With Java, using the REST API, how do I auth via POST and then use the returned cookie for subsequent calls (GET or POST)?

I have example code that will do a POST to authenticate to my server.  That works and is as far as I can get, I have not figured out how to make subsequent calls using the connection that is returned.

After the POST, I want to do a GET.  As I understand it, I must save or use the returned cooking for subsequent calls if I want to do a GET.

Does anyone have a simple single file .java example of doing a POST to authenticate to the server and then doing a GET with the connection that is returned?

I cannot find an example of this anywhere in any documentation or site, but it seems like a very common thing that would be done.

Any help would be greatly appreciated.  If there are dependencies, inncluding a pom.xml would be extremely helpful.

//this works
byte[] creds = ("superuser:superuser").getBytes("utf-8");
String jasperAuth = "Basic " + Base64.getEncoder().encodeToString(JasperCred);
URL url = new URL("http://localhost:8080/jasperserver-pro");
HttpURLConnection con = (HttpURLConnection) url.openConnection();
con.setRequestProperty("Authorization", jasperAuth);

now I have a connection 'con', and want to do another GET and possibly more POST's

How does one auth with POST, and then do a subsequent GET?


I am assuming the POST would save a cookie that I can use in the GET so I would not have to auth with the GET?

I do not want to auth via GET because the user login/password would/could be saved in server log files and is an insecure approach.

DevLinux's picture
Joined: Oct 28 2020 - 8:43pm
Last seen: 1 year 5 months ago


May i know, why you want to do authentication via POST. 

Anyway, use URL as

"http://localhost:8080/jasperserver-pro/j_spring_security_check?"+ "j_username=" + username+ "&j_password=" + password;

Remove the line "con.setRequestProperty("Authorization", jasperAuth);"   as you are passing credentials in the URL.

Then, your code for connection object with POST should work.

check the response code. If 200, build session id as below:

String session_id = con.toString() + "";
int index1 = session_id.indexOf("=");
int index2 = session_id.indexOf("?");
jsessionId = session_id.substring(index1 + 1, index2); return jsessionId;

pass this session ID for the next request by setting request property as below for new connection object for GET method

url = new URL(urlGET);

HttpURLConnection getConnection = (HttpURLConnection) urlGET.openConnection();

getConnection .setRequestProperty("Cookie", "JSESSIONID=" + session_id);

make sure to set Content-Type, Accept  and request method as "GET" for getConnection object.

Hope it helps.

sjayanti89 - 1 year 8 months ago

0 Answers:

No answers yet