You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2018/03/09 08:53:00 UTC
[jira] [Resolved] (HTTPCLIENT-1909) Cookies received during
authentication challenge not processed
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1909?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Kalnichevski resolved HTTPCLIENT-1909.
-------------------------------------------
Resolution: Duplicate
Fix Version/s: 5.0 Alpha2
Please see HTTPCLIENT-1451 for details and recommended work-around.
Oleg
> Cookies received during authentication challenge not processed
> --------------------------------------------------------------
>
> Key: HTTPCLIENT-1909
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1909
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Affects Versions: 4.5.5
> Reporter: Johannes Stamminger
> Priority: Major
> Fix For: 5.0 Alpha2
>
>
> We fail to authenticate against a gateway requiring authentication and which is tracking progress by way of setting and updating a session cookie even during the authentication challenge:
> * client GET to some url {{[https://a.b.c/]}}
> ** response:
> 302, redirect to {{[https://a.b.c/xyz]}}
> set cookie X=1
> * client GET to url {{[https://a.b.c/xyz]}}
> cookie X=1 transmitted
> ** response:
> 401, authentication required
> set cookie X=2
> * client GET to same url again
> authentication transmitted
> {color:#d04437}*cookie X=1*{color} transmitted again, should have been X=2
> This is caused by actually processing the cookies only outside the {{MainClientExec}}, by the calling {{ProtocolExec}}. But with receiving the 401, the loop in {{MainClientExec#execute(...)}} is not left but the request is sent again with having only added the authentication header. The cookies having received with the 401 response are dismissed.
>
> Workaround (hack IMHO):
> {code:java}
> final TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy() {
> private final ResponseProcessCookies fResponseProcessCookies = new ResponseProcessCookies();
> private final RequestAddCookies fRequestAddCookies = new RequestAddCookies();
> @Override
> public Map<String, Header> getChallenges(HttpHost authhost,
> HttpResponse response,
> HttpContext context) throws MalformedChallengeException {
> try {
> fResponseProcessCookies.process(response, context);
> final HttpClientContext clientContext = HttpClientContext.adapt(context);
> final HttpRequest request = clientContext.getRequest();
> request.removeHeaders("Cookie");
> fRequestAddCookies.process(request, context);
> } catch (HttpException | IOException e) {
> throw new MalformedChallengeException(e.getMessage(), e);
> }
> return super.getChallenges(authhost, response, context);
> }
> };
> final CloseableHttpClient authClient = httpClientBuilder
> .setTargetAuthenticationStrategy(authStrategy)
> .build();
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org