Attempting to log into website from java

up

Not much I can recommend. Your code is trying to mimic a browser's actions. Do it in the browser, watch what happens and try to do the same in your code.

Yeah, that's what I've been doing. I've been comparing everything, but they look almost identical to me now :S

How do sessions work in general? So when I log in, the website will send me back a session as a cookie? And from then on, all I would need to do is send that cookie as a part of the header when making GET requests? Or is there something more to it?

That's all I know about it. Return the cookie the server gives you.

In general you should be passing the headers untouched back to you as they may have added things in there (such as your session id). As long as it's passed the next time, you should still be able to maintain authentication and shouldn't be receiving a 403.

Also, double check that the implementation of your http connection can handle passing cookies back. I got burned by this once when I was running unit/integration testing against a project of mine where I need to startup an embedded application server and verify that I can hit some rest methods, which must pass authentication first.

Using the jersey-apache-client did the trick (jersey-client.jar http connection does not do session management for you).

The way I had to use my implementations was something like this:

Code:

---

// ...
import com.sun.jersey.client.apache.ApacheHttpClient;
import com.sun.jersey.client.apache.config.DefaultApacheHttpClientConfig;
import com.sun.jersey.api.client.WebResource;
import com.sun.jersey.api.representation.Form;
import javax.ws.rs.core.MediaType;

public abstract class BaseTest {
    protected DefaultApacheHttpClientConfig config = new DefaultApacheHttpClientConfig();
    protected ApacheHttpClient client;

    // in some method
    public void init() {
      config.getProperties().put(DefaultApacheHttpClientConfig.PROPERTY_HANDLE_COOKIES, true);

        client = ApacheHttpClient.create(config);
        resource = client.resource("http://my.server.com/auth");
       
        Form form = new Form();

        // construct my form object and post ... in my case with this media type.
        String result = resource.accept(MediaType.APPLICATION_JSON).post(String.class, form);
    }
}

---