You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Vinicius Carvalho <ja...@gmail.com> on 2006/06/28 03:32:00 UTC
Help with cookies
Hello there! I'm building a app to get some contents from a remote
site that has authentication (it uses struts, and its just a simple
auth).
Well, here's what I'm doing:
private boolean authenticate(){
String url = "http://acme.com/login.do";
HttpClient client = new HttpClient();
PostMethod post = new PostMethod(url);
NameValuePair[] data = { new
NameValuePair("email","java.vinicius@gmail.com"), new
NameValuePair("password","123456")};
post.setRequestBody(data);
try {
client.executeMethod(post);
this.cookies = client.getState().getCookies();
for(Cookie cookie : cookies){
System.out.println(cookie.toExternalForm());
}
} catch (HttpException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}finally{
post.releaseConnection();
}
return (this.cookies != null && this.cookies.length > 0);
}
Well ok, the JSESSIONID cookie is fetched, no problem at all. So i try
to access a forbiden page:
boolean authenticated = authenticate();
if(authenticated){
HttpState state = new HttpState();
state.addCookies(cookies);
HttpClient client = new HttpClient();
client.setState(state);
client.getParams().setCookiePolicy(CookiePolicy.RFC_2109);
GetMethod method = new GetMethod();
method.setURI(new URI(url,true));
client.executeMethod(method);
String contents =
method.getResponseBodyAsString(); method.releaseConnection();
}
Well, instead of receiving the right page, what I'm getting is a one
of our pages that is shown when a forbidden resource is accessed
without the user having the proper permission.
What am I doing wrong here, isn't the user already authenticathed?
Regards
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: Help with cookies
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Wed, 2006-06-28 at 23:58 -0300, Vinicius Carvalho wrote:
> Hello there! Roland, tried using just one instance, got the same
> problem. Oleg, I'm posting here part of the log (there's too many
> things, so I posting what I'm guessing is important) :
>
Please post a _complete_ log including wire traces
> What I find quite intriguing is the line displaying the redirect. My
> original url was (the protected one I was trying to access):
> http://acme.com:80/members/displayer
>
> The first redirect line shows a url that does not even exists, its
> combining the url from the login the the servlet that needs to be
> accessed.
> Also I've noticied a stale connection, is this normal?
>
This is not normal but should have no affect on the cookie management
Oleg
> Any ideas of what might be happening?
>
> Best regards
>
...
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: Help with cookies
Posted by Roland Weber <RO...@de.ibm.com>.
Hello Vinicius,
> Hello there! Roland, tried using just one instance, got the same
> problem. Oleg, I'm posting here part of the log (there's too many
> things, so I posting what I'm guessing is important) :
This is just a context log. We also need the wire part of the log:
http://jakarta.apache.org/commons/httpclient/logging.html
cheers,
Roland
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: Help with cookies
Posted by Vinicius Carvalho <ja...@gmail.com>.
Hello there! Roland, tried using just one instance, got the same
problem. Oleg, I'm posting here part of the log (there's too many
things, so I posting what I'm guessing is important) :
What I find quite intriguing is the line displaying the redirect. My
original url was (the protected one I was trying to access):
http://acme.com:80/members/displayer
The first redirect line shows a url that does not even exists, its
combining the url from the login the the servlet that needs to be
accessed.
Also I've noticied a stale connection, is this normal?
Any ideas of what might be happening?
Best regards
DEBUG [org.apache.commons.httpclient.HttpConnection] Open connection
to acme.com:80
DEBUG [org.apache.commons.httpclient.HttpMethodBase] enter
HttpMethodBase.processResponseHeaders(HttpState, HttpConnection)
DEBUG [org.apache.commons.httpclient.cookie.CookieSpec] enter
CookieSpecBase.parse(String, port, path, boolean, String)
DEBUG [org.apache.commons.httpclient.cookie.CookieSpec] enter
CookieSpecBase.parse(String, port, path, boolean, Header)
DEBUG [org.apache.commons.httpclient.HeaderElement] enter
HeaderElement.parseElements(char[])
DEBUG [org.apache.commons.httpclient.Cookie] enter Cookie(String,
String, String, String, Date, boolean)
DEBUG [org.apache.commons.httpclient.cookie.CookieSpec] enter
RFC2109Spec.validate(String, int, String, boolean, Cookie)
DEBUG [org.apache.commons.httpclient.cookie.CookieSpec] enter
CookieSpecBase.validate(String, port, path, boolean, Cookie)
DEBUG [org.apache.commons.httpclient.HttpState] enter
HttpState.addCookie(Cookie)
DEBUG [org.apache.commons.httpclient.cookie.CookieSpec] enter
RFC2109Spec.formatCookie(Cookie)
DEBUG [org.apache.commons.httpclient.HttpMethodBase] Cookie accepted:
"$Version=0; JSESSIONID=asFE4ZJF_wab; $Path=/"
DEBUG [org.apache.commons.httpclient.HttpMethodBase] enter
HttpMethodBase.readResponseBody(HttpState, HttpConnection)
DEBUG [org.apache.commons.httpclient.HttpMethodBase] enter
HttpMethodBase.readResponseBody(HttpConnection)
DEBUG [org.apache.commons.httpclient.HttpConnection] enter
HttpConnection.getResponseInputStream()
DEBUG [org.apache.commons.httpclient.HttpMethodBase] enter
HttpMethodBase.canResponseHaveBody(int)
DEBUG [org.apache.commons.httpclient.HttpMethodDirector] Redirect required
INFO [org.apache.commons.httpclient.HttpMethodDirector] Redirect
requested but followRedirects is disabled
DEBUG [org.apache.commons.httpclient.HttpClient] enter
HttpClient.executeMethod(HttpMethod)
DEBUG [org.apache.commons.httpclient.HttpClient] enter
HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
DEBUG [org.apache.commons.httpclient.HttpMethodDirector] Attempt
number 1 to process request
DEBUG [org.apache.commons.httpclient.HttpConnection] Connection is
stale, closing...
DEBUG [org.apache.commons.httpclient.HttpConnection] enter
HttpConnection.close()
DEBUG [org.apache.commons.httpclient.HttpConnection] enter
HttpConnection.closeSockedAndStreams()
DEBUG [org.apache.commons.httpclient.HttpConnection] enter
HttpConnection.open()
DEBUG [org.apache.commons.httpclient.HttpConnection] Open connection
to acme.com:80
DEBUG [org.apache.commons.httpclient.HttpMethodDirector] Redirect required
DEBUG [org.apache.commons.httpclient.HttpMethodDirector] Redirect
requested to location
'https://acme.com/members/registration/showLogin.do?display=127423'
DEBUG [org.apache.commons.httpclient.HttpMethodDirector] Redirecting
from 'http://acme.com:80/members/displayer' to
'https://acme.com/members/registration/showLogin.do
DEBUG [org.apache.commons.httpclient.HttpMethodDirector] Execute
redirect 1 of 100
DEBUG [org.apache.commons.httpclient.HttpMethodBase] Resorting to
protocol version default close connection policy
DEBUG [org.apache.commons.httpclient.HttpMethodBase] Should NOT close
connection, using HTTP/1.1
DEBUG [org.apache.commons.httpclient.HttpConnection] enter
HttpConnection.isResponseAvailable()
DEBUG [org.apache.commons.httpclient.HttpConnection] enter
HttpConnection.releaseConnection()
DEBUG [org.apache.commons.httpclient.HttpConnection] Connection is
locked. Call to releaseConnection() ignored.
DEBUG [org.apache.commons.httpclient.HttpConnection] enter
HttpConnection.releaseConnection()
DEBUG [org.apache.commons.httpclient.HttpConnection] Releasing
connection back to connection manager.
DEBUG [org.apache.commons.httpclient.HttpConnection] enter
HttpConnection.close()
DEBUG [org.apache.commons.httpclient.HttpConnection] enter
HttpConnection.closeSockedAndStreams()
DEBUG [org.apache.commons.httpclient.HttpMethodDirector] Attempt
number 1 to process request
DEBUG [org.apache.commons.httpclient.HttpConnection] enter HttpConnection.open()
DEBUG [org.apache.commons.httpclient.HttpConnection] Open connection
to acme.com:443
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: Help with cookies
Posted by Oleg Kalnichevski <ol...@apache.org>.
Please post a complete wire/context log of the HTTP session
http://jakarta.apache.org/commons/httpclient/logging.html
Oleg
On Tue, 2006-06-27 at 22:32 -0300, Vinicius Carvalho wrote:
> Hello there! I'm building a app to get some contents from a remote
> site that has authentication (it uses struts, and its just a simple
> auth).
> Well, here's what I'm doing:
>
> private boolean authenticate(){
> String url = "http://acme.com/login.do";
> HttpClient client = new HttpClient();
> PostMethod post = new PostMethod(url);
> NameValuePair[] data = { new
> NameValuePair("email","java.vinicius@gmail.com"), new
> NameValuePair("password","123456")};
> post.setRequestBody(data);
> try {
> client.executeMethod(post);
> this.cookies = client.getState().getCookies();
> for(Cookie cookie : cookies){
> System.out.println(cookie.toExternalForm());
> }
> } catch (HttpException e) {
> e.printStackTrace();
> } catch (IOException e) {
> e.printStackTrace();
> }finally{
> post.releaseConnection();
> }
> return (this.cookies != null && this.cookies.length > 0);
> }
>
> Well ok, the JSESSIONID cookie is fetched, no problem at all. So i try
> to access a forbiden page:
>
> boolean authenticated = authenticate();
>
> if(authenticated){
> HttpState state = new HttpState();
> state.addCookies(cookies);
> HttpClient client = new HttpClient();
> client.setState(state);
> client.getParams().setCookiePolicy(CookiePolicy.RFC_2109);
> GetMethod method = new GetMethod();
> method.setURI(new URI(url,true));
> client.executeMethod(method);
> String contents =
> method.getResponseBodyAsString(); method.releaseConnection();
> }
>
> Well, instead of receiving the right page, what I'm getting is a one
> of our pages that is shown when a forbidden resource is accessed
> without the user having the proper permission.
>
> What am I doing wrong here, isn't the user already authenticathed?
>
> Regards
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: Help with cookies
Posted by Roland Weber <ht...@dubioso.net>.
Hello Vinicius,
first, do not create multiple instances of HttpClient, and do
not attempt to copy cookies from one to the other. Create one
HttpClient, use it for both requests, and the cookies will be
stored automatically in the default state.
The Client HTTP Programming Primer should help you to solve
the session problem:
http://wiki.apache.org/jakarta-httpclient/ForAbsoluteBeginners
hope that helps,
Roland
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org