You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by CXFUsr2 <ra...@gmail.com> on 2012/04/18 15:21:42 UTC
Cookies with "expires" directive
We use SUN Jersey client to consume some REST services and Apache CXF to
serve some REST services, in the same java project. Some of the services we
consume return cookies with "Expires" directive set. For eg: Set-Cookie:
name=value; Expires=Wed, 09 Jun 2021 10:18:14 GMT.
Consider the below code, assuming wr is a Jersey WebResource. ClientResponse
is also a Jersey class.
ClientResponse resp = wr.get(ClientResponse.class);
System.out.println(resp.getCookies())
Now, in the case of cookies with expires directive, the actual cookie is not
returned. Instead, the expires directive itself is returned as the cookie
(cookie's name is Expires, value is the date).
After some digging, we found that this might be due to the way the
Set-Cookie HTTP header is parsed by CXF in the fromString method of
org.apache.cxf.jaxrs.impl.NewCookieHeaderProvider. Basically, the code seems
to handle "Expires" like a normal cookie and not as a special
directive/metadata (it treats Max-Age and other directives correctly).
Please help us solve this. Are we doing something wrong?
--
View this message in context: http://cxf.547215.n5.nabble.com/Cookies-with-expires-directive-tp5649065p5649065.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Cookies with "expires" directive
Posted by Sergey Beryozkin <sb...@gmail.com>.
On 19/04/12 15:39, Sergey Beryozkin wrote:
> BTW, this has been fixed within CXF WebClient, NewCookie utility does
> not seem like is ready yet for 'Expires'. It can only ignore it really,
> which is not quite correct I guess; I'll raise the relevant jax-rs issue
I update the handler to ignore this property and raised the enhancement
JAX-RS 2.0 request. I checked the Jersey code and do not see it doing
anything special about Expires too so it does not seem CXF 'interferes'
a lot.
I think the best workaround is to retrieve the header value and parse it
manually
Cheers, Sergey
>
> On 19/04/12 15:23, Sergey Beryozkin wrote:
>> Hi
>> On 19/04/12 15:11, CXFUsr2 wrote:
>>> Thanks for the reply, but the problem is that we don't directly call
>>> CXF's
>>> cookie code. We just call ClientResponse's (it is a Jersey class)
>>> getCookies
>>> method, and the CXF method call is nested somewhere deeper.
>>>
>>> 1) ClientResponse code can be seen
>>> http://grepcode.com/file/repo1.maven.org/maven2/com.sun.jersey/jersey-bundle/1.12/com/sun/jersey/api/client/ClientResponse.java#ClientResponse.getCookies%28%29
>>>
>>>
>>> here . This is the method we actually call.
>>> 2) NewCookie code is
>>> http://grepcode.com/file/repo1.maven.org/maven2/javax.ws.rs/jsr311-api/1.1.1/javax/ws/rs/core/NewCookie.java#NewCookie.valueOf%28java.lang.String%29
>>>
>>>
>>> here . This is the method that #1 calls.
>>> 3) The CXF code which is finally called is
>>> http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf/cxf-rt-frontend-jaxrs/2.5.2/org/apache/cxf/jaxrs/impl/NewCookieHeaderProvider.java#NewCookieHeaderProvider.fromString%28java.lang.String%29
>>>
>>>
>>> here . This is the method which ultimately parses and returns the cookie
>>> from the Set-Cookie header.
>>>
>>> The method fromString in #3 has the behavior I mentioned in my first
>>> post.
>>> It considers the last name-value pair that occurs in Set-Cookie header
>>> to be
>>> the cookie itself (Eg: If the header is "Set-Cookie", "name=value;
>>> Expires=Wed, 09 Jun 2021 10:18:14 GMT", the returned cookie's name
>>> will be
>>> "expires" and value will be the date).
>>>
>> Sure, I'll have a look at the way CXF NewCookie handler manages
>> valueOf(...) with 'Expires' within the String.
>>
>> Do you have Jersey and CXF loaded in the web application ? Example, CXF
>> manages the initial incoming request and then Jersey is used to make a
>> client request within the scope of the current server request ?
>>
>> Sorry, is it really a CXF code that is managing NewCookie in this case ?
>>
>> Thanks, Sergey
>>
>>>
>>> --
>>> View this message in context:
>>> http://cxf.547215.n5.nabble.com/Cookies-with-expires-directive-tp5649065p5651856.html
>>>
>>>
>>> Sent from the cxf-user mailing list archive at Nabble.com.
>>
>>
>
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
Re: Cookies with "expires" directive
Posted by Sergey Beryozkin <sb...@gmail.com>.
BTW, this has been fixed within CXF WebClient, NewCookie utility does
not seem like is ready yet for 'Expires'. It can only ignore it really,
which is not quite correct I guess; I'll raise the relevant jax-rs issue
Cheers, Sergey
On 19/04/12 15:23, Sergey Beryozkin wrote:
> Hi
> On 19/04/12 15:11, CXFUsr2 wrote:
>> Thanks for the reply, but the problem is that we don't directly call
>> CXF's
>> cookie code. We just call ClientResponse's (it is a Jersey class)
>> getCookies
>> method, and the CXF method call is nested somewhere deeper.
>>
>> 1) ClientResponse code can be seen
>> http://grepcode.com/file/repo1.maven.org/maven2/com.sun.jersey/jersey-bundle/1.12/com/sun/jersey/api/client/ClientResponse.java#ClientResponse.getCookies%28%29
>>
>> here . This is the method we actually call.
>> 2) NewCookie code is
>> http://grepcode.com/file/repo1.maven.org/maven2/javax.ws.rs/jsr311-api/1.1.1/javax/ws/rs/core/NewCookie.java#NewCookie.valueOf%28java.lang.String%29
>>
>> here . This is the method that #1 calls.
>> 3) The CXF code which is finally called is
>> http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf/cxf-rt-frontend-jaxrs/2.5.2/org/apache/cxf/jaxrs/impl/NewCookieHeaderProvider.java#NewCookieHeaderProvider.fromString%28java.lang.String%29
>>
>> here . This is the method which ultimately parses and returns the cookie
>> from the Set-Cookie header.
>>
>> The method fromString in #3 has the behavior I mentioned in my first
>> post.
>> It considers the last name-value pair that occurs in Set-Cookie header
>> to be
>> the cookie itself (Eg: If the header is "Set-Cookie", "name=value;
>> Expires=Wed, 09 Jun 2021 10:18:14 GMT", the returned cookie's name
>> will be
>> "expires" and value will be the date).
>>
> Sure, I'll have a look at the way CXF NewCookie handler manages
> valueOf(...) with 'Expires' within the String.
>
> Do you have Jersey and CXF loaded in the web application ? Example, CXF
> manages the initial incoming request and then Jersey is used to make a
> client request within the scope of the current server request ?
>
> Sorry, is it really a CXF code that is managing NewCookie in this case ?
>
> Thanks, Sergey
>
>>
>> --
>> View this message in context:
>> http://cxf.547215.n5.nabble.com/Cookies-with-expires-directive-tp5649065p5651856.html
>>
>> Sent from the cxf-user mailing list archive at Nabble.com.
>
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
Re: Cookies with "expires" directive
Posted by CXFUsr2 <ra...@gmail.com>.
Actually, I debugged through the code (in eclipse) end-to-end and that is how
I found that it enters CXF's fromString method, which ignores the actual
cookie.
We use Jersey client for consuming some REST services and CXF for serving
other REST services of our own. Both happen from the same project. Though
Jersey itself has a HeaderDelegate implementation, CXF's implementation
class (org.apache.cxf.jaxrs.impl.NewCookieHeaderProvider, which has the
fromString method) is what gets chosen because we refer to CXF's classes
when the server initializes (i.e. earlier in runtime than Jersey's).
--
View this message in context: http://cxf.547215.n5.nabble.com/Cookies-with-expires-directive-tp5649065p5651932.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Cookies with "expires" directive
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi
On 19/04/12 15:11, CXFUsr2 wrote:
> Thanks for the reply, but the problem is that we don't directly call CXF's
> cookie code. We just call ClientResponse's (it is a Jersey class) getCookies
> method, and the CXF method call is nested somewhere deeper.
>
> 1) ClientResponse code can be seen
> http://grepcode.com/file/repo1.maven.org/maven2/com.sun.jersey/jersey-bundle/1.12/com/sun/jersey/api/client/ClientResponse.java#ClientResponse.getCookies%28%29
> here . This is the method we actually call.
> 2) NewCookie code is
> http://grepcode.com/file/repo1.maven.org/maven2/javax.ws.rs/jsr311-api/1.1.1/javax/ws/rs/core/NewCookie.java#NewCookie.valueOf%28java.lang.String%29
> here . This is the method that #1 calls.
> 3) The CXF code which is finally called is
> http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf/cxf-rt-frontend-jaxrs/2.5.2/org/apache/cxf/jaxrs/impl/NewCookieHeaderProvider.java#NewCookieHeaderProvider.fromString%28java.lang.String%29
> here . This is the method which ultimately parses and returns the cookie
> from the Set-Cookie header.
>
> The method fromString in #3 has the behavior I mentioned in my first post.
> It considers the last name-value pair that occurs in Set-Cookie header to be
> the cookie itself (Eg: If the header is "Set-Cookie", "name=value;
> Expires=Wed, 09 Jun 2021 10:18:14 GMT", the returned cookie's name will be
> "expires" and value will be the date).
>
Sure, I'll have a look at the way CXF NewCookie handler manages
valueOf(...) with 'Expires' within the String.
Do you have Jersey and CXF loaded in the web application ? Example, CXF
manages the initial incoming request and then Jersey is used to make a
client request within the scope of the current server request ?
Sorry, is it really a CXF code that is managing NewCookie in this case ?
Thanks, Sergey
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Cookies-with-expires-directive-tp5649065p5651856.html
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
Re: Cookies with "expires" directive
Posted by CXFUsr2 <ra...@gmail.com>.
Thanks for the reply, but the problem is that we don't directly call CXF's
cookie code. We just call ClientResponse's (it is a Jersey class) getCookies
method, and the CXF method call is nested somewhere deeper.
1) ClientResponse code can be seen
http://grepcode.com/file/repo1.maven.org/maven2/com.sun.jersey/jersey-bundle/1.12/com/sun/jersey/api/client/ClientResponse.java#ClientResponse.getCookies%28%29
here . This is the method we actually call.
2) NewCookie code is
http://grepcode.com/file/repo1.maven.org/maven2/javax.ws.rs/jsr311-api/1.1.1/javax/ws/rs/core/NewCookie.java#NewCookie.valueOf%28java.lang.String%29
here . This is the method that #1 calls.
3) The CXF code which is finally called is
http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf/cxf-rt-frontend-jaxrs/2.5.2/org/apache/cxf/jaxrs/impl/NewCookieHeaderProvider.java#NewCookieHeaderProvider.fromString%28java.lang.String%29
here . This is the method which ultimately parses and returns the cookie
from the Set-Cookie header.
The method fromString in #3 has the behavior I mentioned in my first post.
It considers the last name-value pair that occurs in Set-Cookie header to be
the cookie itself (Eg: If the header is "Set-Cookie", "name=value;
Expires=Wed, 09 Jun 2021 10:18:14 GMT", the returned cookie's name will be
"expires" and value will be the date).
--
View this message in context: http://cxf.547215.n5.nabble.com/Cookies-with-expires-directive-tp5649065p5651856.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Cookies with "expires" directive
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi
On 18/04/12 14:21, CXFUsr2 wrote:
> We use SUN Jersey client to consume some REST services and Apache CXF to
> serve some REST services, in the same java project. Some of the services we
> consume return cookies with "Expires" directive set. For eg: Set-Cookie:
> name=value; Expires=Wed, 09 Jun 2021 10:18:14 GMT.
>
> Consider the below code, assuming wr is a Jersey WebResource. ClientResponse
> is also a Jersey class.
>
> ClientResponse resp = wr.get(ClientResponse.class);
> System.out.println(resp.getCookies())
>
> Now, in the case of cookies with expires directive, the actual cookie is not
> returned. Instead, the expires directive itself is returned as the cookie
> (cookie's name is Expires, value is the date).
>
> After some digging, we found that this might be due to the way the
> Set-Cookie HTTP header is parsed by CXF in the fromString method of
> org.apache.cxf.jaxrs.impl.NewCookieHeaderProvider. Basically, the code seems
> to handle "Expires" like a normal cookie and not as a special
> directive/metadata (it treats Max-Age and other directives correctly).
>
> Please help us solve this. Are we doing something wrong?
>
Can you please use ResponseBuilder.header("Set-Cookie", "name=value;
Expires=Wed, 09 Jun 2021 10:18:14 GMT"), and I'll check how NewCookie
Implementation in CXF deals with it
Cheers, Sergey
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Cookies-with-expires-directive-tp5649065p5649065.html
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com