Automate login to a Website - Java

Question

I am trying to automate login to various websites using Java and forms.

I have followed the tutorial found here https://www.mkyong.com/java/how-to-automate-login-a-website-java-example/ and am able to use the Java HTTPClient to get, post and then re-get (to verify that the user was logged in) with no problems. I am viewing the HTML output from these requests and they show the user's content as if authenticated.

The problem is after I get the authentication done and attempt to redirect the user's browser to the authenticated URL they will be prompted for all their credentials again - I can see the cookies from the first request still in the browser however; they seem to be ignored. I'm trying to do this in a Liferay portlet in an ActionResponse .

Answer 1

First of all you need to understand what usually happens during authentication: The server sets a session cookie in your client. When you login, you authenticate exactly that session - identified by the cookie.

If you login with your servers HTTPClient library, the session cookie is stored in your server. When you redirect the clients browser to the foreign site, the browser doesn't have that cookie - and is getting a different (not authorized) session.

The question is: How do you send the cookie from the server to the client?

The answer is: You can't. If you could set a cookie for a different site, you would create a bunch of security problems.

Nevertheless some sites offer a server to server to client authentication .

The idea is: Your server authenticates using the credentials and the foreign server generates a one time URL (or some parameters where you can build the URL from) and you redirect the client to that URL. Because the foreign server can associate that URL with your previous authentication, he will authenticate the client. But the detailed implementation depends on the foreign site.