Re: Does HTTPClient consults with browser when it is running underjava plugin.

[Reddy Annapareddy <re...@braemarnet.com>]

Oleg,
Thank you for prompt reply..

I agree with you about using applets but unfortunately our app requires rich
ui functionality that can not be fulfilled by html/java script.

Sun's plugin documentation clearly talks about how plugin consult browser
and it is available here
http://java.sun.com/j2se/1.4.2/docs/guide/plugin/developer_guide/cookie_supp
ort.html

I have looked httpclient form login examples and used them already in the
case where I have userid & password. There HttpState is maintained from form
login to subsequent method invocations and it works..

But In this application I do not have the userid & password. we are coming
to applet page after successful (J2EE 1.2/1.3 J_Security_check) form login
page (simple jsp page posts userid/password to web container inbuilt servlet
J_Security_check does the authentication). The result of successful
authentication is applet page which contains some session / encrypted
security cookies. Here onwards any of new sun's urlconnections to my server
works with out redirecting me to login jsp since my server is getting all
session / encrypted security cookies which are sent after login page.

Any of new httpclient connections to my server treated as unauthenticated
and directing me login jsp due to a new HttpState and missing session /
encrypted security cookies.
So, Tried to Steel and copying session / encrypted security cookies to
httpconnection and it did not work.

All I am trying to do here, connect my server like suns urlconnection
doing....

As I understood from your explanation, It is look like httpclient's initial
httpstate can not set to with above  session / encrypted security cookies?
Is that right...


reddy





**********************************************************************
Reddy,

I tend to shun away from applets at all costs, so I can't claim to know
a great deal about them, but I find it highly unlikely for sun's
UrlConnection to be able to consult browser's cookie cache.

Firstly, please have a look at the following demo applications and see
if there's anything that you might be doing differently in your
application

Form logon:

http://cvs.apache.org/viewcvs/jakarta-commons/httpclient/src/examples/FormLo
ginDemo.java?rev=HEAD

Cookie management:

http://cvs.apache.org/viewcvs/jakarta-commons/httpclient/src/examples/Cookie
DemoApp.java?rev=HEAD

For instance, I am pretty sure I know why adding headers with cookies
stolen from the UrlConnection did not help. HttpClient expects cookies
to be managed through HttpState API. Therefore, it overwrites 'cookie'
headers set manually with those automatically generated based on
HttpState cookie collection content.


Secondly, please have a look at our logging guide and try to activate
HttpClietn's wire log. You will be able to see in details what exactly
HttpClient is doing.

http://jakarta.apache.org/commons/httpclient/logging.html

Thirdly, my guess is that things do not work because you do not keep the
instance of HttpState between method invocations. See FormLoginDemo for
details

If you still can't get things to work after having consulted with our
sample applications, send us the wire log of your HTTP session and we'll
try to help further.

Cheers

Oleg






On Fri, 2003-08-01 at 01:22, Reddy Annapareddy wrote:
> All,
>
> I am trying to use httpclient in an applet that runs in jdk 1.4.2 jre. Our
> web application (j2ee 1.3) security enabled and uses form login
> (j_security_check) and deployed on websphere 5.x app server . After
> successful login user gets applet page. When ever we make sun's
> URLConnection to my server, websphere recognizes me as previously
> authenticated user since sun's URLConnection using Java Plug-in, Java
> Plug-in consults the browser to determine if a cookie should be sent along
> with it which it received after login. If so, the HTTP/HTTPS request will
> contain the cookie as part of the header. Typically websphere sends a
> session cookie and security cookie (encrypted LTPAToken).
>
> Where httpclient request to server after login, websphere treating as
> unauthenticated user and forcing user to provide login information again.
> http client uses sockets directly rather than suns URLConnection.
>
> I have tried  following
>
> After successful login. we contacted the server through sun's
URLConnection
> to steel the all headers & cookies.
> Copied all header/cookies form a sun's URLConnection to my server to
> httpclient connection. Still my server recognizes me as new
> user/unauthenticated user.
>
> Help me if anybody knows what else suns urlconnection is doing we are not
> doing through httpclient...
>
> Reddy
>
>
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Does HTTPClient consults with browser when it is running underjava plugin.

[Oleg Kalnichevski <ol...@apache.org>]

> As I understood from your explanation, It is look like httpclient's initial
> httpstate can not set to with above  session / encrypted security cookies?
> Is that right...
> 

Reddy,
I am afraid my explanations so far have caused more confusion that
clarity. Of course, you can set any initial cookies you like. All that I
am trying to say is that you should be using HttpState APIs.


HttpClient httpclient = new HttpClient();
// Correct. This will work
httpclient.getState().addCookie(
  new Cookie("www.whatver.com", "jsession", "topsecret", 
  "/", -1, false));
GetMethod httpget = new GetMethod("http://www.whatever.com");
// Incorrect. This will not work
httpget.setRequestHeader("cookie", "jsession=topsecret");
httpclient.executeMethod(httpget);
System.out.println(httpget.getStatusLine().toString()); 

Use the trick suggested by Adrian to retrieve the session cookie and to
pass it as a parameter to the applet and you should be all right

Oleg