This is actually a problem that arised after I went about solving my applet
+ commons-httpclient -> https + client cert problem taking advice from Oleg
and others here. Well, I customized Oleg's AuthSSLProtocolSocketFactory and
succeeded in making a connection to the servlet in my applet. But it
appearedthat httpclient was sending a cookie of unknown origin to the
servlet and that caused the servlet to not recognize the session which the
applet was supposed to be part of. So I changed to method to Get (was using
Post) and tried to advise the servlet of the correction session by adding
"JSESSIONID=..." to the URL. I thought setting the cookie policy would have
stopped httpclient from sending any cookies but I was wrong and so I added
the setRequestHeader() call too (right, was shooting in the dark) but that
didn't seem to improve it.
GetMethod rqst = new GetMethod( "ccs" + Constants.APP_HOME_URL_PFX +
"/GiveLotOrCPCInfoAlt.jsp?JSESSIONID=" + this.httpSessId +
"&qkt=" + qryKeyType +
"&qk=" + URLEncoder.encode( psLotNum ) +
"&ak=" + URLEncoder.encode( acsKey ) );
rqst.getParams().setCookiePolicy( CookiePolicy.IGNORE_COOKIES );
rqst.setRequestHeader( "Set-Cookie",
"JSESSIONID=" + this.httpSessId +
"; Path=/whatever; Secure" ); // HC
Now, my questions are:
1. My servlet side is arranged with apache in the forefront and tomcat at
the back, so maybe tomcat isn't seeing the jsessionid info and I should
tell Apache rather than tomcat what the session I want? If this isn't
clear, let me say this: in my case apache is our webserver which is
listening for both http and https requests and tomcat only runs the jsp
programs - although tomcat can serve as a webserver, we are NOT using that
functionality of its.
Now, how does one tell apache the session id on the URL (not cookie)?
2. What's the "Set-Cookie" header? How is it different from the "Cookie"
header?
3. Httpclient is sending a cookie that contained the desired session id to
the server, where did it get the idea of the session id from? The webpage
where my applet is contained has a different session id, which I tried
totell the servlet with the "jsessionid=..." parameter to the URL.
And I wonder if any authors/contributors of httpclient can be bothered to
look into the possibility of smoothly deploying httpclient in an applet -
you know, where the user (ok, us programmers) don't have to worry about
session, certs and things like that. I can't see Oleg being interested
because he told me he'd avoid applets, too bad. :(
Below is the rather long winded log I copied off my java console (edited a
littleto protect my employer's interest), enjoy (er, sorry)...
2006/08/08 17:04:13:770 CST [DEBUG] HttpClient - Java version: 1.5.0_04
2006/08/08 17:04:13:770 CST [DEBUG] HttpClient - Java vendor: Sun
Microsystems Inc.
2006/08/08 17:04:13:930 CST [DEBUG] DefaultHttpParams - Set parameter
http.useragent = Jakarta Commons-HttpClient/3.0.1
2006/08/08 17:04:13:990 CST [DEBUG] DefaultHttpParams - Set parameter
http.protocol.version = HTTP/1.1
2006/08/08 17:04:14:100 CST [DEBUG] DefaultHttpParams - Set parameter
http.connection-manager.class = class
org.apache.commons.httpclient.SimpleHttpConnectionManager
2006/08/08 17:04:14:100 CST [DEBUG] DefaultHttpParams - Set parameter
http.protocol.cookie-policy = rfc2109
2006/08/08 17:04:14:100 CST [DEBUG] DefaultHttpParams - Set parameter
http.protocol.element-charset = US-ASCII
2006/08/08 17:04:14:100 CST [DEBUG] DefaultHttpParams - Set parameter
http.protocol.content-charset = ISO-8859-1
2006/08/08 17:04:14:150 CST [DEBUG] DefaultHttpParams - Set parameter
http.method.retry-handler =
[EMAIL PROTECTED]
2006/08/08 17:04:14:150 CST [DEBUG] DefaultHttpParams - Set parameter
http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz, EEEE, dd-MMM-yy
HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy HH:mm:ss z, EEE,
dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE dd-MMM-yyyy HH:mm:ss
z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy HH-mm-ss z, EEE dd-MMM-yy
HH:mm:ss z, EEE dd MMM yy HH:mm:ss z, EEE,dd-MMM-yy HH:mm:ss z,
EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy HH:mm:ss z]
2006/08/08 17:04:14:260 CST [DEBUG] DefaultHttpParams - Set parameter
http.socket.timeout = 60000
2006/08/08 17:04:14:260 CST [DEBUG] DefaultHttpParams - Set parameter
http.connection.timeout = 30000
2006/08/08 17:04:14:760 CST [TRACE] GetMethod - enter GetMethod(String)
2006/08/08 17:04:14:760 CST [DEBUG] DefaultHttpParams - Set parameter
http.protocol.cookie-policy = ignoreCookies
2006/08/08 17:04:14:760 CST [TRACE] HttpClient - enter
HttpClient.executeMethod(HttpMethod)
2006/08/08 17:04:14:760 CST [TRACE] HttpClient - enter
HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
2006/08/08 17:04:15:360 CST [TRACE] HttpMethodDirector - Attempt number 1
to process request
2006/08/08 17:04:15:360 CST [TRACE] HttpConnection - enter
HttpConnection.open()
2006/08/08 17:04:15:360 CST [DEBUG] HttpConnection - Open connection to
www.blahblah.com.hk:443
2006/08/08 17:04:15:360 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -
Initializing key store
2006/08/08 17:04:15:420 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -
Keystore init done
2006/08/08 17:04:15:420 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -
Certificate chain '1':
2006/08/08 17:04:15:420 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -
Certificate 1:
2006/08/08 17:04:15:420 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -
Subject DN: <details removed for security>
2006/08/08 17:04:15:420 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -
Signature Algorithm: MD5withRSA
2006/08/08 17:04:15:420 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -
Valid from: Tue Oct 21 13:08:33 CST 2003
2006/08/08 17:04:15:420 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -
Valid until: Wed Oct 19 13:08:33 CST 2011
2006/08/08 17:04:15:420 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -
Issuer: <details removed to protect the innocent>
2006/08/08 17:04:15:420 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -
Initializing key manager
2006/08/08 17:04:15:470 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -
Initializing key store
2006/08/08 17:04:15:470 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -
Keystore init done
2006/08/08 17:04:15:470 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -
Trusted certificate 'mykey':
2006/08/08 17:04:15:470 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -
Subject DN: <details removed for security>
2006/08/08 17:04:15:470 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -
Signature Algorithm: MD5withRSA
2006/08/08 17:04:15:470 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -
Valid from: Mon Sep 16 09:23:26 CST 2002
2006/08/08 17:04:15:470 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -
Valid until: Thu Sep 13 09:23:26 CST 2012
2006/08/08 17:04:15:470 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -
Issuer: <details removed>
2006/08/08 17:04:15:470 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -
Initializing trust manager
2006/08/08 17:04:15:740 CST [TRACE] HttpMethodBase - enter
HttpMethodBase.execute(HttpState, HttpConnection)
2006/08/08 17:04:15:740 CST [TRACE] HttpMethodBase - enter
HttpMethodBase.writeRequest(HttpState, HttpConnection)
2006/08/08 17:04:15:740 CST [TRACE] HttpMethodBase - enter
HttpMethodBase.writeRequestLine(HttpState, HttpConnection)
2006/08/08 17:04:15:740 CST [TRACE] HttpMethodBase - enter
HttpMethodBase.generateRequestLine(HttpConnection, String, String, String,
String)
2006/08/08 17:04:15:960 CST [DEBUG] header - >> "GET
/whatever/GiveLotOrCPCInfoAlt.jsp?JSESSIONID=39570AD89DD8BB6E781F68675787218E&qkt=lot
&qk=339570&ak=a53d6754dc96b3f0f9cfc795e9778169 HTTP/1.1[\r][\n]"
2006/08/08 17:04:15:960 CST [TRACE] HttpConnection - enter
HttpConnection.print(String)
2006/08/08 17:04:15:960 CST [TRACE] HttpConnection - enter
HttpConnection.write(byte[])
2006/08/08 17:04:15:960 CST [TRACE] HttpConnection - enter
HttpConnection.write(byte[], int, int)
2006/08/08 17:04:15:960 CST [TRACE] HttpMethodBase - enter
HttpMethodBase.writeRequestHeaders(HttpState,HttpConnection)
2006/08/08 17:04:15:960 CST [TRACE] HttpMethodBase - enter
HttpMethodBase.addRequestHeaders(HttpState, HttpConnection)
2006/08/08 17:04:15:960 CST [TRACE] HttpMethodBase - enter
HttpMethodBase.addUserAgentRequestHeaders(HttpState, HttpConnection)
2006/08/08 17:04:15:960 CST [TRACE] HttpMethodBase - enter
HttpMethodBase.addHostRequestHeader(HttpState, HttpConnection)
2006/08/08 17:04:15:960 CST [DEBUG] HttpMethodBase - Adding Host request
header
2006/08/08 17:04:15:960 CST [TRACE] HttpMethodBase - enter
HttpMethodBase.addCookieRequestHeader(HttpState, HttpConnection)
2006/08/08 17:04:16:240 CST [TRACE] HttpState - enter
HttpState.getCookies()
2006/08/08 17:04:16:240 CST [TRACE] HttpMethodBase - enter
HttpMethodBase.addProxyConnectionHeader(HttpState, HttpConnection)
2006/08/08 17:04:16:240 CST [DEBUG] header - >> "Set-Cookie:
JSESSIONID=39570AD89DD8BB6E781F68675787218E; Path=/whatever;
Secure[\r][\n]"
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter
HttpConnection.print(String)
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter
HttpConnection.write(byte[])
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter
HttpConnection.write(byte[], int, int)
2006/08/08 17:04:16:240 CST [DEBUG] header - >> "User-Agent: Jakarta
Commons-HttpClient/3.0.1[\r][\n]"
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter
HttpConnection.print(String)
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter
HttpConnection.write(byte[])
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter
HttpConnection.write(byte[], int, int)
2006/08/08 17:04:16:240 CST [DEBUG] header - >> "Host:
www.blahblah.com.hk[\r][\n]"
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter
HttpConnection.print(String)
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter
HttpConnection.write(byte[])
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter
HttpConnection.write(byte[], int, int)
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter
HttpConnection.writeLine()
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter
HttpConnection.write(byte[])
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter
HttpConnection.write(byte[], int, int)
2006/08/08 17:04:16:240 CST [DEBUG] header - >> "[\r][\n]"
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter
HttpConnection.flushRequestOutputStream()
2006/08/08 17:04:16:240 CST [INFO] AuthSSLX509TrustManager - Server
certificate 1:
2006/08/08 17:04:16:240 CST [INFO] AuthSSLX509TrustManager - Subject DN:
<details remove>
2006/08/08 17:04:16:240 CST [INFO] AuthSSLX509TrustManager - Signature
Algorithm: MD5withRSA
2006/08/08 17:04:16:240 CST [INFO] AuthSSLX509TrustManager - Valid from:
Thu Sep 05 12:28:08 CST 2002
2006/08/08 17:04:16:240 CST [INFO] AuthSSLX509TrustManager - Valid until:
Sun Sep 02 12:28:08 CST 2012
2006/08/08 17:04:16:240 CST [INFO] AuthSSLX509TrustManager - Issuer:
<details removed>
2006/08/08 17:04:16:240 CST [INFO] AuthSSLX509TrustManager - Server
certificate 2:
2006/08/08 17:04:16:240 CST [INFO] AuthSSLX509TrustManager - Subject DN:
<actual details remove>
2006/08/08 17:04:16:240 CST [INFO] AuthSSLX509TrustManager - Signature
Algorithm: MD5withRSA
2006/08/08 17:04:16:240 CST [INFO] AuthSSLX509TrustManager - Valid from:
Mon Sep 16 09:23:26 CST 2002
2006/08/08 17:04:16:240 CST [INFO] AuthSSLX509TrustManager - Valid until:
Thu Sep 13 09:23:26 CST 2012
2006/08/08 17:04:16:240 CST [INFO] AuthSSLX509TrustManager - Issuer:
<actual details removed>
2006/08/08 17:04:16:400 CST [TRACE] HttpMethodBase - enter
HttpMethodBase.readResponse(HttpState, HttpConnection)
2006/08/08 17:04:16:400 CST [TRACE] HttpMethodBase - enter
HttpMethodBase.readStatusLine(HttpState, HttpConnection)
2006/08/08 17:04:16:400 CST [TRACE] HttpConnection - enter
HttpConnection.readLine()
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter
HttpParser.readLine(InputStream, String)
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter
HttpParser.readRawLine()
2006/08/08 17:04:16:510 CST [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]"
2006/08/08 17:04:16:510 CST [TRACE] HttpMethodBase - enter
HttpMethodBase.readResponseHeaders(HttpState,HttpConnection)
2006/08/08 17:04:16:510 CST [TRACE] HttpConnection - enter
HttpConnection.getResponseInputStream()
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter
HeaderParser.parseHeaders(InputStream, String)
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter
HttpParser.readLine(InputStream, String)
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter
HttpParser.readRawLine()
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter
HttpParser.readLine(InputStream, String)
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter
HttpParser.readRawLine()
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter
HttpParser.readLine(InputStream, String)
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter
HttpParser.readRawLine()
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter
HttpParser.readLine(InputStream, String)
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter
HttpParser.readRawLine()
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter
HttpParser.readLine(InputStream, String)
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter
HttpParser.readRawLine()
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter
HttpParser.readLine(InputStream, String)
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter
HttpParser.readRawLine()
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter
HttpParser.readLine(InputStream, String)
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter
HttpParser.readRawLine()
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter
HttpParser.readLine(InputStream, String)
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter
HttpParser.readRawLine()
2006/08/08 17:04:16:510 CST [DEBUG] header - << "Date: Tue, 08 Aug 2006
09:14:46 GMT[\r][\n]"
2006/08/08 17:04:16:510 CST [DEBUG] header - << "Server: Apache/2.0.40 (Red
Hat Linux)[\r][\n]"
2006/08/08 17:04:16:510 CST [DEBUG] header - << "Set-Cookie:
JSESSIONID=C66251A65E8B28B254CAA1B3CC2D23D6; Path=/whatever;
Secure[\r][\n]"
2006/08/08 17:04:16:510 CST [DEBUG] header - << "Content-Length:
17[\r][\n]"
2006/08/08 17:04:16:510 CST [DEBUG] header - << "Connection: close[\r][\n]"
2006/08/08 17:04:16:510 CST [DEBUG] header - << "Content-Type:
text/plain;charset=Big5-HKSCS[\r][\n]"
2006/08/08 17:04:16:510 CST [DEBUG] header - << "X-Pad: avoid browser
bug[\r][\n]"
2006/08/08 17:04:16:510 CST [TRACE] HttpMethodBase - enter
HttpMethodBase.processResponseHeaders(HttpState, HttpConnection)
2006/08/08 17:04:16:510 CST [TRACE] HttpMethodBase - enter
HttpMethodBase.readResponseBody(HttpState, HttpConnection)
2006/08/08 17:04:16:510 CST [TRACE] HttpMethodBase - enter
HttpMethodBase.readResponseBody(HttpConnection)
2006/08/08 17:04:16:510 CST [TRACE] HttpConnection - enter
HttpConnection.getResponseInputStream()
2006/08/08 17:04:16:510 CST [TRACE] HttpMethodBase - enter
HttpMethodBase.canResponseHaveBody(int)
2006/08/08 17:04:16:510 CST [DEBUG] content - << "<!access denied>[\n]"
Rsp: [<!access denied>]
2006/08/08 17:04:16:620 CST [DEBUG] HttpMethodBase - Should close
connection in response to directive: close
2006/08/08 17:04:16:620 CST [TRACE] HttpConnection - enter
HttpConnection.close()
2006/08/08 17:04:16:620 CST [TRACE] HttpConnection - enter
HttpConnection.closeSockedAndStreams()
2006/08/08 17:04:16:620 CST [TRACE] HttpConnection - enter
HttpConnection.releaseConnection()
2006/08/08 17:04:16:620 CST [DEBUG] HttpConnection - Releasing connection
back to connection manager.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
