You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@chemistry.apache.org by "Florentine, George" <Ge...@flatironssolutions.com> on 2011/07/06 19:55:11 UTC

cookie support in 0.4.0

I'm building an application that uses the OpenCMIS client to talk to SharePoint 2010. I'd like to turn on cookie support so I inserted code to create a CookieManager as described in http://chemistry.apache.org/java/how-to/how-to-connect.html. When I use Wireshark to look at traffic between my app and SharePoint I see SP setting what looks like a reasonable cookie (it does have a path attribute set) but in subsequent calls, the OpenCMIS code does not send the cookie back.

I see a post (https://issues.apache.org/jira/browse/CMIS-366)  that indicates that this works in 0.4.0 but it doesn't seem to be working for me.

Any insights?

thx,

g
---

[cid:image001.gif@01CC3BD2.AB9659B0]

George Florentine



VP, Engineering



+1 (303) 542-2173  |  Office

+1 (303) 669-8628  |  Cell
+1 (303) 544-0522  |  Fax



george.florentine@flatironssolutions.com<ma...@flatironssolutions.com>



http://www.flatironssolutions.com<http://www.flatironssolutions.com/>

RE: cookie support in 0.4.0

Posted by "Florentine, George" <Ge...@flatironssolutions.com>.
Thx, Peter. That's a good idea. I'll try that and report back results...

thx,

g
---


George Florentine
 
VP, Engineering
 
+1 (303) 542-2173  |  Office
+1 (303) 669-8628  |  Cell 
+1 (303) 544-0522  |  Fax
 
george.florentine@flatironssolutions.com
 
http://www.flatironssolutions.com
 









-----Original Message-----
From: pmonks@alfresco.com [mailto:pmonks@alfresco.com] 
Sent: Friday, July 08, 2011 9:47 AM
To: dev@chemistry.apache.org
Cc: Florian Müller; dev@chemistry.apache.org
Subject: Re: cookie support in 0.4.0

Another random thought: Weblogic (and Websphere, if memory serves) define the classpath in such a way that the common/server JARs/classes take precedence over the webapp's own JARs/classes (as provided in WEB-INF/lib).

It's possible that turning this behaviour off in WLS will solve the issue without resorting to any code changes.

It's been years since I've had to wrestle with WLS, but my vague recollection is that the setting is called something like "preferWebInfLibClasses".

FWIW virtually every single webapp I've ever deployed to WLS required this setting, since WLS has a crapton of JARs/classes that it uses internally, and many of them are commonly used in webapps as well (typically resulting in version mismatches if the default value of that setting is used).

Cheers,
Peter


Apologes for speling & gramar erorrs - sent from mobil deivce

On Jul 8, 2011, at 8:03 AM, "Florentine, George" <Ge...@flatironssolutions.com> wrote:

> Florian, thx for the quick reply! Yeah, I saw an e-mail thread where you chatted about per-session cookie management coming in 0.5.0. For my particular app, the existing cookie management would be sufficient. I'm familiar with the HttpUtils class and it's interesting that you mentioned that because it gives me another clue to look at. I was going to post this in a separate thread but I'll mention it here since it relates to this discussion.
> 
> We're deploying our mid-tier code under WebLogic 10.3 and in that environment, the default OpenCMIS code in HttpUtils has problems when we try to use NTLM authentication. The code works ok under Tomcat but under WL some class provided by WL overrides the NTLM authentication class and it doesn't get loaded (the standard authenticator class ends up getting loaded even though we specify to use the NTLM authenticator in the parameters we set when we create the CMIS session). To get around that we made a modification to the OpenCMIS code in HttpUtils to use a Sun provided HttpHandler. I wonder if this change may be breaking cookie support in some way?
> 
> Specifically, in the HttpUtils class, the 0.4.0 code base has this line of code (line 89):
> 
>     HttpURLConnection conn = (HttpURLConnection) (new URL(url.toString())).openConnection();
> 
> I changed this to use a specific Http handler:
> 
>            HttpURLConnection conn = (HttpURLConnection) (new URL(null,url.toString(),new sun.net.www.protocol.http.Handler())).openConnection();
> 
> Perhaps the sun http handler is causing the behavior I'm seeing?
> 
> Thought?
> 
> thx,
> 
> g
> ---
> 
> 
> George Florentine
>  
> VP, Engineering
>  
> +1 (303) 542-2173  |  Office
> +1 (303) 669-8628  |  Cell 
> +1 (303) 544-0522  |  Fax
>  
> george.florentine@flatironssolutions.com
>  
> http://www.flatironssolutions.com
>  
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Florian Müller [mailto:florian.mueller@alfresco.com] 
> Sent: Friday, July 08, 2011 8:29 AM
> To: Florentine, George
> Cc: dev@chemistry.apache.org
> Subject: Re: cookie support in 0.4.0
> 
> George,
> 
> OpenCMIS relies on the cookie handling that is provided by Java. There is no specific OpenCMIS code that deals with cookies.
> HttpURLConnections should get hold of the CookieManager from the CookieHandler and then use it.
> 
> There are some disadvantages to this approach. For example, all sessions share the same set of cookies and the CookieManager is shared across all connections in the JVM.
> A smarter, session based cookie handling is on the list for 0.5.0 (and I have a good chunk of the code already done).
> 
> The best place for debugging is probably org.apache.chemistry.opencmis.client.bindings.spi.atompub.HttpUtils in the chemistry-opencmis-client-bindings package.
> The invoke() method handles the HTTP connections for the AtomPub binding.
> 
> 
> - Florian
> 
> 
> On 08/07/2011 14:51, Florentine, George wrote:
>> Florian, the HTTP Set-Cookie message coming back from SP looks like this:
>> 
>> Set-Cookie: WSS_KeepSessionAuthenticated={e5a6caaf-581c-4c26-aa12-0489087b7ec1}; path=/
>> 
>> Looks ok to me... Can you point me at the place in OpenCMIS where cookies are set? I can look at that code in the debugger and see what's going on.  Maybe I've got some setup in my environment that is preventing the CookieManager class and the OpenCMIS code from playing nice with each other...
>> 
>> thx,
>> 
>> g
>> ---
>> 
>> 
>> George Florentine
>> 
>> VP, Engineering
>> 
>> +1 (303) 542-2173  |  Office
>> +1 (303) 669-8628  |  Cell
>> +1 (303) 544-0522  |  Fax
>> 
>> george.florentine@flatironssolutions.com
>> 
>> http://www.flatironssolutions.com
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> -----Original Message-----
>> From: Florian Müller [mailto:florian.mueller@alfresco.com]
>> Sent: Friday, July 08, 2011 2:47 AM
>> To: Florentine, George
>> Cc: dev@chemistry.apache.org
>> Subject: Re: cookie support in 0.4.0
>> 
>> Hi George,
>> 
>> I haven't tested SharePoint but it works fine with other repositories.
>> The path might be the cause the problem. What is the value of the path
>> attribute?
>> 
>> - Florian
>> 
>> 
>> 
>> On 06/07/2011 18:55, Florentine, George wrote:
>>> I'm building an application that uses the OpenCMIS client to talk to
>>> SharePoint 2010. I'd like to turn on cookie support so I inserted code
>>> to create a CookieManager as described in
>>> http://chemistry.apache.org/java/how-to/how-to-connect.html. When I use
>>> Wireshark to look at traffic between my app and SharePoint I see SP
>>> setting what looks like a reasonable cookie (it does have a path
>>> attribute set) but in subsequent calls, the OpenCMIS code does not send
>>> the cookie back.
>>> 
>>> I see a post (https://issues.apache.org/jira/browse/CMIS-366) that
>>> indicates that this works in 0.4.0 but it doesn't seem to be working for
>>> me.
>>> 
>>> Any insights?
>>> 
>>> thx,
>>> 
>>> g
>>> 
>>> ---
>>> 
>>> email_Graphic_noTag
>>> 
>>>    
>>> 
>>> *George Florentine***
>>> 
>>>    
>>> 
>>> /VP, Engineering///
>>> 
>>>    
>>> 
>>> *+1 (303) 542-2173 | Office***
>>> 
>>> *+1 (303) 669-8628 | Cell ***
>>> 
>>> *+1 (303) 544-0522 | Fax***
>>> 
>>>    
>>> 
>>> george.florentine@flatironssolutions.com
>>> <ma...@flatironssolutions.com>
>>> 
>>>    
>>> 
>>> http://www.flatironssolutions.com<http://www.flatironssolutions.com/>
>>> 
>>>    
>>> 
>>>            
>>> 
>> 
>

Re: cookie support in 0.4.0

Posted by pm...@alfresco.com.
Another random thought: Weblogic (and Websphere, if memory serves) define the classpath in such a way that the common/server JARs/classes take precedence over the webapp's own JARs/classes (as provided in WEB-INF/lib).

It's possible that turning this behaviour off in WLS will solve the issue without resorting to any code changes.

It's been years since I've had to wrestle with WLS, but my vague recollection is that the setting is called something like "preferWebInfLibClasses".

FWIW virtually every single webapp I've ever deployed to WLS required this setting, since WLS has a crapton of JARs/classes that it uses internally, and many of them are commonly used in webapps as well (typically resulting in version mismatches if the default value of that setting is used).

Cheers,
Peter


Apologes for speling & gramar erorrs - sent from mobil deivce

On Jul 8, 2011, at 8:03 AM, "Florentine, George" <Ge...@flatironssolutions.com> wrote:

> Florian, thx for the quick reply! Yeah, I saw an e-mail thread where you chatted about per-session cookie management coming in 0.5.0. For my particular app, the existing cookie management would be sufficient. I'm familiar with the HttpUtils class and it's interesting that you mentioned that because it gives me another clue to look at. I was going to post this in a separate thread but I'll mention it here since it relates to this discussion.
> 
> We're deploying our mid-tier code under WebLogic 10.3 and in that environment, the default OpenCMIS code in HttpUtils has problems when we try to use NTLM authentication. The code works ok under Tomcat but under WL some class provided by WL overrides the NTLM authentication class and it doesn't get loaded (the standard authenticator class ends up getting loaded even though we specify to use the NTLM authenticator in the parameters we set when we create the CMIS session). To get around that we made a modification to the OpenCMIS code in HttpUtils to use a Sun provided HttpHandler. I wonder if this change may be breaking cookie support in some way?
> 
> Specifically, in the HttpUtils class, the 0.4.0 code base has this line of code (line 89):
> 
>     HttpURLConnection conn = (HttpURLConnection) (new URL(url.toString())).openConnection();
> 
> I changed this to use a specific Http handler:
> 
>            HttpURLConnection conn = (HttpURLConnection) (new URL(null,url.toString(),new sun.net.www.protocol.http.Handler())).openConnection();
> 
> Perhaps the sun http handler is causing the behavior I'm seeing?
> 
> Thought?
> 
> thx,
> 
> g
> ---
> 
> 
> George Florentine
>  
> VP, Engineering
>  
> +1 (303) 542-2173  |  Office
> +1 (303) 669-8628  |  Cell 
> +1 (303) 544-0522  |  Fax
>  
> george.florentine@flatironssolutions.com
>  
> http://www.flatironssolutions.com
>  
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Florian Müller [mailto:florian.mueller@alfresco.com] 
> Sent: Friday, July 08, 2011 8:29 AM
> To: Florentine, George
> Cc: dev@chemistry.apache.org
> Subject: Re: cookie support in 0.4.0
> 
> George,
> 
> OpenCMIS relies on the cookie handling that is provided by Java. There is no specific OpenCMIS code that deals with cookies.
> HttpURLConnections should get hold of the CookieManager from the CookieHandler and then use it.
> 
> There are some disadvantages to this approach. For example, all sessions share the same set of cookies and the CookieManager is shared across all connections in the JVM.
> A smarter, session based cookie handling is on the list for 0.5.0 (and I have a good chunk of the code already done).
> 
> The best place for debugging is probably org.apache.chemistry.opencmis.client.bindings.spi.atompub.HttpUtils in the chemistry-opencmis-client-bindings package.
> The invoke() method handles the HTTP connections for the AtomPub binding.
> 
> 
> - Florian
> 
> 
> On 08/07/2011 14:51, Florentine, George wrote:
>> Florian, the HTTP Set-Cookie message coming back from SP looks like this:
>> 
>> Set-Cookie: WSS_KeepSessionAuthenticated={e5a6caaf-581c-4c26-aa12-0489087b7ec1}; path=/
>> 
>> Looks ok to me... Can you point me at the place in OpenCMIS where cookies are set? I can look at that code in the debugger and see what's going on.  Maybe I've got some setup in my environment that is preventing the CookieManager class and the OpenCMIS code from playing nice with each other...
>> 
>> thx,
>> 
>> g
>> ---
>> 
>> 
>> George Florentine
>> 
>> VP, Engineering
>> 
>> +1 (303) 542-2173  |  Office
>> +1 (303) 669-8628  |  Cell
>> +1 (303) 544-0522  |  Fax
>> 
>> george.florentine@flatironssolutions.com
>> 
>> http://www.flatironssolutions.com
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> -----Original Message-----
>> From: Florian Müller [mailto:florian.mueller@alfresco.com]
>> Sent: Friday, July 08, 2011 2:47 AM
>> To: Florentine, George
>> Cc: dev@chemistry.apache.org
>> Subject: Re: cookie support in 0.4.0
>> 
>> Hi George,
>> 
>> I haven't tested SharePoint but it works fine with other repositories.
>> The path might be the cause the problem. What is the value of the path
>> attribute?
>> 
>> - Florian
>> 
>> 
>> 
>> On 06/07/2011 18:55, Florentine, George wrote:
>>> I'm building an application that uses the OpenCMIS client to talk to
>>> SharePoint 2010. I'd like to turn on cookie support so I inserted code
>>> to create a CookieManager as described in
>>> http://chemistry.apache.org/java/how-to/how-to-connect.html. When I use
>>> Wireshark to look at traffic between my app and SharePoint I see SP
>>> setting what looks like a reasonable cookie (it does have a path
>>> attribute set) but in subsequent calls, the OpenCMIS code does not send
>>> the cookie back.
>>> 
>>> I see a post (https://issues.apache.org/jira/browse/CMIS-366) that
>>> indicates that this works in 0.4.0 but it doesn't seem to be working for
>>> me.
>>> 
>>> Any insights?
>>> 
>>> thx,
>>> 
>>> g
>>> 
>>> ---
>>> 
>>> email_Graphic_noTag
>>> 
>>>    
>>> 
>>> *George Florentine***
>>> 
>>>    
>>> 
>>> /VP, Engineering///
>>> 
>>>    
>>> 
>>> *+1 (303) 542-2173 | Office***
>>> 
>>> *+1 (303) 669-8628 | Cell ***
>>> 
>>> *+1 (303) 544-0522 | Fax***
>>> 
>>>    
>>> 
>>> george.florentine@flatironssolutions.com
>>> <ma...@flatironssolutions.com>
>>> 
>>>    
>>> 
>>> http://www.flatironssolutions.com<http://www.flatironssolutions.com/>
>>> 
>>>    
>>> 
>>>            
>>> 
>> 
>

RE: cookie support in 0.4.0

Posted by "Florentine, George" <Ge...@flatironssolutions.com>.
Yeah, I saw posts around the problems with NTLM. The environment I'm using doesn't support Basic authentication so for now I'm stuck with NTLM. I'll see if I can get Basic authentication to work... For now we're not doing any content upload so I hope that NTLM will be ok. We've done a fair amount of testing and we've seen some issues with NTLM - the OpenCMIS code isn't always sending authentication creds and since it's not honoring the cookie requests sent by SP I suspect we may have some issues down the road.

thx,

g
---


George Florentine
 
VP, Engineering
 
+1 (303) 542-2173  |  Office
+1 (303) 669-8628  |  Cell 
+1 (303) 544-0522  |  Fax
 
george.florentine@flatironssolutions.com
 
http://www.flatironssolutions.com
 









-----Original Message-----
From: Florian Müller [mailto:florian.mueller@alfresco.com] 
Sent: Friday, July 08, 2011 9:52 AM
To: Florentine, George
Cc: dev@chemistry.apache.org
Subject: Re: cookie support in 0.4.0

George,

First of all, run away from NTLM if you can! Sooner or later you will encounter intermittent problems with content upload (createDocument and setContentStream). NTLM and content streaming are not quite compatible.

Your modification could be the reason for your cookie issue. You are setting up the WebLogic CookieManager and then forcing the usage of a Sun HttpURLConnection. I have no idea if those two work together. I would expect some class loading issues.


- Florian


On 08/07/2011 16:02, Florentine, George wrote:
> Florian, thx for the quick reply! Yeah, I saw an e-mail thread where you chatted about per-session cookie management coming in 0.5.0. For my particular app, the existing cookie management would be sufficient. I'm familiar with the HttpUtils class and it's interesting that you mentioned that because it gives me another clue to look at. I was going to post this in a separate thread but I'll mention it here since it relates to this discussion.
> 
> We're deploying our mid-tier code under WebLogic 10.3 and in that environment, the default OpenCMIS code in HttpUtils has problems when we try to use NTLM authentication. The code works ok under Tomcat but under WL some class provided by WL overrides the NTLM authentication class and it doesn't get loaded (the standard authenticator class ends up getting loaded even though we specify to use the NTLM authenticator in the parameters we set when we create the CMIS session). To get around that we made a modification to the OpenCMIS code in HttpUtils to use a Sun provided HttpHandler. I wonder if this change may be breaking cookie support in some way?
> 
> Specifically, in the HttpUtils class, the 0.4.0 code base has this line of code (line 89):
> 
>       HttpURLConnection conn = (HttpURLConnection) (new URL(url.toString())).openConnection();
> 
> I changed this to use a specific Http handler:
> 
>              HttpURLConnection conn = (HttpURLConnection) (new URL(null,url.toString(),new sun.net.www.protocol.http.Handler())).openConnection();
> 
> Perhaps the sun http handler is causing the behavior I'm seeing?
> 
> Thought?
> 
> thx,
> 
> g
> ---
> 
> 
> George Florentine
>   
> VP, Engineering
>   
> +1 (303) 542-2173  |  Office
> +1 (303) 669-8628  |  Cell
> +1 (303) 544-0522  |  Fax
>   
> george.florentine@flatironssolutions.com
>   
> http://www.flatironssolutions.com
>   
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Florian Müller [mailto:florian.mueller@alfresco.com]
> Sent: Friday, July 08, 2011 8:29 AM
> To: Florentine, George
> Cc: dev@chemistry.apache.org
> Subject: Re: cookie support in 0.4.0
> 
> George,
> 
> OpenCMIS relies on the cookie handling that is provided by Java. There is no specific OpenCMIS code that deals with cookies.
> HttpURLConnections should get hold of the CookieManager from the CookieHandler and then use it.
> 
> There are some disadvantages to this approach. For example, all sessions share the same set of cookies and the CookieManager is shared across all connections in the JVM.
> A smarter, session based cookie handling is on the list for 0.5.0 (and I have a good chunk of the code already done).
> 
> The best place for debugging is probably org.apache.chemistry.opencmis.client.bindings.spi.atompub.HttpUtils in the chemistry-opencmis-client-bindings package.
> The invoke() method handles the HTTP connections for the AtomPub binding.
> 
> 
> - Florian
> 
> 
> On 08/07/2011 14:51, Florentine, George wrote:
>> Florian, the HTTP Set-Cookie message coming back from SP looks like this:
>>
>> Set-Cookie: WSS_KeepSessionAuthenticated={e5a6caaf-581c-4c26-aa12-0489087b7ec1}; path=/
>>
>> Looks ok to me... Can you point me at the place in OpenCMIS where cookies are set? I can look at that code in the debugger and see what's going on.  Maybe I've got some setup in my environment that is preventing the CookieManager class and the OpenCMIS code from playing nice with each other...
>>
>> thx,
>>
>> g
>> ---
>>
>>
>> George Florentine
>>
>> VP, Engineering
>>
>> +1 (303) 542-2173  |  Office
>> +1 (303) 669-8628  |  Cell
>> +1 (303) 544-0522  |  Fax
>>
>> george.florentine@flatironssolutions.com
>>
>> http://www.flatironssolutions.com
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> -----Original Message-----
>> From: Florian Müller [mailto:florian.mueller@alfresco.com]
>> Sent: Friday, July 08, 2011 2:47 AM
>> To: Florentine, George
>> Cc: dev@chemistry.apache.org
>> Subject: Re: cookie support in 0.4.0
>>
>> Hi George,
>>
>> I haven't tested SharePoint but it works fine with other repositories.
>> The path might be the cause the problem. What is the value of the path
>> attribute?
>>
>> - Florian
>>
>>
>>
>> On 06/07/2011 18:55, Florentine, George wrote:
>>> I'm building an application that uses the OpenCMIS client to talk to
>>> SharePoint 2010. I'd like to turn on cookie support so I inserted code
>>> to create a CookieManager as described in
>>> http://chemistry.apache.org/java/how-to/how-to-connect.html. When I use
>>> Wireshark to look at traffic between my app and SharePoint I see SP
>>> setting what looks like a reasonable cookie (it does have a path
>>> attribute set) but in subsequent calls, the OpenCMIS code does not send
>>> the cookie back.
>>>
>>> I see a post (https://issues.apache.org/jira/browse/CMIS-366) that
>>> indicates that this works in 0.4.0 but it doesn't seem to be working for
>>> me.
>>>
>>> Any insights?
>>>
>>> thx,
>>>
>>> g
>>>
>>> ---
>>>
>>> email_Graphic_noTag
>>>
>>> 	
>>>
>>> *George Florentine***
>>>
>>> 	
>>>
>>> /VP, Engineering///
>>>
>>> 	
>>>
>>> *+1 (303) 542-2173 | Office***
>>>
>>> *+1 (303) 669-8628 | Cell ***
>>>
>>> *+1 (303) 544-0522 | Fax***
>>>
>>> 	
>>>
>>> george.florentine@flatironssolutions.com
>>> <ma...@flatironssolutions.com>
>>>
>>> 	
>>>
>>> http://www.flatironssolutions.com<http://www.flatironssolutions.com/>
>>>
>>> 	
>>>
>>> 			
>>>
>>
>

Re: cookie support in 0.4.0

Posted by Florian Müller <fl...@alfresco.com>.
George,

First of all, run away from NTLM if you can! Sooner or later you will encounter intermittent problems with content upload (createDocument and setContentStream). NTLM and content streaming are not quite compatible.

Your modification could be the reason for your cookie issue. You are setting up the WebLogic CookieManager and then forcing the usage of a Sun HttpURLConnection. I have no idea if those two work together. I would expect some class loading issues.


- Florian


On 08/07/2011 16:02, Florentine, George wrote:
> Florian, thx for the quick reply! Yeah, I saw an e-mail thread where you chatted about per-session cookie management coming in 0.5.0. For my particular app, the existing cookie management would be sufficient. I'm familiar with the HttpUtils class and it's interesting that you mentioned that because it gives me another clue to look at. I was going to post this in a separate thread but I'll mention it here since it relates to this discussion.
> 
> We're deploying our mid-tier code under WebLogic 10.3 and in that environment, the default OpenCMIS code in HttpUtils has problems when we try to use NTLM authentication. The code works ok under Tomcat but under WL some class provided by WL overrides the NTLM authentication class and it doesn't get loaded (the standard authenticator class ends up getting loaded even though we specify to use the NTLM authenticator in the parameters we set when we create the CMIS session). To get around that we made a modification to the OpenCMIS code in HttpUtils to use a Sun provided HttpHandler. I wonder if this change may be breaking cookie support in some way?
> 
> Specifically, in the HttpUtils class, the 0.4.0 code base has this line of code (line 89):
> 
>       HttpURLConnection conn = (HttpURLConnection) (new URL(url.toString())).openConnection();
> 
> I changed this to use a specific Http handler:
> 
>              HttpURLConnection conn = (HttpURLConnection) (new URL(null,url.toString(),new sun.net.www.protocol.http.Handler())).openConnection();
> 
> Perhaps the sun http handler is causing the behavior I'm seeing?
> 
> Thought?
> 
> thx,
> 
> g
> ---
> 
> 
> George Florentine
>   
> VP, Engineering
>   
> +1 (303) 542-2173  |  Office
> +1 (303) 669-8628  |  Cell
> +1 (303) 544-0522  |  Fax
>   
> george.florentine@flatironssolutions.com
>   
> http://www.flatironssolutions.com
>   
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Florian Müller [mailto:florian.mueller@alfresco.com]
> Sent: Friday, July 08, 2011 8:29 AM
> To: Florentine, George
> Cc: dev@chemistry.apache.org
> Subject: Re: cookie support in 0.4.0
> 
> George,
> 
> OpenCMIS relies on the cookie handling that is provided by Java. There is no specific OpenCMIS code that deals with cookies.
> HttpURLConnections should get hold of the CookieManager from the CookieHandler and then use it.
> 
> There are some disadvantages to this approach. For example, all sessions share the same set of cookies and the CookieManager is shared across all connections in the JVM.
> A smarter, session based cookie handling is on the list for 0.5.0 (and I have a good chunk of the code already done).
> 
> The best place for debugging is probably org.apache.chemistry.opencmis.client.bindings.spi.atompub.HttpUtils in the chemistry-opencmis-client-bindings package.
> The invoke() method handles the HTTP connections for the AtomPub binding.
> 
> 
> - Florian
> 
> 
> On 08/07/2011 14:51, Florentine, George wrote:
>> Florian, the HTTP Set-Cookie message coming back from SP looks like this:
>>
>> Set-Cookie: WSS_KeepSessionAuthenticated={e5a6caaf-581c-4c26-aa12-0489087b7ec1}; path=/
>>
>> Looks ok to me... Can you point me at the place in OpenCMIS where cookies are set? I can look at that code in the debugger and see what's going on.  Maybe I've got some setup in my environment that is preventing the CookieManager class and the OpenCMIS code from playing nice with each other...
>>
>> thx,
>>
>> g
>> ---
>>
>>
>> George Florentine
>>
>> VP, Engineering
>>
>> +1 (303) 542-2173  |  Office
>> +1 (303) 669-8628  |  Cell
>> +1 (303) 544-0522  |  Fax
>>
>> george.florentine@flatironssolutions.com
>>
>> http://www.flatironssolutions.com
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> -----Original Message-----
>> From: Florian Müller [mailto:florian.mueller@alfresco.com]
>> Sent: Friday, July 08, 2011 2:47 AM
>> To: Florentine, George
>> Cc: dev@chemistry.apache.org
>> Subject: Re: cookie support in 0.4.0
>>
>> Hi George,
>>
>> I haven't tested SharePoint but it works fine with other repositories.
>> The path might be the cause the problem. What is the value of the path
>> attribute?
>>
>> - Florian
>>
>>
>>
>> On 06/07/2011 18:55, Florentine, George wrote:
>>> I'm building an application that uses the OpenCMIS client to talk to
>>> SharePoint 2010. I'd like to turn on cookie support so I inserted code
>>> to create a CookieManager as described in
>>> http://chemistry.apache.org/java/how-to/how-to-connect.html. When I use
>>> Wireshark to look at traffic between my app and SharePoint I see SP
>>> setting what looks like a reasonable cookie (it does have a path
>>> attribute set) but in subsequent calls, the OpenCMIS code does not send
>>> the cookie back.
>>>
>>> I see a post (https://issues.apache.org/jira/browse/CMIS-366) that
>>> indicates that this works in 0.4.0 but it doesn't seem to be working for
>>> me.
>>>
>>> Any insights?
>>>
>>> thx,
>>>
>>> g
>>>
>>> ---
>>>
>>> email_Graphic_noTag
>>>
>>> 	
>>>
>>> *George Florentine***
>>>
>>> 	
>>>
>>> /VP, Engineering///
>>>
>>> 	
>>>
>>> *+1 (303) 542-2173 | Office***
>>>
>>> *+1 (303) 669-8628 | Cell ***
>>>
>>> *+1 (303) 544-0522 | Fax***
>>>
>>> 	
>>>
>>> george.florentine@flatironssolutions.com
>>> <ma...@flatironssolutions.com>
>>>
>>> 	
>>>
>>> http://www.flatironssolutions.com<http://www.flatironssolutions.com/>
>>>
>>> 	
>>>
>>> 			
>>>
>>
>

RE: cookie support in 0.4.0

Posted by "Florentine, George" <Ge...@flatironssolutions.com>.
Florian, thx for the quick reply! Yeah, I saw an e-mail thread where you chatted about per-session cookie management coming in 0.5.0. For my particular app, the existing cookie management would be sufficient. I'm familiar with the HttpUtils class and it's interesting that you mentioned that because it gives me another clue to look at. I was going to post this in a separate thread but I'll mention it here since it relates to this discussion.

We're deploying our mid-tier code under WebLogic 10.3 and in that environment, the default OpenCMIS code in HttpUtils has problems when we try to use NTLM authentication. The code works ok under Tomcat but under WL some class provided by WL overrides the NTLM authentication class and it doesn't get loaded (the standard authenticator class ends up getting loaded even though we specify to use the NTLM authenticator in the parameters we set when we create the CMIS session). To get around that we made a modification to the OpenCMIS code in HttpUtils to use a Sun provided HttpHandler. I wonder if this change may be breaking cookie support in some way?

Specifically, in the HttpUtils class, the 0.4.0 code base has this line of code (line 89):

     HttpURLConnection conn = (HttpURLConnection) (new URL(url.toString())).openConnection();

I changed this to use a specific Http handler:

            HttpURLConnection conn = (HttpURLConnection) (new URL(null,url.toString(),new sun.net.www.protocol.http.Handler())).openConnection();

Perhaps the sun http handler is causing the behavior I'm seeing?

Thought?

thx,

g
---


George Florentine
 
VP, Engineering
 
+1 (303) 542-2173  |  Office
+1 (303) 669-8628  |  Cell 
+1 (303) 544-0522  |  Fax
 
george.florentine@flatironssolutions.com
 
http://www.flatironssolutions.com
 









-----Original Message-----
From: Florian Müller [mailto:florian.mueller@alfresco.com] 
Sent: Friday, July 08, 2011 8:29 AM
To: Florentine, George
Cc: dev@chemistry.apache.org
Subject: Re: cookie support in 0.4.0

George,

OpenCMIS relies on the cookie handling that is provided by Java. There is no specific OpenCMIS code that deals with cookies.
HttpURLConnections should get hold of the CookieManager from the CookieHandler and then use it.

There are some disadvantages to this approach. For example, all sessions share the same set of cookies and the CookieManager is shared across all connections in the JVM.
A smarter, session based cookie handling is on the list for 0.5.0 (and I have a good chunk of the code already done).

The best place for debugging is probably org.apache.chemistry.opencmis.client.bindings.spi.atompub.HttpUtils in the chemistry-opencmis-client-bindings package.
The invoke() method handles the HTTP connections for the AtomPub binding.


- Florian


On 08/07/2011 14:51, Florentine, George wrote:
> Florian, the HTTP Set-Cookie message coming back from SP looks like this:
> 
> Set-Cookie: WSS_KeepSessionAuthenticated={e5a6caaf-581c-4c26-aa12-0489087b7ec1}; path=/
> 
> Looks ok to me... Can you point me at the place in OpenCMIS where cookies are set? I can look at that code in the debugger and see what's going on.  Maybe I've got some setup in my environment that is preventing the CookieManager class and the OpenCMIS code from playing nice with each other...
> 
> thx,
> 
> g
> ---
> 
> 
> George Florentine
>   
> VP, Engineering
>   
> +1 (303) 542-2173  |  Office
> +1 (303) 669-8628  |  Cell
> +1 (303) 544-0522  |  Fax
>   
> george.florentine@flatironssolutions.com
>   
> http://www.flatironssolutions.com
>   
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Florian Müller [mailto:florian.mueller@alfresco.com]
> Sent: Friday, July 08, 2011 2:47 AM
> To: Florentine, George
> Cc: dev@chemistry.apache.org
> Subject: Re: cookie support in 0.4.0
> 
> Hi George,
> 
> I haven't tested SharePoint but it works fine with other repositories.
> The path might be the cause the problem. What is the value of the path
> attribute?
> 
> - Florian
> 
> 
> 
> On 06/07/2011 18:55, Florentine, George wrote:
>> I'm building an application that uses the OpenCMIS client to talk to
>> SharePoint 2010. I'd like to turn on cookie support so I inserted code
>> to create a CookieManager as described in
>> http://chemistry.apache.org/java/how-to/how-to-connect.html. When I use
>> Wireshark to look at traffic between my app and SharePoint I see SP
>> setting what looks like a reasonable cookie (it does have a path
>> attribute set) but in subsequent calls, the OpenCMIS code does not send
>> the cookie back.
>>
>> I see a post (https://issues.apache.org/jira/browse/CMIS-366) that
>> indicates that this works in 0.4.0 but it doesn't seem to be working for
>> me.
>>
>> Any insights?
>>
>> thx,
>>
>> g
>>
>> ---
>>
>> email_Graphic_noTag
>>
>> 	
>>
>> *George Florentine***
>>
>> 	
>>
>> /VP, Engineering///
>>
>> 	
>>
>> *+1 (303) 542-2173 | Office***
>>
>> *+1 (303) 669-8628 | Cell ***
>>
>> *+1 (303) 544-0522 | Fax***
>>
>> 	
>>
>> george.florentine@flatironssolutions.com
>> <ma...@flatironssolutions.com>
>>
>> 	
>>
>> http://www.flatironssolutions.com<http://www.flatironssolutions.com/>
>>
>> 	
>>
>> 			
>>
>

Re: cookie support in 0.4.0

Posted by Florian Müller <fl...@alfresco.com>.
George,

OpenCMIS relies on the cookie handling that is provided by Java. There is no specific OpenCMIS code that deals with cookies.
HttpURLConnections should get hold of the CookieManager from the CookieHandler and then use it.

There are some disadvantages to this approach. For example, all sessions share the same set of cookies and the CookieManager is shared across all connections in the JVM.
A smarter, session based cookie handling is on the list for 0.5.0 (and I have a good chunk of the code already done).

The best place for debugging is probably org.apache.chemistry.opencmis.client.bindings.spi.atompub.HttpUtils in the chemistry-opencmis-client-bindings package.
The invoke() method handles the HTTP connections for the AtomPub binding.


- Florian


On 08/07/2011 14:51, Florentine, George wrote:
> Florian, the HTTP Set-Cookie message coming back from SP looks like this:
> 
> Set-Cookie: WSS_KeepSessionAuthenticated={e5a6caaf-581c-4c26-aa12-0489087b7ec1}; path=/
> 
> Looks ok to me... Can you point me at the place in OpenCMIS where cookies are set? I can look at that code in the debugger and see what's going on.  Maybe I've got some setup in my environment that is preventing the CookieManager class and the OpenCMIS code from playing nice with each other...
> 
> thx,
> 
> g
> ---
> 
> 
> George Florentine
>   
> VP, Engineering
>   
> +1 (303) 542-2173  |  Office
> +1 (303) 669-8628  |  Cell
> +1 (303) 544-0522  |  Fax
>   
> george.florentine@flatironssolutions.com
>   
> http://www.flatironssolutions.com
>   
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Florian Müller [mailto:florian.mueller@alfresco.com]
> Sent: Friday, July 08, 2011 2:47 AM
> To: Florentine, George
> Cc: dev@chemistry.apache.org
> Subject: Re: cookie support in 0.4.0
> 
> Hi George,
> 
> I haven't tested SharePoint but it works fine with other repositories.
> The path might be the cause the problem. What is the value of the path
> attribute?
> 
> - Florian
> 
> 
> 
> On 06/07/2011 18:55, Florentine, George wrote:
>> I'm building an application that uses the OpenCMIS client to talk to
>> SharePoint 2010. I'd like to turn on cookie support so I inserted code
>> to create a CookieManager as described in
>> http://chemistry.apache.org/java/how-to/how-to-connect.html. When I use
>> Wireshark to look at traffic between my app and SharePoint I see SP
>> setting what looks like a reasonable cookie (it does have a path
>> attribute set) but in subsequent calls, the OpenCMIS code does not send
>> the cookie back.
>>
>> I see a post (https://issues.apache.org/jira/browse/CMIS-366) that
>> indicates that this works in 0.4.0 but it doesn't seem to be working for
>> me.
>>
>> Any insights?
>>
>> thx,
>>
>> g
>>
>> ---
>>
>> email_Graphic_noTag
>>
>> 	
>>
>> *George Florentine***
>>
>> 	
>>
>> /VP, Engineering///
>>
>> 	
>>
>> *+1 (303) 542-2173 | Office***
>>
>> *+1 (303) 669-8628 | Cell ***
>>
>> *+1 (303) 544-0522 | Fax***
>>
>> 	
>>
>> george.florentine@flatironssolutions.com
>> <ma...@flatironssolutions.com>
>>
>> 	
>>
>> http://www.flatironssolutions.com<http://www.flatironssolutions.com/>
>>
>> 	
>>
>> 			
>>
>

RE: cookie support in 0.4.0

Posted by "Florentine, George" <Ge...@flatironssolutions.com>.
Florian, the HTTP Set-Cookie message coming back from SP looks like this:

Set-Cookie: WSS_KeepSessionAuthenticated={e5a6caaf-581c-4c26-aa12-0489087b7ec1}; path=/

Looks ok to me... Can you point me at the place in OpenCMIS where cookies are set? I can look at that code in the debugger and see what's going on.  Maybe I've got some setup in my environment that is preventing the CookieManager class and the OpenCMIS code from playing nice with each other...

thx,

g
---


George Florentine
 
VP, Engineering
 
+1 (303) 542-2173  |  Office
+1 (303) 669-8628  |  Cell 
+1 (303) 544-0522  |  Fax
 
george.florentine@flatironssolutions.com
 
http://www.flatironssolutions.com
 









-----Original Message-----
From: Florian Müller [mailto:florian.mueller@alfresco.com] 
Sent: Friday, July 08, 2011 2:47 AM
To: Florentine, George
Cc: dev@chemistry.apache.org
Subject: Re: cookie support in 0.4.0

Hi George,

I haven't tested SharePoint but it works fine with other repositories.
The path might be the cause the problem. What is the value of the path 
attribute?

- Florian



On 06/07/2011 18:55, Florentine, George wrote:
> I'm building an application that uses the OpenCMIS client to talk to
> SharePoint 2010. I'd like to turn on cookie support so I inserted code
> to create a CookieManager as described in
> http://chemistry.apache.org/java/how-to/how-to-connect.html. When I use
> Wireshark to look at traffic between my app and SharePoint I see SP
> setting what looks like a reasonable cookie (it does have a path
> attribute set) but in subsequent calls, the OpenCMIS code does not send
> the cookie back.
>
> I see a post (https://issues.apache.org/jira/browse/CMIS-366) that
> indicates that this works in 0.4.0 but it doesn't seem to be working for
> me.
>
> Any insights?
>
> thx,
>
> g
>
> ---
>
> email_Graphic_noTag
>
> 	
>
> *George Florentine***
>
> 	
>
> /VP, Engineering///
>
> 	
>
> *+1 (303) 542-2173 | Office***
>
> *+1 (303) 669-8628 | Cell ***
>
> *+1 (303) 544-0522 | Fax***
>
> 	
>
> george.florentine@flatironssolutions.com
> <ma...@flatironssolutions.com>
>
> 	
>
> http://www.flatironssolutions.com <http://www.flatironssolutions.com/>
>
> 	
>
> 			
>

Re: cookie support in 0.4.0

Posted by Florian Müller <fl...@alfresco.com>.
Hi George,

I haven't tested SharePoint but it works fine with other repositories.
The path might be the cause the problem. What is the value of the path 
attribute?

- Florian



On 06/07/2011 18:55, Florentine, George wrote:
> I’m building an application that uses the OpenCMIS client to talk to
> SharePoint 2010. I’d like to turn on cookie support so I inserted code
> to create a CookieManager as described in
> http://chemistry.apache.org/java/how-to/how-to-connect.html. When I use
> Wireshark to look at traffic between my app and SharePoint I see SP
> setting what looks like a reasonable cookie (it does have a path
> attribute set) but in subsequent calls, the OpenCMIS code does not send
> the cookie back.
>
> I see a post (https://issues.apache.org/jira/browse/CMIS-366) that
> indicates that this works in 0.4.0 but it doesn’t seem to be working for
> me.
>
> Any insights?
>
> thx,
>
> g
>
> ---
>
> email_Graphic_noTag
>
> 	
>
> *George Florentine***
>
> 	
>
> /VP, Engineering///
>
> 	
>
> *+1 (303) 542-2173 | Office***
>
> *+1 (303) 669-8628 | Cell ***
>
> *+1 (303) 544-0522 | Fax***
>
> 	
>
> george.florentine@flatironssolutions.com
> <ma...@flatironssolutions.com>
>
> 	
>
> http://www.flatironssolutions.com <http://www.flatironssolutions.com/>
>
> 	
>
> 			
>