You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomee.apache.org by "cedric.checoury@gmail.com" <ce...@gmail.com> on 2016/02/20 16:27:56 UTC
JAX-RS with httpOnly cookie -> an CXF bug ?
Hello,
If I send a request with an httponly cookie on my rest service, I receive an
IllegalArgumentException("Cookie is malformed : " + c) when I call
requestContext.getCookies().
Please find my container request filter implementation :
If I understand, I think this is a CXF bug (link CXF-6451
<https://issues.apache.org/jira/browse/CXF-6451> ) but normally this one
have been fixed on 3.1.2 version for NewCookieHeaderProvider.java class.
But JAXRS Tomee implementation use CookieHeaderProvider (that hasn't the
fix) and not the NewCookieHeaderProvider class.
Any help would be much appreciated to find a clean workaround
Regards
--
View this message in context: http://tomee-openejb.979440.n4.nabble.com/JAX-RS-with-httpOnly-cookie-an-CXF-bug-tp4677643.html
Sent from the TomEE Users mailing list archive at Nabble.com.
Re: JAX-RS with httpOnly cookie -> an CXF bug ?
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Set-Cookie is to ask the operation to be the creation of a cookie.
Le 20 févr. 2016 23:29, "cc75005++" <ce...@gmail.com> a écrit :
> Hello Romain,
>
> Thanks you for your answer. But I'm not sure to understand, What do you
> mean by (Cookie vs Set-Cookie) ?
>
> Anyway, I'l post my question on the CXF mailing list. :-)
>
> Thanks again.
>
> Cédric
>
> 2016-02-20 16:44 GMT+01:00 Romain Manni-Bucau [via TomEE & OpenEJB] <
> ml-node+s979440n4677644h14@n4.nabble.com>:
>
> > Hi Cedric,
> >
> > Cookie and NewCookie are not the same thing (Cookie vs Set-Cookie), the
> > JAXRS runtime uses typically this config:
> >
> > headerProviders.put(Cookie.class, new CookieHeaderProvider());
> > headerProviders.put(NewCookie.class, new NewCookieHeaderProvider());
> >
> > Means it can still be a CXF bug.
> >
> >
> >
> >
> > Romain Manni-Bucau
> > @rmannibucau <https://twitter.com/rmannibucau> | Blog
> > <http://rmannibucau.wordpress.com> | Github <
> > https://github.com/rmannibucau> |
> > LinkedIn <https://www.linkedin.com/in/rmannibucau> | Tomitriber
> > <http://www.tomitribe.com>
> >
> > 2016-02-20 16:27 GMT+01:00 [hidden email]
> > <http:///user/SendEmail.jtp?type=node&node=4677644&i=0> <
> > [hidden email] <http:///user/SendEmail.jtp?type=node&node=4677644&i=1>>:
> >
> > > Hello,
> > >
> > > If I send a request with an httponly cookie on my rest service, I
> > receive
> > > an
> > > IllegalArgumentException("Cookie is malformed : " + c) when I call
> > > requestContext.getCookies().
> > >
> > > Please find my container request filter implementation :
> > >
> > >
> > > If I understand, I think this is a CXF bug (link CXF-6451
> > > <https://issues.apache.org/jira/browse/CXF-6451> ) but normally this
> > one
> > > have been fixed on 3.1.2 version for NewCookieHeaderProvider.java
> class.
> > >
> > > But JAXRS Tomee implementation use CookieHeaderProvider (that hasn't
> the
> > > fix) and not the NewCookieHeaderProvider class.
> > >
> > > Any help would be much appreciated to find a clean workaround
> > >
> > > Regards
> > >
> > >
> > >
> > > --
> > > View this message in context:
> > >
> >
> http://tomee-openejb.979440.n4.nabble.com/JAX-RS-with-httpOnly-cookie-an-CXF-bug-tp4677643.html
> > > Sent from the TomEE Users mailing list archive at Nabble.com.
> > >
> >
> >
> > ------------------------------
> > If you reply to this email, your message will be added to the discussion
> > below:
> >
> >
> http://tomee-openejb.979440.n4.nabble.com/JAX-RS-with-httpOnly-cookie-an-CXF-bug-tp4677643p4677644.html
> > To unsubscribe from JAX-RS with httpOnly cookie -> an CXF bug ?, click
> > here
> > <
> http://tomee-openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=4677643&code=Y2VkcmljLmNoZWNvdXJ5QGdtYWlsLmNvbXw0Njc3NjQzfDgzNDUxNjg4Nw==
> >
> > .
> > NAML
> > <
> http://tomee-openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml
> >
> >
>
>
>
>
> --
> View this message in context:
> http://tomee-openejb.979440.n4.nabble.com/JAX-RS-with-httpOnly-cookie-an-CXF-bug-tp4677643p4677645.html
> Sent from the TomEE Users mailing list archive at Nabble.com.
Re: JAX-RS with httpOnly cookie -> an CXF bug ?
Posted by cc75005++ <ce...@gmail.com>.
Hello Romain,
Thanks you for your answer. But I'm not sure to understand, What do you
mean by (Cookie vs Set-Cookie) ?
Anyway, I'l post my question on the CXF mailing list. :-)
Thanks again.
Cédric
2016-02-20 16:44 GMT+01:00 Romain Manni-Bucau [via TomEE & OpenEJB] <
ml-node+s979440n4677644h14@n4.nabble.com>:
> Hi Cedric,
>
> Cookie and NewCookie are not the same thing (Cookie vs Set-Cookie), the
> JAXRS runtime uses typically this config:
>
> headerProviders.put(Cookie.class, new CookieHeaderProvider());
> headerProviders.put(NewCookie.class, new NewCookieHeaderProvider());
>
> Means it can still be a CXF bug.
>
>
>
>
> Romain Manni-Bucau
> @rmannibucau <https://twitter.com/rmannibucau> | Blog
> <http://rmannibucau.wordpress.com> | Github <
> https://github.com/rmannibucau> |
> LinkedIn <https://www.linkedin.com/in/rmannibucau> | Tomitriber
> <http://www.tomitribe.com>
>
> 2016-02-20 16:27 GMT+01:00 [hidden email]
> <http:///user/SendEmail.jtp?type=node&node=4677644&i=0> <
> [hidden email] <http:///user/SendEmail.jtp?type=node&node=4677644&i=1>>:
>
> > Hello,
> >
> > If I send a request with an httponly cookie on my rest service, I
> receive
> > an
> > IllegalArgumentException("Cookie is malformed : " + c) when I call
> > requestContext.getCookies().
> >
> > Please find my container request filter implementation :
> >
> >
> > If I understand, I think this is a CXF bug (link CXF-6451
> > <https://issues.apache.org/jira/browse/CXF-6451> ) but normally this
> one
> > have been fixed on 3.1.2 version for NewCookieHeaderProvider.java class.
> >
> > But JAXRS Tomee implementation use CookieHeaderProvider (that hasn't the
> > fix) and not the NewCookieHeaderProvider class.
> >
> > Any help would be much appreciated to find a clean workaround
> >
> > Regards
> >
> >
> >
> > --
> > View this message in context:
> >
> http://tomee-openejb.979440.n4.nabble.com/JAX-RS-with-httpOnly-cookie-an-CXF-bug-tp4677643.html
> > Sent from the TomEE Users mailing list archive at Nabble.com.
> >
>
>
> ------------------------------
> If you reply to this email, your message will be added to the discussion
> below:
>
> http://tomee-openejb.979440.n4.nabble.com/JAX-RS-with-httpOnly-cookie-an-CXF-bug-tp4677643p4677644.html
> To unsubscribe from JAX-RS with httpOnly cookie -> an CXF bug ?, click
> here
> <http://tomee-openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=4677643&code=Y2VkcmljLmNoZWNvdXJ5QGdtYWlsLmNvbXw0Njc3NjQzfDgzNDUxNjg4Nw==>
> .
> NAML
> <http://tomee-openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>
--
View this message in context: http://tomee-openejb.979440.n4.nabble.com/JAX-RS-with-httpOnly-cookie-an-CXF-bug-tp4677643p4677645.html
Sent from the TomEE Users mailing list archive at Nabble.com.
Re: JAX-RS with httpOnly cookie -> an CXF bug ?
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Hi Cedric,
Cookie and NewCookie are not the same thing (Cookie vs Set-Cookie), the
JAXRS runtime uses typically this config:
headerProviders.put(Cookie.class, new CookieHeaderProvider());
headerProviders.put(NewCookie.class, new NewCookieHeaderProvider());
Means it can still be a CXF bug.
Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> | Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | Tomitriber
<http://www.tomitribe.com>
2016-02-20 16:27 GMT+01:00 cedric.checoury@gmail.com <
cedric.checoury@gmail.com>:
> Hello,
>
> If I send a request with an httponly cookie on my rest service, I receive
> an
> IllegalArgumentException("Cookie is malformed : " + c) when I call
> requestContext.getCookies().
>
> Please find my container request filter implementation :
>
>
> If I understand, I think this is a CXF bug (link CXF-6451
> <https://issues.apache.org/jira/browse/CXF-6451> ) but normally this one
> have been fixed on 3.1.2 version for NewCookieHeaderProvider.java class.
>
> But JAXRS Tomee implementation use CookieHeaderProvider (that hasn't the
> fix) and not the NewCookieHeaderProvider class.
>
> Any help would be much appreciated to find a clean workaround
>
> Regards
>
>
>
> --
> View this message in context:
> http://tomee-openejb.979440.n4.nabble.com/JAX-RS-with-httpOnly-cookie-an-CXF-bug-tp4677643.html
> Sent from the TomEE Users mailing list archive at Nabble.com.
>