You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Karthik <ka...@apple.com> on 2005/08/30 16:18:25 UTC
Java Object Serialization and Tomcat Basic Authentication Incompatibility?
Hi,
Using HttpClient 2.0 I'm having issues sending serialized java
objects ONLY IF I turn ON BASIC authentication.
In other words in the tomcat web.xml if I comment out these then
everything works fine.
<servlet-mapping>
<servlet-name>httpclient</servlet-name>
<url-pattern>/httpclient</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>issrole</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Web Authentication</realm-name>
</login-config>
<security-role>
<role-name>issrole</role-name>
</security-role>
If I uncomment them, then on the servlet I get this exception:
java.io.StreamCorruptedException: invalid stream header
at java.io.ObjectInputStream.readStreamHeader
(ObjectInputStream.java:737)
at java.io.ObjectInputStream.<init>(ObjectInputStream.java:253)
at HttpClientServlet.service(HttpClientServlet.java:48)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
(ApplicationFilterChain.java:237)
Client Code:
Hashtable object = new Hashtable();
for ( int i = 0; i < 10; i++ ) object.put(new Integer(i),
"Value");
ByteArrayOutputStream bos = new ByteArrayOutputStream() ;
ObjectOutputStream out = new ObjectOutputStream(bos) ;
out.writeObject(object);
out.close();
// Get the bytes of the serialized object
byte[] buf = bos.toByteArray();
HttpClient client = new HttpClient();
Credentials creds =
new UsernamePasswordCredentials("iss", "iss");
HttpState state = client.getState();
state.setAuthenticationPreemptive(true);
state.setCredentials( "Web Authentication", "localhost",
creds );
String url = "http://localhost:8080/httpclient/httpclient";
PostMethod method = new PostMethod(url);
InputStream is = new BufferedInputStream( new
ByteArrayInputStream( buf ) ) ;
method.setRequestBody( new ByteArrayInputStream( buf ) );
method.setRequestContentLength((int)buf.length);
method.setRequestHeader("Content-Type", "application/octet-
stream");
method.setRequestHeader("Connection", "Keep-Alive");
method.setDoAuthentication( true );
int status = client.executeMethod(method);
Servlet Code:
public void service(HttpServletRequest request,
HttpServletResponse response)
throws IOException, ServletException
{
int len = request.getContentLength();
byte[] data;
int total = 0;
data = new byte[len];
while( total < len ){
int bytesRead = request.getInputStream().read( data, total,
len - total );
if ( bytesRead == -1 ) break;
else total += bytesRead;
}
System.out.println("data length " + data.length );
ObjectInputStream inStream = null;
ObjectOutputStream outStream = null;
Object requestObject = null;
inStream = new ObjectInputStream(new ByteArrayInputStream(data));
Thanks, Karthik
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: Java Object Serialization and Tomcat Basic Authentication Incompatibility?
Posted by Karthik <ka...@apple.com>.
Looks like I might be able to answer my own question.
I used httpclient 3.0 rc3 and made the following changes to the
client code:
ByteArrayRequestEntity output = new ByteArrayRequestEntity
(buf);
HttpClient client = new HttpClient();
client.getState().setCredentials(
new AuthScope(null, 8080,null),
new UsernamePasswordCredentials("iss", "iss")
);
String url = "http://localhost:8080/httpclient/httpclient";
PostMethod method = new PostMethod(url);
method.setRequestEntity(output);
//method.setRequestContentLength((int)buf.length);
method.setRequestHeader("Content-Type", "application/octet-
stream");
method.setRequestHeader("Connection", "Keep-Alive");
method.setDoAuthentication( true );
and stuff seems to work.
Thanks, Karthik
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org