in reply to LWP Authorization Problem

(from comp.lang.perl.modules)

As usual, there's more than one way to do it.

1. Use the credentials method of the LWP::UserAgent object:

$ua->credentials($netloc, $realm, $uname, $pass)

Eg: Say your URL is and when you try this with your browser, it pops up a box saying 'Enter username and password for XYZ'.

$netloc in this example is '' and $realm in this case is 'XYZ'.

2. Call the authorization_basic method of your HTTP::Request object before passing it to the LWP::UserAgent's request method:

$request->authorization_basic($uname, $pass);

If you use method 1, the LWP::UserAgent will send one request which the server will reject with a 401 error. One of the headers in the 401 response will be the realm. The LWP::UserAgent will then look up it's internal table (populated by your calls to credentials) to find a matching netloc and realm. If this lookup returns a username and password, the LWP::UserAgent will resend the request with a basic authorization header.

The second method allows you to set the username and password before making the initial request - assuming you supply the right credentials there will be no 401 error. There is no need to specify netloc and realm, as they are only used by the LWP::UserAgent's lookup routine.

'perldoc LWP::UserAgent' will tell you more about 1

'perldoc HTTP::Message' will tell you more about 2 (HTTP::Request is derived from HTTP::Message).


Replies are listed 'Best First'.
Re: Re: LWP Authorization Problem
by gr0f (Acolyte) on Jul 24, 2001 at 22:42 UTC
    Unfortunately it doesn't pop up a box, the fields are just embeded in the HTML like logging into hotmail for example. I've set up domain passwords on Apache before but is this the same type of authorization problem, or something different? As I first mentioned, the password and login can be provided if they are included in the URL like variables using the GET method.

    Here's the login page so you can see what I mean:

    And thanks for the first timely reply, I didn't think I'd get something so fast...


      Are you handling any cookies it throws back at you? It may be using these for Auth?

      Have you used a packet monitor to watch what goes down the wire using a real browser??