You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "aparna khare (JIRA)" <ji...@apache.org> on 2016/05/10 09:36:12 UTC

[jira] [Commented] (HTTPCLIENT-1741) X-CSRF-Valication issues

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15277860#comment-15277860 ] 

aparna khare commented on HTTPCLIENT-1741:
------------------------------------------

I'm using HttpClient 4.1.3 version.Due to some issues I moved from apache cxf to httpClient the csrf was working earlier now when I get the values in set-cookie header and pass the same value it gives error

MYSSO=AjQxMDMBABhBAEQASwBPAEwASQAgACAAIAAgACAAIAACAAYxADAAMAADABBHADMAVAAgACAAIAAgACAABAAYMgAwADEANgAwADUAMQAwADAAOQAwADAABQAEAAAACAYAAlgACQACRQD%2fATUwggExBgkqhkiG9w0BBwKgggEiMIIBHgIBATELMAkGBSsOAwIaBQAwCwYJKoZIhvcNAQcBMYH%21MIH7AgEBMFAwRTELMAkGA1UEBhMCREUxDzANBgNVBAoTBlNBUC1BRzEMMAoGA1UECxMDRzNUMRcwFQYDVQQDDA4qLndkZi5zYXAuY29ycAIHIBQCAxAZATAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTYwNTEwMDkwMDU2WjAjBgkqhkiG9w0BCQQxFgQU2yWC3FqsVVbkd5fm88bTOkZXxBUwCQYHKoZIzjgEAwQvMC0CFQCKYZUVg7cqKbBN0%21Ipsje44PTspwIUMqTZenFqhPaJ%2fz3I913GajeUHuY%3d; path=/; domain=.xx.xx.xx,xx_SESSIONID_GT_100=GTCo7WBG8iV66CkETV5DYLOh2fcWjRHmhvoAUFa0PPA%3d; path=/,xx-XSRF_GT_100=aaaaaaa%3d%3d20160510090056gv1TL5k8mO9aKRMYbcGK3tt-ylbmZVAJwt3SyvT203c%3d; path=/; HttpOnly,


MYSSO=AjQxMDMBABhBAEQASwBPAEwASQAgACAAIAAgACAAIAACAAYxADAAMAADABBHADMAVAAgACAAIAAgACAABAAYMgAwADEANgAwADUAMQAwADAAOQAwADAABQAEAAAACAYAAlgACQACRQD%2fATUwggExBgkqhkiG9w0BBwKgggEiMIIBHgIBATELMAkGBSsOAwIaBQAwCwYJKoZIhvcNAQcBMYH%21MIH7AgEBMFAwRTELMAkGA1UEBhMCREUxDzANBgNVBAoTBlNBUC1BRzEMMAoGA1UECxMDRzNUMRcwFQYDVQQDDA4qLndkZi5zYXAuY29ycAIHIBQCAxAZATAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTYwNTEwMDkwMDU2WjAjBgkqhkiG9w0BCQQxFgQU2yWC3FqsVVbkd5fm88bTOkZXxBUwCQYHKoZIzjgEAwQvMC0CFQCKYZUVg7cqKbBN0%21Ipsje44PTspwIUMqTZenFqhPaJ%2fz3I913GajeUHuY%3d; path=/; domain=.xx.xx.xx, xx_SESSIONID_GT_100=GTCo7WBG8iV66CkETV5DYLOh2fcWjRHmhvoAUFa0PPA%3d; path=/, xx-XSRF_G3T_100=aaaaaaa%3d%3d20160510090056gv1TL5k8mO9aKRMYbcGK3tt-ylbmZVAJwt3SyvT203c%3d; path=/; HttpOnly

Even thought I set the same cookie in request header it does not work.
Also I tried via creating CookieStore even that does not work


private CookieStore getCookieStore() {
    HttpServletRequest req = getHttpServletRequest();
    Object cs = req.getSession().getAttribute("mmmmm");
    if (cs == null) {
      cs = new BasicCookieStore();
      req.getSession().setAttribute("mmmm", cs);
  }
  return (CookieStore) cs;
}
  private HttpServletRequest getHttpServletRequest() {
    return (HttpServletRequest) getContext().
          getParameter(context.HTTP_SERVLET_REQUEST_OBJECT);
  }


  private void putCookieStore(CookieStore cs) {
  getHttpServletRequest().getSession().setAttribute("mmm", cs);
}

Initialization of http client
DefaultHttpClient rsClient = new DefaultHttpClient();
    setTrustAll(rsClient);
    rsClient.setCookieStore(cs);

Can some one please help.


> X-CSRF-Valication issues
> ------------------------
>
>                 Key: HTTPCLIENT-1741
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1741
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient, HttpConn
>    Affects Versions: Snapshot
>            Reporter: aparna khare
>            Priority: Critical
>             Fix For: Snapshot
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org