RE: cookie support in 0.4.0

[Florentine, George]

Florian, thx for the quick reply! Yeah, I saw an e-mail thread where you 
chatted about per-session cookie management coming in 0.5.0. For my particular 
app, the existing cookie management would be sufficient. I'm familiar with the 
HttpUtils class and it's interesting that you mentioned that because it gives 
me another clue to look at. I was going to post this in a separate thread but 
I'll mention it here since it relates to this discussion.

We're deploying our mid-tier code under WebLogic 10.3 and in that environment, 
the default OpenCMIS code in HttpUtils has problems when we try to use NTLM 
authentication. The code works ok under Tomcat but under WL some class provided 
by WL overrides the NTLM authentication class and it doesn't get loaded (the 
standard authenticator class ends up getting loaded even though we specify to 
use the NTLM authenticator in the parameters we set when we create the CMIS 
session). To get around that we made a modification to the OpenCMIS code in 
HttpUtils to use a Sun provided HttpHandler. I wonder if this change may be 
breaking cookie support in some way?

Specifically, in the HttpUtils class, the 0.4.0 code base has this line of code 
(line 89):

     HttpURLConnection conn = (HttpURLConnection) (new 
URL(url.toString())).openConnection();

I changed this to use a specific Http handler:

            HttpURLConnection conn = (HttpURLConnection) (new 
URL(null,url.toString(),new 
sun.net.www.protocol.http.Handler())).openConnection();

Perhaps the sun http handler is causing the behavior I'm seeing?

Thought?

thx,

g
---


George Florentine
 
VP, Engineering
 
+1 (303) 542-2173  |  Office
+1 (303) 669-8628  |  Cell 
+1 (303) 544-0522  |  Fax
 
george.florent...@flatironssolutions.com
 
http://www.flatironssolutions.com
 









-----Original Message-----
From: Florian Müller [mailto:florian.muel...@alfresco.com] 
Sent: Friday, July 08, 2011 8:29 AM
To: Florentine, George
Cc: dev@chemistry.apache.org
Subject: Re: cookie support in 0.4.0

George,

OpenCMIS relies on the cookie handling that is provided by Java. There is no 
specific OpenCMIS code that deals with cookies.
HttpURLConnections should get hold of the CookieManager from the CookieHandler 
and then use it.

There are some disadvantages to this approach. For example, all sessions share 
the same set of cookies and the CookieManager is shared across all connections 
in the JVM.
A smarter, session based cookie handling is on the list for 0.5.0 (and I have a 
good chunk of the code already done).

The best place for debugging is probably 
org.apache.chemistry.opencmis.client.bindings.spi.atompub.HttpUtils in the 
chemistry-opencmis-client-bindings package.
The invoke() method handles the HTTP connections for the AtomPub binding.


- Florian


On 08/07/2011 14:51, Florentine, George wrote:
> Florian, the HTTP Set-Cookie message coming back from SP looks like this:
> 
> Set-Cookie: 
> WSS_KeepSessionAuthenticated={e5a6caaf-581c-4c26-aa12-0489087b7ec1}; path=/
> 
> Looks ok to me... Can you point me at the place in OpenCMIS where cookies are 
> set? I can look at that code in the debugger and see what's going on.  Maybe 
> I've got some setup in my environment that is preventing the CookieManager 
> class and the OpenCMIS code from playing nice with each other...
> 
> thx,
> 
> g
> ---
> 
> 
> George Florentine
>   
> VP, Engineering
>   
> +1 (303) 542-2173  |  Office
> +1 (303) 669-8628  |  Cell
> +1 (303) 544-0522  |  Fax
>   
> george.florent...@flatironssolutions.com
>   
> http://www.flatironssolutions.com
>   
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Florian Müller [mailto:florian.muel...@alfresco.com]
> Sent: Friday, July 08, 2011 2:47 AM
> To: Florentine, George
> Cc: dev@chemistry.apache.org
> Subject: Re: cookie support in 0.4.0
> 
> Hi George,
> 
> I haven't tested SharePoint but it works fine with other repositories.
> The path might be the cause the problem. What is the value of the path
> attribute?
> 
> - Florian
> 
> 
> 
> On 06/07/2011 18:55, Florentine, George wrote:
>> I'm building an application that uses the OpenCMIS client to talk to
>> SharePoint 2010. I'd like to turn on cookie support so I inserted code
>> to create a CookieManager as described in
>> http://chemistry.apache.org/java/how-to/how-to-connect.html. When I use
>> Wireshark to look at traffic between my app and SharePoint I see SP
>> setting what looks like a reasonable cookie (it does have a path
>> attribute set) but in subsequent calls, the OpenCMIS code does not send
>> the cookie back.
>>
>> I see a post (https://issues.apache.org/jira/browse/CMIS-366) that
>> indicates that this works in 0.4.0 but it doesn't seem to be working for
>> me.
>>
>> Any insights?
>>
>> thx,
>>
>> g
>>
>> ---
>>
>> email_Graphic_noTag
>>
>>      
>>
>> *George Florentine***
>>
>>      
>>
>> /VP, Engineering///
>>
>>      
>>
>> *+1 (303) 542-2173 | Office***
>>
>> *+1 (303) 669-8628 | Cell ***
>>
>> *+1 (303) 544-0522 | Fax***
>>
>>      
>>
>> george.florent...@flatironssolutions.com
>> <mailto:george.florent...@flatironssolutions.com>
>>
>>      
>>
>> http://www.flatironssolutions.com<http://www.flatironssolutions.com/>
>>
>>      
>>
>>                      
>>
>