You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by Reddy Annapareddy <re...@braemarnet.com> on 2003/08/01 01:22:44 UTC
Does HTTPClient consults with browser when it is running under java plugin.
All,
I am trying to use httpclient in an applet that runs in jdk 1.4.2 jre. Our
web application (j2ee 1.3) security enabled and uses form login
(j_security_check) and deployed on websphere 5.x app server . After
successful login user gets applet page. When ever we make sun's
URLConnection to my server, websphere recognizes me as previously
authenticated user since sun's URLConnection using Java Plug-in, Java
Plug-in consults the browser to determine if a cookie should be sent along
with it which it received after login. If so, the HTTP/HTTPS request will
contain the cookie as part of the header. Typically websphere sends a
session cookie and security cookie (encrypted LTPAToken).
Where httpclient request to server after login, websphere treating as
unauthenticated user and forcing user to provide login information again.
http client uses sockets directly rather than suns URLConnection.
I have tried following
After successful login. we contacted the server through sun's URLConnection
to steel the all headers & cookies.
Copied all header/cookies form a sun's URLConnection to my server to
httpclient connection. Still my server recognizes me as new
user/unauthenticated user.
Help me if anybody knows what else suns urlconnection is doing we are not
doing through httpclient...
Reddy
Re: Does HTTPClient consults with browser when it is running under
java plugin.
Posted by Ortwin Glück <or...@nose.ch>.
Oleg Kalnichevski wrote:
> Reddy,
>
> I tend to shun away from applets at all costs
So do I. If you want to implement an Application, do not use Applets.
But use Webstart instead.
Odi
Re: Does HTTPClient consults with browser when it is running under java plugin.
Posted by Adrian Sutton <ad...@intencha.com>.
> I tend to shun away from applets at all costs, so I can't claim to know
> a great deal about them, but I find it highly unlikely for sun's
> UrlConnection to be able to consult browser's cookie cache.
Actually, on Windows, with the Sun JRE and using IE, Sun's
URLConnection does in fact send any cookies that apply to the page the
applet is embedded in. Relying on this behavior however is a massive
platform dependency as there is no requirement for this to occur. In
particular, if you were to try this on Mac, Linux or Solaris you'd find
the cookie is not sent. The workaround however is quite simple. In
fact, there is no guarantee that this will occur with future versions
of the Java Plugin or IE either. In short, don't depend on this
occurring.
When writing out the applet tag (or object or embed tag) you'll have
something like:
<applet code="blah" archive="myjar.jar">
<param name="name" value="value">
</applet>
Simply insert an extra parameter using JavaScript, ie:
<script language="JavaScript">
document.write('<param name="cookie" value="' + document.cookie +
'">');
</script>
Careful with the ' and " characters in there. Then in your applet,
just pass the cookie param through to HttpClient.
Then make sure you're following all of Oleg's other suggestions which
are likely causes of problems as well. :)
Regards,
Adrian Sutton.
----------------------------------------------
Intencha "tomorrow's technology today"
Ph: 38478913 0422236329
Suite 8/29 Oatland Crescent
Holland Park West 4121
Australia QLD
www.intencha.com
Re: Does HTTPClient consults with browser when it is running under
java plugin.
Posted by Oleg Kalnichevski <ol...@apache.org>.
Reddy,
I tend to shun away from applets at all costs, so I can't claim to know
a great deal about them, but I find it highly unlikely for sun's
UrlConnection to be able to consult browser's cookie cache.
Firstly, please have a look at the following demo applications and see
if there's anything that you might be doing differently in your
application
Form logon:
http://cvs.apache.org/viewcvs/jakarta-commons/httpclient/src/examples/FormLoginDemo.java?rev=HEAD
Cookie management:
http://cvs.apache.org/viewcvs/jakarta-commons/httpclient/src/examples/CookieDemoApp.java?rev=HEAD
For instance, I am pretty sure I know why adding headers with cookies
stolen from the UrlConnection did not help. HttpClient expects cookies
to be managed through HttpState API. Therefore, it overwrites 'cookie'
headers set manually with those automatically generated based on
HttpState cookie collection content.
Secondly, please have a look at our logging guide and try to activate
HttpClietn's wire log. You will be able to see in details what exactly
HttpClient is doing.
http://jakarta.apache.org/commons/httpclient/logging.html
Thirdly, my guess is that things do not work because you do not keep the
instance of HttpState between method invocations. See FormLoginDemo for
details
If you still can't get things to work after having consulted with our
sample applications, send us the wire log of your HTTP session and we'll
try to help further.
Cheers
Oleg
On Fri, 2003-08-01 at 01:22, Reddy Annapareddy wrote:
> All,
>
> I am trying to use httpclient in an applet that runs in jdk 1.4.2 jre. Our
> web application (j2ee 1.3) security enabled and uses form login
> (j_security_check) and deployed on websphere 5.x app server . After
> successful login user gets applet page. When ever we make sun's
> URLConnection to my server, websphere recognizes me as previously
> authenticated user since sun's URLConnection using Java Plug-in, Java
> Plug-in consults the browser to determine if a cookie should be sent along
> with it which it received after login. If so, the HTTP/HTTPS request will
> contain the cookie as part of the header. Typically websphere sends a
> session cookie and security cookie (encrypted LTPAToken).
>
> Where httpclient request to server after login, websphere treating as
> unauthenticated user and forcing user to provide login information again.
> http client uses sockets directly rather than suns URLConnection.
>
> I have tried following
>
> After successful login. we contacted the server through sun's URLConnection
> to steel the all headers & cookies.
> Copied all header/cookies form a sun's URLConnection to my server to
> httpclient connection. Still my server recognizes me as new
> user/unauthenticated user.
>
> Help me if anybody knows what else suns urlconnection is doing we are not
> doing through httpclient...
>
> Reddy
>
>
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>