HttpURLConnection - Authorization header always is null-CodePudding

I'm trying to authenticate to the api here in java spring mvc.

it's just that I'm having problems with my connection, especially when I set setRequestProperty("Authorization", "***"); always returns 401 error what could i have wrong??

 try {
            URL url = new URL("https://account.api.here.com/oauth2/token");
            conn = (HttpURLConnection) url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Authorization", "OAuth oauth_consumer_key=\"*******************\",oauth_signature_method=\"HMAC-SHA256\",oauth_timestamp=\"1633463792\",oauth_nonce=\"******\",oauth_version=\"1.0\",oauth_signature=\"**************\"");

            //   conn.setRequestProperty("Authorization", "OAuth");
         //   conn.setRequestProperty("oauth_consumer_key", "*******************");
         //   conn.setRequestProperty("oauth_nonce", "********");
         //   conn.setRequestProperty("oauth_signature", "*******");
         //   conn.setRequestProperty("oauth_signature_method", "HMAC-SHA256");
         //   conn.setRequestProperty("oauth_timestamp", "1633463792");
         //   conn.setRequestProperty("oauth_version", "1.0");


            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setDoOutput(true);
            OutputStream os = conn.getOutputStream();
            os.write(POST_PARAMS.getBytes());
            os.flush();
            os.close();

            int responseCode = conn.getResponseCode();
            return conn.getRequestMethod()  os   "\n" responseCode   "\nContent-type:"  conn.getRequestProperty("Content-Type")   "\nAuthorization: "  conn.getRequestProperty("Authorization");
          }catch (Exception e){
            e.printStackTrace();
        }

On my return by postman when I call, it appears like this Why always null?

POSTgrant_type=client_credentials 401 Content-type:application/x-www-form-urlencoded Authorization: null

CodePudding user response：

I can't say why the authentication with the Here API isn't working, but I can explain why you get null for the Authorization in your output.

The reason is that the implementation of the HttpURLConnection class in the JDK explicitly refuses to return values of security-sensitive headers.

If you take a look at the getRequestProperty() method (at the time of writing this is around line 3367 in sun.net.www.protocol.http.HttpURLConnection), then you'll see that the method checks whether the header given is one of a number of security-sensitive headers, and if so, returns null regardless of whether a value has been set for this header. Authorization is indeed one of the headers deemed to be security-sensitive.

If you want to prove that the value of the Authorization header has been set, you can try something like the following:

java.lang.reflect.Field requestsField = conn.getClass().getDeclaredField("requests");
requestsField.setAccessible(true);
System.out.println(requestsField.get(conn));

For me, this printed something like sun.net.www.MessageHeader@52a863563 pairs: {Authorization=...}..., showing that the Authorization header had indeed been set. Note however that this code is nasty reflective hackery, and although it worked for me with JDK 11 I offer no guarantee that it will work with other versions of Java.

In conclusion, I believe you are setting the authorization header. It's likely you're setting it to an incorrect value, but I'm afraid I can't help you set it to a working value as I have no access to the Here API and have never worked with it myself. I would suggest seeking support from Here.