You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "David Hagar (JIRA)" <ji...@apache.org> on 2010/11/07 00:10:25 UTC
[jira] Issue Comment Edited: (CXF-3112) Further problem with
cookies in Jax-RS (similar to closed issue 3035)
[ https://issues.apache.org/jira/browse/CXF-3112?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12929162#action_12929162 ]
David Hagar edited comment on CXF-3112 at 11/6/10 7:09 PM:
-----------------------------------------------------------
Ah...I was hasty posting this originally, the test is a bit more complicated than I thought:
Here is the header value that was actually causing the problem:
Set-Cookie=[JSESSIONID=0475F7F30A26E5B0C15DF5B3489AE569; Path=/userservice, SPRING_SECURITY_REMEMBER_ME_COOKIE=MktUaGkrVXZjQ09RRzdleFl1QUpEZz09OlcxemFySE5jQTlMcVAyeENva28vRmc9PQ; Expires=Sat, 20-Nov-2010 19:11:32 GMT; Path=/userservice]
The problematic code seems to be:
boolean splitPossible = !(HttpHeaders.SET_COOKIE.equalsIgnoreCase(entry.getKey())
&& entry.getValue().get(0).contains(HttpHeaders.EXPIRES));
for (String val : entry.getValue()) {
String[] values = splitPossible ? val.split(",") : new String[]{val};
for (String s : values) {
String theValue = s.trim();
if (theValue.length() > 0) {
currentResponseBuilder.header(entry.getKey(), theValue);
}
}
}
So, from the debugger i pulled out the following values:
entry.getValue().get(0) = JSESSIONID=0475F7F30A26E5B0C15DF5B3489AE569; Path=/userservice
entry.getValue().get(1) = "SPRING_SECURITY_REMEMBER_ME_COOKIE=MktUaGkrVXZjQ09RRzdleFl1QUpEZz09OlcxemFySE5jQTlMcVAyeENva28vRmc9PQ; Expires=Sat, 20-Nov-2010 19:11:32 GMT; Path=/userservice"
splitPossible = true;
Splitting the second cookie causes the response to have three cookie values,
1=SESSIONID=0475F7F30A26E5B0C15DF5B3489AE569; Path=/userservice.
2=SPRING_SECURITY_REMEMBER_ME_COOKIE=MktUaGkrVXZjQ09RRzdleFl1QUpEZz09OlcxemFySE5jQTlMcVAyeENva28vRmc9PQ; Expires=Sat
3=20-Nov-2010 19:11:32 GMT; Path=/userservice
This could probably be fixed by moving the boolean splitPossible... line into the for loop and having it set based on the value of each cookie, not by the value of the first cookie.
I'm still working on getting the CXF source up and running in Eclipse, but would be happy to test further once I have it set up properly.
was (Author: david.hagar):
Ah...I was hasty posting this originally, the test is a bit more complicated than I thought:
Here is the header value that was actually causing the problem:
Set-Cookie=[JSESSIONID=0475F7F30A26E5B0C15DF5B3489AE569; Path=/userservice, SPRING_SECURITY_REMEMBER_ME_COOKIE=MktUaGkrVXZjQ09RRzdleFl1QUpEZz09OlcxemFySE5jQTlMcVAyeENva28vRmc9PQ; Expires=Sat, 20-Nov-2010 19:11:32 GMT; Path=/userservice]
The problematic code seems to be:
boolean splitPossible = !(HttpHeaders.SET_COOKIE.equalsIgnoreCase(entry.getKey())
&& entry.getValue().get(0).contains(HttpHeaders.EXPIRES));
for (String val : entry.getValue()) {
String[] values = splitPossible ? val.split(",") : new String[]{val};
for (String s : values) {
String theValue = s.trim();
if (theValue.length() > 0) {
currentResponseBuilder.header(entry.getKey(), theValue);
}
}
}
So,
entry.getValue().get(0) = JSESSIONID=0475F7F30A26E5B0C15DF5B3489AE569; Path=/userservice
entry.getValue().get(1) = "SPRING_SECURITY_REMEMBER_ME_COOKIE=MktUaGkrVXZjQ09RRzdleFl1QUpEZz09OlcxemFySE5jQTlMcVAyeENva28vRmc9PQ; Expires=Sat, 20-Nov-2010 19:11:32 GMT; Path=/userservice"
splitPossible = true;
The problem is that splitting the second cookie causes the problem.
This could probably be fixed by moving the boolean splitPossible... line into the for loop and having it set based on the value of each cookie, not by the value of the first cookie.
I'm still working on getting the CXF source up and running in Eclipse, but would be happy to test further once I have it set up properly.
> Further problem with cookies in Jax-RS (similar to closed issue 3035)
> ---------------------------------------------------------------------
>
> Key: CXF-3112
> URL: https://issues.apache.org/jira/browse/CXF-3112
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
> Affects Versions: 2.3.0, 2.2.11
> Reporter: David Hagar
>
> Prior to version 2.2.11, multiple cookies were not handled properly by the method org.apache.cxf.jaxrs.client.AbstractClient#setResponseBuilder(HttpURLConnection, Exchange) -- this was resolved for some cookies, but it still breaks for others. Specifically, any cookie that contains an "Expires" field now gets split into two objects by the aforementioned method.
> For example, if the header is:
> Set-Cookie: com.wm.visitor=10789493347; Domain=.walmart.com; Expires=Thu, 01-Oct-2020 23:44:22 GMT; Path=/
> Then response.getMetadata().get("Set-Cookie"); will return an array of length 2, with values = {" com.wm.visitor=10789493347; Domain=.walmart.com; Expires=Thu", "01-Oct-2020 23:44:22 GMT; Path=/"
> I'm pretty sure this is a conflict of the code looking for date related headers conflicting with the code looking for cookie related headers.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.