The Standard Class For Basic Authentication Does Not Work With OAM (Doc ID 553016.1)

Last updated on MARCH 08, 2017

Applies to:

COREid Access - Version: 10.1.4.0.1 and later   [Release: 10g and later ]
Information in this document applies to any platform.
Checked for relevance on 12-Apr-2010

Symptoms

The call java.net.Authenticator does not work with Oracle Access Manager. You get an HTTP 401
error when trying to access a protected page from a Java program. You are using java.net.URL to
connect and access this resource.

You have the following simple case:

1. You have setup a web server using Oracle HTTP server (Apache based)
2. On the server, there is a static HTML page at www.xyz.com/mytest.html
3. The mytest.html page is protected using HTTP Basic Authentication provided by the HTTP server
4. A remote customer is granted access to this mytest.html, and is told that it is HTTP basic authentication protected and is provided the username and password
5. The customer tested the access using a browser, and is able to read the mytest.html page
6. Now the customer wants to write a program to automatically read the content of the mytest.html
7. Customer developed a Java client program using standard Java API in a industry standard way (it is a client program on the remote customer side):

import java.io.OutputStreamWriter;
import java.net.Authenticator;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;
import java.sql.Timestamp;
import java.text.Format;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Enumeration;
import java.util.GregorianCalendar;
import java.util.TimeZone;

import javax.net.ssl.HttpsURLConnection;
import javax.servlet.http.HttpServletRequest;


public class UploadTest {

   public static void main(String[] args) {
      
      try {
         
         // Install the custom authenticator
         String data = URLEncoder.encode("remoteSiteName", "UTF-8") + "=" + URLEncoder.encode("ORACLE", "UTF-8");
          
          Authenticator.setDefault(new MyAuthenticator());
             
         URL url = new URL("https://yourapplicationserver.domain.com/resource/webapplication");
           URLConnection conn = url.openConnection();
           conn.setDoOutput(true);
           OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream());
           wr.write(data);
           wr.flush();
       
           // Get the response
           BufferedReader  rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));
           String line;
           while ((line = rd.readLine()) != null) {
               // Process line.../
            System.out.println("Line :" + line);
           }
           wr.close();
           rd.close();
      } catch (Exception ex)  {
         ex.printStackTrace(); 
         System.out.println("Error : " + ex);
        }
   }
}

import java.net.Authenticator;
import java.net.InetAddress;
import java.net.PasswordAuthentication;

public class MyAuthenticator extends Authenticator {

   // This method is called when a password-protected URL is accessed
   protected PasswordAuthentication getPasswordAuthentication() {

        
    String username = "scott";
            
        // Get the password from the user...
            String password =  "tiger";
    
            // Return the information
            return new PasswordAuthentication(username, password.toCharArray());
        }
    }

8. The Java program works, which is able to read the content of the mytest.html
9. On the server side, you switch to use Basic Over LDAP Authentication Scheme provided by OAM to protect the mytest.html
10. On the remote customer side, customer tests access using browser, and everything is OK.
11. However, when trying the same Java program, customer is not able to read the content and receive 401 Unauthorized.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms