[
https://issues.apache.org/jira/browse/HTTPCLIENT-1637?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oleg Kalnichevski resolved HTTPCLIENT-1637.
-------------------------------------------
Resolution: Duplicate
> HttpClient does not handle cookies during authentication
> --------------------------------------------------------
>
> Key: HTTPCLIENT-1637
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1637
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.3.6
> Reporter: Carsten Kaiser
>
> When upgrading from HTTPClient version 4.2.x to 4.3.6 we recognized that
> cookies are no longer handled during e.g. DIGEST authentication. This causes
> the authentication to fail in our cluster environment where a cookie is
> returned by the load balancer in front used to ensure that all request which
> are part of the DIGEST handshake will be routed to the same cluster instance
> (which is crucial for the handshake to succeed!).
> From top of my head I remember to have seen a comment somewhere which stated
> that cookies are assumed to be issued by a server after authentication
> succeeded.
> From our point of view this assumption is not valid as mentioned before.
> As a workaround we registered a custom target authentication strategy
> implementation as follows:
> {code}
> @Override
> public boolean isAuthenticationRequested(HttpHost authhost,
> HttpResponse response, HttpContext context) {
> final boolean isAuthenticationRequired =
> super.isAuthenticationRequested(authhost, response, context);
> if (isAuthenticationRequired) {
> // In case authentication is required store any cookies
> already set by the server in order to cope with
> // situations where the load balancer adds a cookie for the
> DIGEST authentication since the new HTTP
> // Client
> // library does not foresee this situation by default
> try {
> new ResponseProcessCookies().process(response, context);
> final HttpRequest request = (HttpRequest)
> context.getAttribute(HttpCoreContext.HTTP_REQUEST);
> if (request != null) {
> new RequestAddCookies().process(request, context);
> }
> } catch (final Exception e) {
> LOG.error("Custom handling of load balancer session
> cookies during authentication failed: "
> + e.getMessage(), e);
> }
> }
> return isAuthenticationRequired;
> }
> {code}
> which is more a kind of hack...
> Please check whether it is possible to add support for cookies during
> authentication again so that we do not have to apply the workaround again for
> each new version.
> Thank you!
> Kind regards,
> CAK
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
