I have an app A(client), which makes a web-service GET call to App B(server). App B is using web page authentication redirect for all these incoming web service get request calls. AppB is processing GET request some thing like:
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
// code lines
//....
..
String login_URL = "https://sometestsite.com/pagLogin";
StringBuffer baseURL = request.getRequestURL();
String query = request.getQueryString();
String encReturnURL = URLEncoder.encode(baseURL.toString() + "?" + query, "UTF-8");
String final_URL = login_URL + encReturnURL ;
Cookie[] cookies = request.getCookies();
if ((cookies == null) || (cookies.length == 0))
{
response.sendRedirect(noCookieURL);
return;
}
String cookieValue= null;
for (int i = 0; i < cookies.length; i++)
{
Cookie thisCookie = cookies[i];
String cookieName = thisCookie.getName();
if (cookieName == null)
{
//logger.info("cookieName is null");
}
//logger.info("cookieName is " + cookieName);
if (cookieName.equals("myCookie"))
{
cookieValue = thisCookie.getValue();
break;
}
}
String ESEncypt = esGatekeeper.esGatekeeper(cookieValue,"password");
if(ESEncrypt satisfies some condition){
// construct output message and response
String output = "{Some JSON message}";
response.setContentType("application/json");
response.getWriter().append(output);
}
}
I am working on appA(client) side, to make requests to appB(server), appA is java, REST, spring boot based micro-service.
Question: How can I successfully get through this authentication?
1) In appA I have tried using ApacheHttpClient, and URLConnection to establish a connection to url: https://sometestsite.com/pagLogin
. and tried to send cookies to server appB using setRequestProperty("cookieName","value")
on HttpURLConnection
.
2) as appB uses sendRedirect in case no cookie exist, How to (is it a best practice to) send login crendentials along with get request from appA to appB, so that appB can forward those details when it makes sendRedirect
call.