[jira] [Commented] (HTTPCLIENT-1451) HttpClient does not store response cookies on a 401

Mon, 07 May 2018 07:55:15 -0700 

    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16465985#comment-16465985
 ] 

Johannes Stamminger commented on HTTPCLIENT-1451:
-------------------------------------------------

AFAIS the workaround does not work with using a proxy: in that case the hook 
used on identifying the challenge method is given a CONNECT request. For such 
the cookie is not set using that code. For the following GET request(s) this 
method is not called again.

It works for with using a custom {{HttpRequestExecutor}} (set additinally in 
the {{HttpClientBuilder}}) with that one running the
{code:java}
request.removeHeaders("Cookie");
fRequestAddCookies.process(request, context);
{code}
always prior executing any request (no longer needed in the custom 
{{TargetAuthenticationStrategy}} then, IMHO).

> HttpClient does not store response cookies on a 401
> ---------------------------------------------------
>
>                 Key: HTTPCLIENT-1451
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1451
>             Project: HttpComponents HttpClient
>          Issue Type: Improvement
>          Components: HttpClient (classic)
>    Affects Versions: 4.3.2
>            Reporter: Richard Sand
>            Priority: Minor
>             Fix For: 5.0 Alpha2
>
>
> Using HttpClient 4.3.2 to call a Web Service which is secured with BASIC 
> authentication. The server responds to the initial request with a 401 
> response but also includes a cookie.
> The HttpClient does not place response cookies into the cookie store until 
> after it has completed the subsequent request with the Authorize header, but 
> the server rejects the authentication if the cookie is missing. 
> To work around this I had to disable the authentication capability in the 
> HttpClientContext and manually check for the 401 response code, and then send 
> a followup request with a manually set Authorize header.
> So in the use case where the HttpClient is automatically sending a followup 
> request with credentials in response to a 401, the client should place the 
> cookies from the original response into the cookie store immediately, rather 
> than waiting for after the response to the credentials (the 2nd response).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to