Authorization on the server via POST HTTP request from Android

Writes an Android application for the WildFly server. From the server side, the login using the login and password to the site from the authorization page looks like this:

@WebServlet(name = "LoginServlet", urlPatterns = "/login.do") public class LoginServlet extends HttpServlet{ SecurityManager sm = new SecurityManager(); @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) { String email = request.getParameter("email").toLowerCase(); String pass = request.getParameter("pass"); if (sm.checkUser(email, pass)){ request.getSession().setAttribute("user", email); response.sendRedirect(request.getContextPath() + "/testpage"); } else { response.sendRedirect(request.getContextPath()); } } } 

There is also a WebFilter that does not /testpage user to /testpage if the session does not have the user attribute. This is achieved by the following method in the LogiFilter class:

 public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws ServletException, IOException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; HttpSession session = request.getSession(false); boolean loggedIn = session != null && session.getAttribute("user") != null; if (loggedIn) { chain.doFilter(request, response); } else { response.sendRedirect(request.getContextPath()); } } 

When trying to authorize through a browser, the server adequately performs according to the pair log | pass. Depending on the user attribute issued on the child page /testpage , the information corresponding to the authorized user is displayed.

However, when attempting to authorize from an Android application, despite sending by the POST method, the correct log pair (not correct) including log | The user pass attribute is not fixed, which is why the redirect from the /testpage page to the authorization page /testpage . POST request implementation code:

 private class PostTask extends AsyncTask<String, String, String> { @Override protected String doInBackground(String... data) { final String USER_AGENT = "Mozilla/5.0"; try { StringBuilder tokenUri = new StringBuilder("email="); tokenUri.append(URLEncoder.encode("email", "UTF-8")); tokenUri.append("&pass="); tokenUri.append(URLEncoder.encode("password", "UTF-8")); String url = "http://xxx.xxx.xxx.xxx:xxxxx/sendmsg/login.do"; URL obj = new URL(url); //HttpURLConnection.setFollowRedirects(false); HttpURLConnection con = (HttpURLConnection) obj.openConnection(); con.setRequestMethod("POST"); con.setRequestProperty("User-Agent", USER_AGENT); con.setRequestProperty("Accept-Language", "UTF-8"); //con.setInstanceFollowRedirects(false); con.setDoOutput(true); OutputStreamWriter outputStreamWriter = new OutputStreamWriter(con.getOutputStream()); outputStreamWriter.write(tokenUri.toString()); outputStreamWriter.flush(); int responseCode = con.getResponseCode(); System.out.println("\nSending 'POST' request to URL : " + url); System.out.println("Post parameters : " + tokenUri); System.out.println("Response Code : " + responseCode); System.out.println("Response Body : " + con.getResponseMessage()); BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream())); String inputLine; StringBuffer response = new StringBuffer(); while ((inputLine = in.readLine()) != null) { response.append(inputLine); }; in.close(); System.out.println(response.toString()); }catch (Exception e){e.printStackTrace();} return null; } @Override protected void onPostExecute(String s) { //new GetTask().execute(); super.onPostExecute(s); } } 

When using the HttpURLConnection.setFollowRedirects(false); the redirect is not performed, and the response code becomes equal to 307 (Temporary Redirect). When you try to get a GET request /testpage , the response code 302 (Found) comes. When you turn on the redirect in any case, the login page comes.

It is possible that manual assignment of session attributes or the use of cookies is required.