Plankton has asked for the wisdom of the Perl Monks concerning the following question:

Friends,

I have a J2EE web app that I need to write a LWP script for. This web app has a web page where your enter username and password. I can't seem to figure out the correct way to have my LWP scripts send the username and password.

Here's a snippet that demostrates what I am doing ... 
#!/usr/local/bin/perl -w
use strict;
use LWP::UserAgent;
use LWP::Simple;  
use HTTP::Cookies;
use HTTP::Request::Common;
use HTTP::Headers;       

.
.
.

sub do_LWPsetup {
        my $ref2browser = shift;

    $HTTP::Request::Common::DYNAMIC_FILE_UPLOAD = 1;

    #create an LWP browser object
    $$ref2browser = LWP::UserAgent->new();

    #allow POST redirects
    push @{$$ref2browser->requests_redirectable}, 'POST';

    #enable cookie support (dont know if this is really neccesary
    $$ref2browser->cookie_jar(new HTTP::Cookies );

    return 1;
}

sub do_logon {
    my $userid      = shift;
    my $password    = shift;
    my $url         = shift;
    my $browser     = shift;
    my $loginurl    = "$url/logon.jsp";

    my $resp  = $browser->post($loginurl,
            [                
            'j_username' => $userid,
            'j_password' => $password,
            'submit' => 'Submit'      
    ]);                  

    print "do_logon " . __FILE__ . "[" . __LINE__ ."] resp =[" . Dumpe
+r($resp) . "]\n";
    if (do_errorcheck($resp,'Logon')) { print $resp->{'_msg'} . "\n"; 
+return 0; }
    if ($debug_level > 0) { print "\nLogon Success: $userid"; }
    return 1;
}

.
.
.

getUserPassword( \$user, \$password );

my $browser;


my $rc = do_LWPsetup( \$browser );
if ($rc==0) {
        print "Failure: do_LWPStuff failed\n";
    exit 1;
}      
       
if (!do_logon( $user, $password, $url, $browser )) {
        print "Failure: do_logon failed\n";
        exit 2;
} else {
        print "Where in!\n";
}

[download]
Here's what happens when I run it ... 
Enter user: TEST001
Enter password: *******
do_logon BEGIN myscript.pl[269]
do_logon resp myscript.pl[283] resp =[$VAR1 = bless( {
                 '_protocol' => 'HTTP/1.1',
                 '_content' => '
<html>
<head>
<title>
  xyz Secure HTTP File Uploader Logon 
</title>
</head>
<center>
<br><br><form action="j_security_check" method=post>
<table>
<tr>
   <td align="center" >
   <table border="0">
   <tr>
   <td><b>Enter your name: </b></td>
   <td>
      <input type="text" size="15" name="j_username"> 
   </td>
   </tr>
   <tr>
   <td><b>Enter your password: </b></td>
   <td> 
      <input type="password" size="15" name="j_password">
   </td>
   </tr>
   <tr>
   <td></td>
   <td align="right"> 
   <input type="submit" value="Submit">
   </td>
   </tr>
   <tr>
   <td><br></td>
   </tr>
</table>
</td>
</tr>
</table>
</form>
</center>
</html>
',
                 '_rc' => '200',
                 '_headers' => bless( {
                                        'connection' => 'close',
                                        'x-powered-by' => [
                                                            'Servlet/2
+.4',
                                                            'JSP/2.0'
                                                          ],
                                        'client-response-num' => 1,
                                        'set-cookie' => 'JSESSIONID=27
+CCB71220635A381F38052A601A5C33; Path=/xyzSecureUpLoad_III; Secure',
                                        'date' => 'Mon, 01 Mar 2004 17
+:43:47 GMT',
                                        'client-ssl-cert-issuer' => '/
+C=US/ST=California/L=Santa Clara/O=Sun Microsystems/OU=SunONE/CN=S1AS
+',
                                        'client-ssl-cipher' => 'EDH-RS
+A-DES-CBC3-SHA',
                                        'client-peer' => 'localhost:10
+43',
                                        'content-length' => '661',
                                        'client-date' => 'Mon, 01 Mar 
+2004 17:43:47 GMT',
                                        'content-type' => 'text/html;c
+harset=ISO-8859-1',
                                        'client-ssl-warning' => 'Peer 
+certificate not verified',
                                        'client-ssl-cert-subject' => '
+/C=US/ST=California/L=Santa Clara/O=Sun Microsystems/OU=SunONE/CN=S1A
+S',
                                        'server' => 'Sun-Java-System/A
+pplication-Server-PE-8.0',
                                        'title' => 'xyz Secure HTTP Fi
+le Uploader (ASHFU) Logon'
                                      }, 'HTTP::Headers' ),
                 '_msg' => 'OK',
                 '_request' => bless( {
                                        '_content' => 'j_username=TEST
+001&j_password=TEST001&submit=Submit',
                                        '_uri' => bless( do{\(my $o = 
+'https://localhost:1043/xyzSecureUpLoad_III/logon.jsp')}, 'URI::https
+' ),
                                        '_headers' => bless( {
                                                               'user-a
+gent' => 'libwww-perl/5.69',
                                                               'conten
+t-type' => 'application/x-www-form-urlencoded',
                                                               'conten
+t-length' => 51
                                                             }, 'HTTP:
+:Headers' ),
                                        '_method' => 'POST'
                                      }, 'HTTP::Request' )
               }, 'HTTP::Response' );
]
do_logon END myscript.pl[289]

[download]

I gave the correct user and password but all I get is logon.jsp again! I have entered incorrect user and passwords and still all I get is logon.jsp!?!?!?

I have tried changing the line ... 
    my $loginurl    = "$url/logon.jsp";

[download]
... to ... 
    my $loginurl    = "$url/j_security_check";

[download]
But when I do that I get this HTML ... 
HTTP Status 400 - Invalid direct reference to form login page

type Status report

message Invalid direct reference to form login page

description The request sent by the client was syntactically incorrect
+ (Invalid direct reference to form login page).

J2EETM 1.4 Application Server

[download]
Anyone know what that is all about?

What am I doing wrong?

Plankton: 1% Evil, 99% Hot Gas.

20040301 Edit by Corion: Changed PRE tag around server response to CODE to remove the page-widening

20040301 Edit by jdporter: added <readmore> tags

Replies are listed 'Best First'.
Re: LWP and j_security_check form-based login?
by Abigail-II (Bishop) on Mar 01, 2004 at 19:17 UTC
    Well, that's an error from "the other side". There's no way of determining what it means from just the message except by guessing. My guess is that it doesn't like what you send it. Either it doesn't like the HTTP headers, or it doesn't like the content you send it. If I had to guess, my guess is that the other side doesn't like the absence of a particular Referer header. Or it might not like the cookie.

    Abigail

[reply]
Re: LWP and j_security_check form-based login?
by webengr (Pilgrim) on Mar 01, 2004 at 22:25 UTC
    Guess #1: the J2EE app is trying to set a session cookie on the client, and the perl script is throwing it away.

    Guess #2: the J2EE app knows that it session cookies are disabled on the client side, and is setting its session value using url encoding, and the perl script is somehow stripping it out.


    PCS
[reply]
Re: LWP and j_security_check form-based login?
by inman (Curate) on Mar 02, 2004 at 13:11 UTC
    Try adding a line that sets the content-type. 
    $req->content_type('application/x-www-form-urlencoded');

    [download]
[reply]
[d/l]
Re: LWP and j_security_check form-based login?
by Plankton (Vicar) on Mar 01, 2004 at 23:20 UTC
    I don't understand why ... but I switched to WWW::Mechanize and everthing seems to work so far? I wish I understood why my LWP script sucked and my WWW:Mechanize script worked!

    Plankton: 1% Evil, 99% Hot Gas.
[reply]

Back to Seekers of Perl Wisdom