will only send the credentials for a realm if the server has told it that it's trying to access that realm. A particular user may only be able to access particular realms or have different passwords for different realms. LWP doesn't know which one to pick out of its credentials without the realm. Additionally, LWP isn't going to use the data you store in the credentials unless it's been challenged. You're not doing that.

If you supply the credentials directly by specifying the Authorization header, you do no realm checking. You can always send any header you like if you set it explicitly yourself, so it's not surprising that you see it.

You just need a better test server:

use strict;                                                                     
use warnings;                                                                   

use HTTP::Daemon;                                                               
use HTTP::Status;

my $server = HTTP::Daemon->new or die;                                              

print "Contact URL: ", $server->url, "\n";                                          
while (my $connection = $server->accept) {                                                  
    while (my $request = $connection->get_request) {                                           
        print $request->as_string;
        unless( $request->header( 'Authorization' ) ) {                                                 
            $connection->send_response( make_challenge() )                                               
            }
        else {
            $connection->send_response( make_response() )                                               
            }   
        }                                                                             
    $connection->close;                                                                   
    }  

sub make_challenge {
    my $response = HTTP::Response->new( 
        401 => 'Authorization Required',
        [ 'WWW-Authenticate' => 'Basic realm="Buster"' ],
         );
    }

sub make_response {
    my $response = HTTP::Response->new( 
        200 => 'Huzzah!',
        [ 'Content-type' => 'text/plain' ],
         );

    $response->message( 'Huzzah!' );
    }

When you run your client once, there should be two requests:

GET / HTTP/1.1
Connection: TE, close
Host: macpro.local:52902
TE: deflate,gzip;q=0.3
User-Agent: libwww-perl/6.02

GET / HTTP/1.1
Connection: TE, close
Authorization: Basic dXNlcl9uYW1lOnNvbWVfcGFzcw==
Host: macpro.local:52902
TE: deflate,gzip;q=0.3
User-Agent: libwww-perl/6.02