You are viewing a plain text version of this content. The canonical link for it is here.

Posted to httpclient-users@hc.apache.org by Karthik <ka...@apple.com> on 2005/08/30 16:18:25 UTC

Java Object Serialization and Tomcat Basic Authentication Incompatibility?

Hi,

Using HttpClient 2.0 I'm having issues sending serialized java  
objects ONLY IF I turn ON BASIC authentication.

In other words in the tomcat web.xml if I comment out these then  
everything works fine.

     <servlet-mapping>
         <servlet-name>httpclient</servlet-name>
         <url-pattern>/httpclient</url-pattern>
     </servlet-mapping>
     <security-constraint>
             <web-resource-collection>
                 <url-pattern>/*</url-pattern>
             <http-method>GET</http-method>
             <http-method>POST</http-method>

             </web-resource-collection>
             <auth-constraint>
                 <role-name>issrole</role-name>
             </auth-constraint>
     </security-constraint>
     <login-config>
             <auth-method>BASIC</auth-method>
             <realm-name>Web Authentication</realm-name>
     </login-config>
   <security-role>
     <role-name>issrole</role-name>
   </security-role>

If I uncomment them, then on the servlet I get this exception:

java.io.StreamCorruptedException: invalid stream header
         at java.io.ObjectInputStream.readStreamHeader 
(ObjectInputStream.java:737)
         at java.io.ObjectInputStream.<init>(ObjectInputStream.java:253)
         at HttpClientServlet.service(HttpClientServlet.java:48)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
         at  
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter 
(ApplicationFilterChain.java:237)


Client Code:
         Hashtable object =  new Hashtable();

         for ( int i = 0; i < 10; i++ ) object.put(new Integer(i),  
"Value");
         ByteArrayOutputStream bos = new ByteArrayOutputStream() ;
         ObjectOutputStream out = new ObjectOutputStream(bos) ;
         out.writeObject(object);
         out.close();
         // Get the bytes of the serialized object
         byte[] buf = bos.toByteArray();

         HttpClient client = new HttpClient();

         Credentials creds =
             new UsernamePasswordCredentials("iss", "iss");

         HttpState state = client.getState();
         state.setAuthenticationPreemptive(true);
         state.setCredentials( "Web Authentication", "localhost",  
creds );

         String url = "http://localhost:8080/httpclient/httpclient";

         PostMethod method = new PostMethod(url);
         InputStream is = new BufferedInputStream( new  
ByteArrayInputStream( buf ) ) ;

         method.setRequestBody( new ByteArrayInputStream( buf ) );
         method.setRequestContentLength((int)buf.length);
         method.setRequestHeader("Content-Type", "application/octet- 
stream");
         method.setRequestHeader("Connection", "Keep-Alive");
         method.setDoAuthentication( true );

         int status = client.executeMethod(method);

Servlet Code:
   public void service(HttpServletRequest request,
                     HttpServletResponse response)
                     throws IOException, ServletException
   {
      int len = request.getContentLength();
      byte[]      data;

     int total = 0;
     data = new byte[len];

     while( total < len ){
         int bytesRead = request.getInputStream().read( data, total,  
len - total );
         if ( bytesRead == -1 ) break;
         else total += bytesRead;
     }

     System.out.println("data length " +  data.length );

      ObjectInputStream inStream = null;
      ObjectOutputStream outStream = null;
      Object requestObject = null;

      inStream = new ObjectInputStream(new ByteArrayInputStream(data));


Thanks, Karthik



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org

Re: Java Object Serialization and Tomcat Basic Authentication Incompatibility?

Posted by Karthik <ka...@apple.com>.

Looks like I might be able to answer my own question.

I used httpclient 3.0 rc3 and made the following changes to the  
client code:

         ByteArrayRequestEntity output = new ByteArrayRequestEntity 
(buf);
         HttpClient client = new HttpClient();

         client.getState().setCredentials(
             new AuthScope(null, 8080,null),
             new UsernamePasswordCredentials("iss", "iss")
         );

         String url = "http://localhost:8080/httpclient/httpclient";

         PostMethod method = new PostMethod(url);

         method.setRequestEntity(output);
         //method.setRequestContentLength((int)buf.length);
         method.setRequestHeader("Content-Type", "application/octet- 
stream");
         method.setRequestHeader("Connection", "Keep-Alive");
         method.setDoAuthentication( true );

and stuff seems to work.

Thanks, Karthik


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org