rspec/rules/S2647/java/how-to-fix-it/java-se.adoc

== How to fix it in Java SE

=== Code examples
The following code uses basic authentication to send out an HTTP request to a protected endpoint.

==== Noncompliant code example

[source,java,diff-id=101,diff-type=noncompliant]
----
String encoded = Base64.getEncoder().encodeToString("login:passwd".getBytes());
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("POST");
conn.setDoOutput(true);
conn.setRequestProperty("Authorization", "Basic " + encoded); // Noncompliant
----

==== Compliant solution

[source,java,diff-id=101,diff-type=compliant]
----
// An access token should be retrieved before the HTTP request
String accessToken = System.getenv("ACCESS_TOKEN");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("POST");
conn.setDoOutput(true);
conn.setRequestProperty("Authorization", "Bearer " + accessToken);
----

=== How does this work?

include::../../common/fix/token-auth.adoc[]

include::../../common/fix/ssl.adoc[]