Logging into the Compndium in Java code

B

Blakey

First Post
Can any of you java experts help me? I've built a single class/app that shows my problem connecting to the Compendium API. When I try and connect it always takes me back to the login form without the two sesison cookies I'm expecting to have enabled.
Code: 
package info.rodinia.tokenmaker;
import java.io.*;
import java.net.*;
import java.util.*;
public class Login {
    public static void main(String[] args) {
 try {
     // Set up Cookie Manager
     CookieManager cookieManager = new CookieManager();
     cookieManager.setCookiePolicy(CookiePolicy.ACCEPT_ALL);
     CookieHandler.setDefault(cookieManager);
     CookieStore cookieJar = cookieManager.getCookieStore();
     // Get the cookie from favicon.ico
     URL url = new URL("[URL]http://www.wizards.com/favicon.ico[/URL]");
     URLConnection conn = url.openConnection();
     Object obj = conn.getContent();
     // Connect to login.aspx
     url = new URL(
      "[URL]http://www.wizards.com/dndinsider/compendium/login.aspx[/URL]");
     conn = url.openConnection();
     // set up connection params
     conn.setDoOutput(true);
     conn.setUseCaches(false);
     conn.setRequestProperty("Content-Type",
      "application/x-www-form-urlencoded");
     // set up the data we need to post to the login.aspx page
     String email = "[EMAIL="myemail@hotmail.com"]myemail@hotmail.com[/EMAIL]";
     String password = "myPassword";
     String postData = "email="
      + email
      + "&password="
      + password
      + "&__VIEWSTATE=/wEPDwUKLTMxMzExNzE1NGRk5yeNnWQGSxW08LBMM/goQ8zo5Es=&__EVENTVALIDATION=/wEWBAL25N6oDwKyzcaDDQLyveCRDwK4+vrXBUx4g9s9PCt9gK77St3QWFU1ZunN&InsiderSignin=Sign In";
     String encodedData = URLEncoder.encode(postData, "UTF-16");
     // Send POST output.
     BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(
      conn.getOutputStream()));
     writer.write(encodedData);
     writer.flush();
     writer.close();
     // Get final page.
     BufferedReader reader = new BufferedReader(new InputStreamReader(
      conn.getInputStream()));
     String inputLine;
     String content = null;
     while ((inputLine = reader.readLine()) != null) {
  content += inputLine + "\n";
     }
     reader.close();
     System.out.println("Final Source: " + content);
     // print our cookies
     List<HttpCookie> cookies = cookieJar.getCookies();
     for (HttpCookie cookie : cookies) {
  System.out.println("Cookie: " + cookie);
     }
 } catch (Exception e) {
     System.err.println("Error Logging In: " + e);
 }
    }
}
This is what the output of running the code looks like:
Code: 
Final Source: null
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[URL]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd[/URL]">
<html xmlns="[URL="http://www.w3.org/1999/xhtml"]XHTML namespace[/URL]" >
<head><link type="text/css" href="styles/login.css" media="all" rel="stylesheet" /><title>
</title></head>
<body>
    <form name="form1" method="post" action="login.aspx" id="form1">
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTMxMzExNzE1NGRk5yeNnWQGSxW08LBMM/goQ8zo5Es=" />
<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWBAL25N6oDwKyzcaDDQLyveCRDwK4+vrXBUx4g9s9PCt9gK77St3QWFU1ZunN" />
      <div id="content">
          <h1>Save Time with Every Search—Subscribe Now</h1>
          <p>
              Gain full access to the complete rules text for every race, class, paragon path, 
              epic destiny, skill, feat, power, item, and ritual—from every D&D rulebook 
              and online magazine article. The D&DI Compendium offers you the fastest way 
              to find what you're looking for—and to discover even more.
          </p>
          <p>
              <a target="_blank" href="[URL="http://www.wizards.com/default.asp?x=dnd/insider/subscription"]Dungeons & Dragons Roleplaying Game Official Home Page - Subscription[/URL]" title="Click to visit the 'Subscription' page.">
                  <b>D&D Insider—Subscribe Now!</b>
              </a>
          </p>
          <h1>Already a Subscriber?</h1>
          <p/>
    <div id="loginForm">
 
     <div>
      <fieldset>
       <ol>
        <li>
         Email:  <input name="email" type="text" id="email" />
        </li>
        <li>
         Password:  <input name="password" type="password" id="password" />
        </li>
       </ol>
      </fieldset>
      <p>
       <a href="[URL]https://accounts.gleemax.com/UserRegistration/DobForm.aspx[/URL]" title="Join Insider" target="_blank">Join Insider</a> - 
       <a href="[URL]https://accounts.gleemax.com/UserRegistration/PasswordRecoveryForm.aspx[/URL]" title="Forgot Password?" target="_blank">Forgot Password?</a>
      </p>
      <p>
       <input type="submit" name="InsiderSignin" value="Sign In" id="InsiderSignin" />
      </p>
     </div>
 
</div>
 
      </div>
    </form>
</body>
</html>
Cookie: BIGipServerWWWPool1=3809478922.20480.0000
Cookie: BIGipServerWWWCOMPPool1=722471178.20480.0000
As you can see, after connecting to login.aspx at the end of the program we have only 2 cookies. I should have 4 now - on a successful connection/login I should get an 'ASP.NET_SessionId' and a 'iPlanetDirectoryPro' cookie. I'm not getting either one.
Can anyone spot what I'm doing wrong?
Cheers
Blakey
 

log in or register to remove this ad

Comparing to my C# code that succeeds to login, I see that you are not posting the __EVENTVALIDATION field. Try adding that to your post data.
 
Last edited:

Looking at my perl based compendium access module I don't see any state information attached to any of my URLs at all. I just access http://www.wizards.com/dndinsider/compendium/race.aspx&id=1 for instance. If I'm not authed I get back the logon page instead of what I asked for (which I detect via a regex that looks for the string "Save Time with Every Search" and if its present then I send a second request with email and password (there may be some other fields, look at your response and see what other fields the form sends back). It looks like that's where the EVENTVALIDATION etc comes into it. I'd guess the values you need to pass back for those fields are going to be unique to each request and need to be parsed out of the login page each time.

As far as cookies go I never investigated that much, I just set up a CookieJar and attach it to my HTTP session and it all seems to work fine.

I don't recall off the top of my head exactly what they are, but there are Java libraries that can parse an HTML page and get all the form field values out of it so you can construct a valid response to the form. Its also possible that other headers are checked, like Referer (sic) in particular. The Java HTTP library is frankly rather obtuse as well. Without really going over it with a fine toothed comb I don't see any obvious errors but it can be a real pain in the butt to get it to work exactly right. Your best friend is going to be something like Wireshark that can sniff exactly what you sent and compare it with an access that works properly using a browser and see where they differ. There will be some trivial differences but I'm guessing something in there will show up as obviously not quite right.
 

Remove ads

Top