[
https://issues.apache.org/jira/browse/CXF-3112?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12929162#action_12929162
]
David Hagar commented on CXF-3112:
----------------------------------
Ah...I was hasty posting this originally, the test is a bit more complicated
than I thought:
Here is the header value that was actually causing the problem:
Set-Cookie=[JSESSIONID=0475F7F30A26E5B0C15DF5B3489AE569; Path=/userservice,
SPRING_SECURITY_REMEMBER_ME_COOKIE=MktUaGkrVXZjQ09RRzdleFl1QUpEZz09OlcxemFySE5jQTlMcVAyeENva28vRmc9PQ;
Expires=Sat, 20-Nov-2010 19:11:32 GMT; Path=/userservice]
The problematic code seems to be:
boolean splitPossible =
!(HttpHeaders.SET_COOKIE.equalsIgnoreCase(entry.getKey())
&&
entry.getValue().get(0).contains(HttpHeaders.EXPIRES));
for (String val : entry.getValue()) {
String[] values = splitPossible ? val.split(",") : new
String[]{val};
for (String s : values) {
String theValue = s.trim();
if (theValue.length() > 0) {
currentResponseBuilder.header(entry.getKey(),
theValue);
}
}
}
So,
entry.getValue().get(0) = JSESSIONID=0475F7F30A26E5B0C15DF5B3489AE569;
Path=/userservice
entry.getValue().get(1) =
"SPRING_SECURITY_REMEMBER_ME_COOKIE=MktUaGkrVXZjQ09RRzdleFl1QUpEZz09OlcxemFySE5jQTlMcVAyeENva28vRmc9PQ;
Expires=Sat, 20-Nov-2010 19:11:32 GMT; Path=/userservice"
splitPossible = true;
The problem is that splitting the second cookie causes the problem.
This could probably be fixed by moving the boolean splitPossible... line into
the for loop and having it set based on the value of each cookie, not by the
value of the first cookie.
I'm still working on getting the CXF source up and running in Eclipse, but
would be happy to test further once I have it set up properly.
> Further problem with cookies in Jax-RS (similar to closed issue 3035)
> ---------------------------------------------------------------------
>
> Key: CXF-3112
> URL: https://issues.apache.org/jira/browse/CXF-3112
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
> Affects Versions: 2.3.0, 2.2.11
> Reporter: David Hagar
>
> Prior to version 2.2.11, multiple cookies were not handled properly by the
> method
> org.apache.cxf.jaxrs.client.AbstractClient#setResponseBuilder(HttpURLConnection,
> Exchange) -- this was resolved for some cookies, but it still breaks for
> others. Specifically, any cookie that contains an "Expires" field now gets
> split into two objects by the aforementioned method.
> For example, if the header is:
> Set-Cookie: com.wm.visitor=10789493347; Domain=.walmart.com; Expires=Thu,
> 01-Oct-2020 23:44:22 GMT; Path=/
> Then response.getMetadata().get("Set-Cookie"); will return an array of length
> 2, with values = {" com.wm.visitor=10789493347; Domain=.walmart.com;
> Expires=Thu", "01-Oct-2020 23:44:22 GMT; Path=/"
> I'm pretty sure this is a conflict of the code looking for date related
> headers conflicting with the code looking for cookie related headers.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
