HTTP Basic Authentication issue on Android Jelly Bean 4.1 using HttpURLConnection

问题

We are making HttpURLConnection based request to the Web server using HTTP Basic Authentication. Code works great on Android versions 2.x, 3.x., 4.0.x Now with Jelly Bean and v4.1.x authentication fails with the following messages in the LogCat:

01-27 10:54:18.886: ...::doReadRawData(731): An exception occured while reading data from remote host. httpURLConn.responseCode = 401 / httpURLConn.responseMessage = UNAUTHORIZED
01-27 10:54:18.886: ...::doReadRawData(731): java.io.IOException: No authentication challenges found

The Authentication code we using for HttpURLConnection as in the Android documentation:

private void doAuthorize() {
        Authenticator.setDefault(new Authenticator() {
            protected PasswordAuthentication getPasswordAuthentication() {
                return new PasswordAuthentication(USER, PASSWORD.toCharArray());
            }
        });
    }

Upon further investigation and troubleshooting we found out that this code is not being called in 4.1 Jelly Bean!

What are the workarounds or proper ways for basic authentication in Android Jelly Bean 4.1?

Someone found different in the Android source code in this related topic, I think issue we having is related to that difference: HttpURLConnection worked fine in Android 2.x but NOT in 4.1: No authentication challenges found

回答1:

We were able to solve Jelly Bean not calling getPasswordAuthentication() of the Authenticator via the following new method:

@TargetApi(Build.VERSION_CODES.FROYO) 
private void setJellyBeanAuth(HttpURLConnection httpConn) {
    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN) {
        byte[] auth = (USER + ":" + PASSWORD).getBytes();
        String basic = Base64.encodeToString(auth, Base64.NO_WRAP);
        httpConn.setRequestProperty("Authorization", "Basic " + basic);
    }
}

Then just call this function after opening the connection:

httpURLConn = (HttpURLConnection) url.openConnection();
setJellyBeanAuth(httpURLConn);

The @TargetApi for Froyo annotation is only necessary since we are still supporting API 7 while Base64 was added in API 8

回答2:

For a 401 UNAUTHORIZED response with Android's httpURLConnection your server must send back a authenticate header like this...
WWW-Authenticate: Bogus realm="blahblah", comment="use form to log in"
as per
http://tools.ietf.org/html/rfc2616 search "10.4.2 401 Unauthorized"

来源：https://stackoverflow.com/questions/14550131/http-basic-authentication-issue-on-android-jelly-bean-4-1-using-httpurlconnectio