如何使用Jsoup登录JIRA？

Question

I've been trying to login to JIRA using the Jsoup API, but it's not working for some reason.

I've tried to identify the username and password tags, but still no good.

Can someone please help me figure out what I am doing wrong?

public class test
{
public static void main(String[] args) throws IOException{
    final String USER_AGENT = "\"Mozilla/5.0 (Windows NT\" +\n" +  
     "          \" 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36\"";  
    String loginFormUrl = "https://jira.aciworldwide.com/login.jsp";  
    String loginActionUrl = "https://jira.aciworldwide.com/login.jsp";  
    String username = "jon@jon";  
    String password = "XXXXXX";  

     HashMap<String, String> cookies = new HashMap<>();  
     HashMap<String, String> formData = new HashMap<>();  

     Connection.Response loginForm = Jsoup.connect(loginFormUrl).method(Connection.Method.GET).userAgent(USER_AGENT).execute();  
     Document loginDoc = loginForm.parse(); // this is the document that contains response html

     cookies.putAll(loginForm.cookies()); // save the cookies, this will be passed on to next request  

     formData.put("login", "Log In"); 
     formData.put("os_username", username);  
     formData.put("os_password", password); 

     Connection.Response homePage = Jsoup.connect(loginActionUrl)  
         .cookies(cookies)  
         .data(formData)  
         .method(Connection.Method.POST)  
         .userAgent(USER_AGENT)  
         .execute();  

     System.out.println(homePage.parse().html());  


   }
}

If not JSoup, is there any other API available for the same?

Any help would be greatly appreciated!

Answer 1

You are in the right direction but sometimes "faking" the login process of some webapps can be quite tricky or hard to success because you are missing to set one specific header, or cookie, or some special param...

If you take a look at Jira's documentation you'll find many examples. Instead of sending the username and password as a form, you better do a REST POST for getting a valid cookie.

As said in documentation:

• (1) The client creates a new session for the user, via the JIRA REST API .
• (2) JIRA returns a session object, which has information about the session including the session cookie. The client stores this session object.
• (3) The client can now set the cookie in the header for all subsequent requests to the JIRA REST API.

I've created a simple class for testing that and I've ensured is working with Jira (not sure what's the version but probably the last one). The method getFullName just search for the fullName on the server's response (after successfull login fullName will appear in the response):

import org.jsoup.Connection.Method;
import org.jsoup.Connection.Response;
import org.jsoup.Jsoup;
import org.jsoup.nodes.Document;
import org.jsoup.nodes.Element;

import java.io.IOException;
import java.util.Map;
import java.util.Optional;

public class JiraLogin {

private final static String USER_AGENT = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36";
private final static String JIRA_REST_LOGIN = "https://youdomain.com/rest/auth/1/session";

private final static String HOME_URL = "https://youdomain.com/";
private final static String USERNAME = "your_username";
private final static String PASSWORD = "your_password";

public static void main(String[] args) throws IOException {
    JiraLogin app = new JiraLogin();
    app.doLogin();
}

public void doLogin() throws IOException {
    // (1)
    Response postResult = doLoginPost();
    System.out.println("POST credentials result: " + postResult.body());
    // (2)
    Map<String, String> cookies = postResult.cookies();

    Document loggedDocument = Jsoup.connect(HOME_URL)
            .cookies(cookies)    // (3)
            .method(Method.GET)
            .userAgent(USER_AGENT)
            .validateTLSCertificates(false)
            .get();

    System.out.println("FullName: " + getFullName(loggedDocument));
}

private Response doLoginPost() throws IOException {
    return Jsoup.connect(JIRA_REST_LOGIN)
            .validateTLSCertificates(false)
            .method(Method.POST)
            // if use regular USER_AGENT gets a 403 error
            // http://stackoverflow.com/questions/10120849/jsoup-connect-throws-403-error-while-apache-httpclient-is-able-to-fetch-the-cont
            .userAgent("Mozilla")
            .ignoreContentType(true)
            .requestBody("{ \"username\": \"" + USERNAME +"\", \"password\": \"" + PASSWORD +"\" }")
            .header("Content-Type", "application/json")
            .execute();
}

private String getFullName(Document document) {
    Optional<Element> fullNameOpt = document.getElementsByTag("meta")
            .stream()
            .filter(e -> e.hasAttr("name") && "ajs-remote-user-fullname".equals(e.attr("name"))).findFirst();

    return fullNameOpt.isPresent() ? fullNameOpt.get().attr("content") : "Not found";
}

}