Java Reference
In-Depth Information
Using the
HttpsURLConnection
class directly gives you some additional infor-
mation about the connection that would not be available with
HttpURLConnection
.
For example, you can determine the cipher suite used by the server. In addition, you can
get a list of all certificates used by the web server. Usually this information is unimportant
to a bot. However, if you find that you need access to this data, you have the ability to use an
HttpsURLConnection
object.
Understanding HTTP Authentication
As you saw earlier in this chapter, HTTPS allows you to determine that the web server
you are connecting to, is who it claims to be. HTTP authentication provides the other side
of this verification. HTTP authentication allows the server to determine that the web user is
who they say that they are.
HTTP authentication is not tied to HTTPS. It can be used with either HTTP or HTTPS.
To access a page protected by HTTP authentication, a web user must enter both a user id and
password. If a user id and password are not provided, or if it is incorrect, the user will receive
an HTTP error.
Most websites do not use HTTP authentication; instead, many websites use their own
authentication. This works by displaying a form to the user and prompting for identifying
information, usually an id and password.
HTTP Authentication in Action
You have probably seen sites that make use of HTTP authentication. Sites that use HTTP
authentication popup a window that prompts you for a user id and password. HTTP authenti-
cation always pops up a second window. If you are being prompted for a user id and password
on the actual webpage, then the site is doing its own authentication. To see HTTP authentica-
tion in action, visit the following URL:
https://www.httprecipes.com/1/5/auth.php
This URL will display the page show in Figure 5.3.
