Rectangle 27 0

java HttpUrlConnection not working and shows different status code for GET and POST call?


I had a similar problem, and solved by passing the authenticated session cookie. Not sure if that is possible in your situation.

Note
Rectangle 27 0

java HttpUrlConnection not working and shows different status code for GET and POST call?


Authorization
WWW-Authenticate
WWW-Authenticate: Basic realm="Protected"
  • Compare (2) and (3). For the most thorough comparison, save each HTTP request and response message as a separate file for (2) and (3), then diff the corresponding files.
  • Now send an additional GET request to server that (either without/with the original request contents), but includes the Authentication header, with Base 64 encoded username:password (Authorization: Basic ZnJhbms6ZmllZGxlcg==)

Good work. Thanks. :-) Did you see a response message with Burp?

I am able to look at response. It always times out with coe 408. Yesterday also when using proxy server I was having this problem. If I turn proxy server off then I never get timeout and get exception as described in my question.

Seems you have the same problem for both GET and POST: the server is configured for BASIC authentication, but the client is not following the authentication protocol correctly. I think it just shows as a slightly different sympton in the two cases: for GET it says 'resource not found' (because you're not authenticated) and for POST the resource is given by you, but the server says you're not authorized to change the resource on the server. I suggest you've done enough (good!) debugging of request contents and now you should stop and focus on getting authentication working.

There's a difference between your HTTP traffic for iOS and for Android. This is guaranteed, otherwise you'd get identical behaviour from the server. The difference is probably in HTTP header(s) &/or parameter(s).

This is very difficult to debug remotely via SO Q&A - E.g. we don't know what headers & parameters your iOS client is successfully using nor how your server is configured & programmed.

When you see the Request message displayed, then on the Interception tab click Forward. This sends the Request to the server, which returns the Response, which should then be displayed by Burp.

Note
Rectangle 27 0

java HttpUrlConnection not working and shows different status code for GET and POST call?


HttpUrlConnection don't give server response when HTTP status code is >= 400

Finally, either I had to handle each status code, that is equal and above 400, at client side or I can use HttpClient, instead of HttpUrlConnection. And now I am moving to HttpClient.

I need not pass Authorization header. The thing is that there are 2 credentials come into the picture. one is server's authorization and second is credentials for login API. In my app, user creates an account and login to it. To authenticate the user I pass credentials to server and server authenticate it.

I solved my problem and it is something I never tried to focus on while solving the problem.

So when user enters correct credentials then response received is correct. And, in case of wrong credentials, my server passes a error message You are not authorized person, which I want to display to user(as in my iOS app). So the problem is here that HTTP status code (in case of wrong credentals) is 401 and that is why I don't receive the message sent by the server (and receive No authentication challenges found message).

The only option to get error details in case status code 400 and above is to use getErrorStream() method and using that I was receiving No authentication challenges found message.

Note
Rectangle 27 0

java HttpUrlConnection not working and shows different status code for GET and POST call?


AuthUser="foobar"
    AuthPass="password"
    URL targetUrl = new URL("http://www.google.com/");
    HttpURLConnection connection = (HttpURLConnection) targetUrl.openConnection();
    connection.setRequestMethod("GET");
    connection.setDoInput(true);
    String authStr = Base64Variants.MIME_NO_LINEFEEDS.encode((AuthUser+":"+AuthPass).getBytes());
    connection.addRequestProperty("Authorization", "Basic "+authStr);
    InputStream inputStream= connection.getInputStream();

I just run something like this and it worked perfectly for me. Just make sure you use Base64Variants.MIME_NO_LINEFEEDS and you should be able to create a proper authentication header. If that doesn't work, then you might have some problem on the server side.

Note
Rectangle 27 0

java HttpUrlConnection not working and shows different status code for GET and POST call?


AuthUser="foobar"
    AuthPass="password"
    URL targetUrl = new URL("http://www.google.com/");
    HttpURLConnection connection = (HttpURLConnection) targetUrl.openConnection();
    connection.setRequestMethod("GET");
    connection.setDoInput(true);
    String authStr = Base64Variants.MIME_NO_LINEFEEDS.encode((AuthUser+":"+AuthPass).getBytes());
    connection.addRequestProperty("Authorization", "Basic "+authStr);
    InputStream inputStream= connection.getInputStream();

I just run something like this and it worked perfectly for me. Just make sure you use Base64Variants.MIME_NO_LINEFEEDS and you should be able to create a proper authentication header. If that doesn't work, then you might have some problem on the server side.

Note
Rectangle 27 0

java HttpUrlConnection not working and shows different status code for GET and POST call?


Authorization
WWW-Authenticate
WWW-Authenticate: Basic realm="Protected"
  • Compare (2) and (3). For the most thorough comparison, save each HTTP request and response message as a separate file for (2) and (3), then diff the corresponding files.
  • Now send an additional GET request to server that (either without/with the original request contents), but includes the Authentication header, with Base 64 encoded username:password (Authorization: Basic ZnJhbms6ZmllZGxlcg==)

Good work. Thanks. :-) Did you see a response message with Burp?

I am able to look at response. It always times out with coe 408. Yesterday also when using proxy server I was having this problem. If I turn proxy server off then I never get timeout and get exception as described in my question.

Seems you have the same problem for both GET and POST: the server is configured for BASIC authentication, but the client is not following the authentication protocol correctly. I think it just shows as a slightly different sympton in the two cases: for GET it says 'resource not found' (because you're not authenticated) and for POST the resource is given by you, but the server says you're not authorized to change the resource on the server. I suggest you've done enough (good!) debugging of request contents and now you should stop and focus on getting authentication working.

There's a difference between your HTTP traffic for iOS and for Android. This is guaranteed, otherwise you'd get identical behaviour from the server. The difference is probably in HTTP header(s) &/or parameter(s).

This is very difficult to debug remotely via SO Q&A - E.g. we don't know what headers & parameters your iOS client is successfully using nor how your server is configured & programmed.

When you see the Request message displayed, then on the Interception tab click Forward. This sends the Request to the server, which returns the Response, which should then be displayed by Burp.

Note
Rectangle 27 0

java HttpUrlConnection not working and shows different status code for GET and POST call?


HttpUrlConnection don't give server response when HTTP status code is >= 400

Finally, either I had to handle each status code, that is equal and above 400, at client side or I can use HttpClient, instead of HttpUrlConnection. And now I am moving to HttpClient.

I need not pass Authorization header. The thing is that there are 2 credentials come into the picture. one is server's authorization and second is credentials for login API. In my app, user creates an account and login to it. To authenticate the user I pass credentials to server and server authenticate it.

I solved my problem and it is something I never tried to focus on while solving the problem.

So when user enters correct credentials then response received is correct. And, in case of wrong credentials, my server passes a error message You are not authorized person, which I want to display to user(as in my iOS app). So the problem is here that HTTP status code (in case of wrong credentals) is 401 and that is why I don't receive the message sent by the server (and receive No authentication challenges found message).

The only option to get error details in case status code 400 and above is to use getErrorStream() method and using that I was receiving No authentication challenges found message.

Note
Rectangle 27 0

java HttpUrlConnection not working and shows different status code for GET and POST call?


Note