[jira] [Created] (HTTPCLIENT-1909) Cookies received during authentication challenge not processed

Thu, 08 Mar 2018 08:50:19 -0800 

Johannes Stamminger created HTTPCLIENT-1909:
-----------------------------------------------

             Summary: Cookies received during authentication challenge not 
processed
                 Key: HTTPCLIENT-1909
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1909
             Project: HttpComponents HttpClient
          Issue Type: Bug
    Affects Versions: 4.5.5
            Reporter: Johannes Stamminger


We fail to authenticate against a gateway requiring authentication and which is 
tracking progress by way of setting and updating a session cookie even during 
the authentication challenge:
 * client GET to some url {{https://a.b.c/}}
 ** response:
 302, redirect to {{[https://a.b.c/xyz]}}
set cookie X=1
 * client GET to url {{[https://a.b.c/xyz
]}}cookie X=1 transmitted

 ** response:
401, authentication required
set cookie X=2
 * client GET to same url again
authentication transmitted
{color:#d04437}*cookie X=1*{color} transmitted again, should have been X=2

This is caused by actually processing the cookies only outside the 
{{MainClientExec}}, by the calling {{ProtocolExec}}. But with receiving the 
401, the loop in {{MainClientExec#execute(...)}} is not left but the request is 
sent again with having only added the authentication header. The cookies having 
received with the 401 response are dismissed.

 

Workaround (hack IMHO):
{code:java}
final TargetAuthenticationStrategy authStrategy = new 
TargetAuthenticationStrategy() {
    private final ResponseProcessCookies fResponseProcessCookies = new 
ResponseProcessCookies();
    private final RequestAddCookies fRequestAddCookies = new 
RequestAddCookies();

    @Override
    public Map<String, Header> getChallenges(HttpHost authhost,
                                             HttpResponse response,
                                             HttpContext context) throws 
MalformedChallengeException {
        try {
            fResponseProcessCookies.process(response, context);
            final HttpClientContext clientContext = 
HttpClientContext.adapt(context);
            final HttpRequest request = clientContext.getRequest();
            request.removeHeaders("Cookie");
            fRequestAddCookies.process(request, context);
        } catch (HttpException | IOException e) {
            throw new MalformedChallengeException(e.getMessage(), e);
        }
        return super.getChallenges(authhost, response, context);
    }
};

final CloseableHttpClient authClient = httpClientBuilder
    .setTargetAuthenticationStrategy(authStrategy)
    .build();
{code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to