You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by cc75005++ <ce...@gmail.com> on 2016/02/20 23:24:02 UTC
JAX-RS CookieHeaderProvider with httpOnly cookie doesn't work
Hello,
With Tomee 7.00-M1 (cxf 3.1.3) , If I send a request with an httponly cookie
on my rest service, I receive an IllegalArgumentException("Cookie is
malformed : " + c) when I call requestContext.getCookies().
Please find my container request filter implementation :
The CXF-6451 <https://issues.apache.org/jira/browse/CXF-6451> fix the bug
on the NewCookieHeaderProvider.java on 3.1.2 version but not for
CookieHeaderProvider class.
Any help would be much appreciated to find a clean workaround.
Regards
--
View this message in context: http://cxf.547215.n5.nabble.com/JAX-RS-CookieHeaderProvider-with-httpOnly-cookie-doesn-t-work-tp5766083.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: JAX-RS CookieHeaderProvider with httpOnly cookie doesn't work
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi
Yes, you send a NewCookie but attempt to read it later on as Cookie.
You should use NewCookie.valueOf(newCookieValue) to recreate it.
Can you please use one of Cookie constructors to convert NewCookie to
Cookie ?
Or simply take the relevant value from this new cookie and send the name
and value only which is what is expected really by the Cookie receiver.
Sergey
On 24/02/16 17:58, cc75005++ wrote:
> Sorry, now I understand your question.. please find,I think, the bad code
> that I use to create a new webclient to make the request :
>
>
>
>
> Thanks for your time
>
>
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/JAX-RS-CookieHeaderProvider-with-httpOnly-cookie-doesn-t-work-tp5766083p5766290.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Re: JAX-RS CookieHeaderProvider with httpOnly cookie doesn't work
Posted by cc75005++ <ce...@gmail.com>.
Sorry, now I understand your question.. please find,I think, the bad code
that I use to create a new webclient to make the request :
Thanks for your time
--
View this message in context: http://cxf.547215.n5.nabble.com/JAX-RS-CookieHeaderProvider-with-httpOnly-cookie-doesn-t-work-tp5766083p5766290.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: JAX-RS CookieHeaderProvider with httpOnly cookie doesn't work
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi
I'm sorry I still do not understand.
Cookie header (as opposed to Set-Cookie) is not supposed to include
HttpOnly, this is why I'm curious, how does this Cookie header ends up
with HttpOnly ?
Thanks, Sergey
On 23/02/16 20:46, cc75005++ wrote:
> Hi Sergey,
>
> Thank you for your response.
>
> In fact the httpOnly flag is done by my authentification rest service that
> use NewCookie object.
>
> So the question should be "how can I have access to a NewCookie object in my
> ContainerRequestFilter ?
> or maybe I've to use another class to filter my request ?
>
> regards
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/JAX-RS-CookieHeaderProvider-with-httpOnly-cookie-doesn-t-work-tp5766083p5766231.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
Re: JAX-RS CookieHeaderProvider with httpOnly cookie doesn't work
Posted by cc75005++ <ce...@gmail.com>.
Hi Sergey,
Thank you for your response.
In fact the httpOnly flag is done by my authentification rest service that
use NewCookie object.
So the question should be "how can I have access to a NewCookie object in my
ContainerRequestFilter ?
or maybe I've to use another class to filter my request ?
regards
--
View this message in context: http://cxf.547215.n5.nabble.com/JAX-RS-CookieHeaderProvider-with-httpOnly-cookie-doesn-t-work-tp5766083p5766231.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: JAX-RS CookieHeaderProvider with httpOnly cookie doesn't work
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi
Can Cookie contain an attribute such as HttpOnly ? I'm not sure.
NewCookie has an isHttpOnly method - but not Cookie.
How is Set-Cookie processed on the client side ? By a browser or somehow
else ? I'm curious how HttpOnly is added to Cookie.
I guess if you have a Cookie with unsupported properties then the clean
workaround is to access Cookie header directly,
with
requestContext.getHeaders().getFirst("Cookie");
and then do a manual parsing
Thanks, Sergey
On 20/02/16 22:24, cc75005++ wrote:
> Hello,
>
> With Tomee 7.00-M1 (cxf 3.1.3) , If I send a request with an httponly cookie
> on my rest service, I receive an IllegalArgumentException("Cookie is
> malformed : " + c) when I call requestContext.getCookies().
>
> Please find my container request filter implementation :
>
>
>
> The CXF-6451 <https://issues.apache.org/jira/browse/CXF-6451> fix the bug
> on the NewCookieHeaderProvider.java on 3.1.2 version but not for
> CookieHeaderProvider class.
>
> Any help would be much appreciated to find a clean workaround.
>
> Regards
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/JAX-RS-CookieHeaderProvider-with-httpOnly-cookie-doesn-t-work-tp5766083.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/