Password authentication using Groovy

This week I was at a client site that was about as locked down as any I’ve seen. Personally I find that incredibly short-sighted on the part of the company, but it’s always easier to say no, I suppose.

While it was annoying enough to set up a browser to surf the web, that’s not sufficient to access remote sites programmatically. For example, the client does a daily download of exchange rate data from a central site, which they process and store in a local db. I wanted to demonstrate that using Groovy.

Normally, to use a proxy I set the host and port on the command line. I’ve done that in Java (and Groovy) many times:

groovy -DproxyHost=10.x.x.x -DproxyPort=8080 myscript.groovy

Most of the time, that’s all you need. In this particular case, however, I also needed to submit a username and a password for authentication on the proxy server.

There are several sites that show you how to do that in Java. Here’s one of them, and it shows that you need to extend the class and override the getPasswordAuthentication method. Here’s an example in Java:
[sourcecode language=”java”]

public class MyAuthenticator extends Authenticator {
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication("username","password".toCharArray());
Then, in your program, set the new authenticator as the default.
[sourcecode language=”java”]
Authenticator.setDefault(new MyAuthenticator());
and you’re good to go.

Of course, I couldn’t leave it at that. I was teaching a Groovy class anyway, so I wanted to make the solution groovier. Here’s what I ultimately used:
[sourcecode language=”groovy”]
Authenticator.default = {
new PasswordAuthentication(‘username’,’password’ as char[])
} as Authenticator
I switched from using the setDefault method to setting a property, and coerced a closure with the required method into the proper class. Since the authentication mechanism only calls the getPasswordAuthentication method, I can use the single closure as the implementation. Normally I use closure coercion for interfaces, and then generally if they only have a single method, but it was too easy in this case to ignore.

Besides, showing the simplicity of the Groovy solution made the demo a teachable moment, which at least tried to make some lemonade out of the paranoid security lemons. My favorite part was how I hard-wired both the username and password directly into the script, in clear text no less. I could have found a way around that, but I was on a guest account anyway and it felt nicely subversive to do so.

By Ken Kousen

I am a Java Champion and the author of the books "Kotlin Cookbook", (O'Reilly Media), "Modern Java Recipes" (O'Reilly Media), "Gradle Recipes for Android" (O'Reilly Media), and "Making Java Groovy" (Manning), as well as over a dozen video courses at Safari Books Online. I'm a regular member of the No Fluff, Just Stuff conference tour and have given talks all over the world. Through my company, Kousen IT, Inc, I've taught training courses to and worked with thousands of developers.

2 replies on “Password authentication using Groovy”

Ken, Found this page looking for something else…but wondering how you would recommend storing credentials for use in our groovy scripting.

i.e., our Groovy scripts connect to databases/ldaps/etc., and putting the credentials in the scripts is not ideal.

I thought of simply compiling a simple class with creds in it, and including in my scripts…but how would/do you do this?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.