zootool api authorization

I'm trying to add a page to my zootool page via the api ( http://zootool.com/api/docs/add ) with java. For this i need to use digest authentication.

A php example is given for the authorization of getting pages:

<?php

$username = 'username';
$pas开发者_如何学Csword = 'password';
$api_url  = 'http://zootool.com/api/users/items/?username=' 
                   . $username . '&apikey=###';

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $api_url);

// HTTP Digest Authentication
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
curl_setopt($ch, CURLOPT_USERPWD, strtolower($username) . ':' . sha1($password));

curl_setopt($ch, CURLOPT_USERAGENT, 'My PHP Script');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$result = curl_exec($ch);
curl_close($ch);

$data = json_decode($result, true);

print_r($data);

?>

But how is this done in Java to add pages? After searching I found that apache commons HttpClient might be of use, but I can't seem to wrap my head around it.

I tried:

    String url = "http://zootool.com/api/add/?url=http://www.google.com
                      &title=Google&apikey=###";
    DigestScheme authscheme = new DigestScheme();

    HttpClient httpclient = new DefaultHttpClient();
    HttpGet httpget = new HttpGet(url);
    HttpResponse authResponse = httpclient.execute(httpget);

    Header challenge = authResponse.getHeaders("WWW-Authenticate")[0];

    authscheme.processChallenge(challenge);

    Header solution = authscheme.authenticate(
            new UsernamePasswordCredentials("username", "password"),
            new BasicHttpRequest(HttpPost.METHOD_NAME,
            new URL(url).getPath()));


    HttpResponse goodResponse = httpclient.execute(httpget);

I have tried to sh1-hash the password (as stated in the api-manual), but no luck. It seems that my code can't find any challenges to respond to.

Api-key, username and password are correct.

UPDATE I am now relatively certain that I need to use preemptive digest authorization, but when trying with the workaround given by apache I still get a 401 and a "Authentication error: digest authorization challenge expected, but not found"-warning from java. The code I use is:

HttpHost targetHost = new HttpHost("www.zootool.com", 80, "http");

DefaultHttpClient httpclient = new DefaultHttpClient();
try {
    httpclient.getCredentialsProvider().setCredentials(
                new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT),
                new UsernamePasswordCredentials("username", "sha1-password"));

    // Create AuthCache instance
    AuthCache authCache = new BasicAuthCache();
    // Generate DIGEST scheme object, initialize it and add it to the local
    // auth cache
    DigestScheme digestAuth = new DigestScheme();
    // Suppose we already know the realm name
    digestAuth.overrideParamter("realm", "www.zootool.com");
    // Suppose we already know the expected nonce value
    digestAuth.overrideParamter("nonce", "something");
    authCache.put(targetHost, digestAuth);

    // Add AuthCache to the execution context
    BasicHttpContext localcontext = new BasicHttpContext();
    localcontext.setAttribute(ClientContext.AUTH_CACHE, authCache);


    HttpGet httpget = new HttpGet("/api/add/?url=http://www.google.com&title=Google&apikey=###");

    System.out.println("executing request: " + httpget.getRequestLine());
    System.out.println("to target: " + targetHost);

    for (int i = 0; i < 3; i++) {
        HttpResponse response = httpclient.execute(targetHost, httpget, localcontext);
        HttpEntity entity = response.getEntity();

        System.out.println("----------------------------------------");
        System.out.println(response.getStatusLine());
        if (entity != null) {
            System.out.println("Response content length: " + entity.getContentLength());
            }
        EntityUtils.consume(entity);
    }

} finally {
    // When HttpClient instance is no longer needed,
    // shut down the connection manager to ensure
    // immediate deallocation of all system resources
    httpclient.getConnectionManager().shutdown();
    }
}

Do i have to give meaningful values to the DigestScheme parameters? Am I on the right track even?

/André

---

The preemptive authorization code works! The error was that login=true has to be added to the api url, like this:

HttpGet httpget = new HttpGet("/api/add/?url=http://www.google.com&title=Google&apikey=####&login=true"); 

This information was not available in the api manual.