I want to send request to j_security_check from servlet and get auth cookie from response. Code:
String url = "http://someserver:8080/j_security_check?j_username=user&j_password=qwerty";
HttpURLConnection connection = (HttpURLConnection) new URL(url).openConnection();
If I put wrong auth parameters then on response I get a default wrong-login page, but if I put right auth parameters I got server code 408. What's wrong?
To get some resource on the tomcat server with j_security_check auth it is necessary to implement three steps:
- Send GET request to the needed private resource, in response you get a cookie (Header "Set cookie".
- Send request with cookie (from step 1) to the j_security_check. On response you should get code 302 - "Moved Temporarily".
- Now you can repeat request to the private resource with same cookie, on responce you get needed resource data.