On Mon, 2009-01-12 at 08:28 -0500, Tim Williams wrote: > On Thu, Jan 8, 2009 at 3:03 PM, Tim Williams <[email protected]> wrote: > > On Thu, Jan 8, 2009 at 2:28 PM, Tim Williams <[email protected]> wrote: > >> On Thu, Jan 8, 2009 at 2:09 PM, Oleg Kalnichevski <[email protected]> wrote: > >>> Tim Williams wrote: > >>>> > >>>> I'm using the MultiThreadedConnectionManager with HttpClient and 2-way > >>>> ssl similar to the example[1] and having problems. The very first > >>>> request goes through and returns HTTP 200 Ok. All subsequent requests > >>>> return HTTP 401. This happens when I run this inside a webapp > >>>> deployed in either glassfish or tomcat. However, if I take the same > >>>> code and run from within a simple driver "main" program, all calls to > >>>> that same server succeed with no problems. Oddly enough, this only > >>>> happens when communicating with one particular Weblogic service - > >>>> other servers allow multiple calls with the same fetcher code just > >>>> fine. Anyone have an idea what would make the first request go > >>>> through go through properly but not subsequent ones? > >>>> > >>> > >>> There is no way of telling without more details. Please post a wire log of > >>> the HTTP session to this list > >>> > >>> http://hc.apache.org/httpclient-3.x/logging.html > >>> > >>> Oleg > >> > >> Unfortunately, I'm unable to post logging data. I have narrowed it > >> down to a "cookie" problem of some sort. I've found that if I > >> manually take the "Set-Cookie" header from the initial request, store > >> it, then manually populate it on subsequent requests, all is well. I > >> had that idea from this site[1] but I'm not sure whether the > >> configuration on the server-side (Weblogic) is just wrong or my > >> HttpClient configuration is wrong by not sending back both cookies on > >> subsequent requests. > >> Thanks, > >> --tim > > > > I've run the wire logging and it does appear that two Set-Cookies are > > coming in, one with JSESSIONID= and the other with > > _WL_AUTH_JSESSIONID=. On subsequent requests, only the first, > > JSESSIONID, is on the outbound request. Any ideas? > > The _WL_AUTH_JSESSIONID is a 'secure' cookie and it is the one not > being sent. Weblogic uses both a regular cookie and secure cookie to > apparently allow you to seamlessly transition across http and https > sessions[1] which seems valid. I've tried sending as a > SINGLE_COOKIE_HEADER as well with no success. I'm using v3.0.1 and > RFC2109 btw. Any ideas for what to look at? > Thanks, > --tim >
You are not using a custom SSL socket factory, are you? If so, make sure it implements SecureProtocolSocketFactory interface. Oleg > [1] - http://e-docs.bea.com/wls/docs81/security/thin_client.html#1039551 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
