[jira] Issue Comment Edited: (CXF-3112) Further problem with cookies in Jax-RS (similar to closed issue 3035)

David Hagar (JIRA) Sat, 06 Nov 2010 16:10:48 -0700

    [ 
https://issues.apache.org/jira/browse/CXF-3112?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12929162#action_12929162
 ]


David Hagar edited comment on CXF-3112 at 11/6/10 7:09 PM:
-----------------------------------------------------------

Ah...I was hasty posting this originally, the test is a bit more complicated 
than I thought:

Here is the header value that was actually causing the problem: 

Set-Cookie=[JSESSIONID=0475F7F30A26E5B0C15DF5B3489AE569; Path=/userservice, 
SPRING_SECURITY_REMEMBER_ME_COOKIE=MktUaGkrVXZjQ09RRzdleFl1QUpEZz09OlcxemFySE5jQTlMcVAyeENva28vRmc9PQ;
 Expires=Sat, 20-Nov-2010 19:11:32 GMT; Path=/userservice]

The problematic code seems to be: 
boolean splitPossible = 
!(HttpHeaders.SET_COOKIE.equalsIgnoreCase(entry.getKey())
                                          && 
entry.getValue().get(0).contains(HttpHeaders.EXPIRES));
for (String val : entry.getValue()) {
                    String[] values = splitPossible ? val.split(",") : new 
String[]{val};
                    for (String s : values) {
                        String theValue = s.trim();
                        if (theValue.length() > 0) {
                            currentResponseBuilder.header(entry.getKey(), 
theValue);
                        }
                    }
                }
So, from the debugger i pulled out the following values:

entry.getValue().get(0) = JSESSIONID=0475F7F30A26E5B0C15DF5B3489AE569; 
Path=/userservice

entry.getValue().get(1) = 
"SPRING_SECURITY_REMEMBER_ME_COOKIE=MktUaGkrVXZjQ09RRzdleFl1QUpEZz09OlcxemFySE5jQTlMcVAyeENva28vRmc9PQ;
 Expires=Sat, 20-Nov-2010 19:11:32 GMT; Path=/userservice"

splitPossible = true;

Splitting the second cookie causes the response to have three cookie values,

1=SESSIONID=0475F7F30A26E5B0C15DF5B3489AE569; Path=/userservice.
2=SPRING_SECURITY_REMEMBER_ME_COOKIE=MktUaGkrVXZjQ09RRzdleFl1QUpEZz09OlcxemFySE5jQTlMcVAyeENva28vRmc9PQ;
 Expires=Sat
3=20-Nov-2010 19:11:32 GMT; Path=/userservice

This could probably be fixed by moving the boolean splitPossible... line into 
the for loop and having it set based on the value of each cookie, not by the 
value of the first cookie. 

I'm still working on getting the CXF source up and running in Eclipse, but 
would be happy to test further once I have it set up properly. 





      was (Author: david.hagar):
    Ah...I was hasty posting this originally, the test is a bit more 
complicated than I thought:

Here is the header value that was actually causing the problem: 

Set-Cookie=[JSESSIONID=0475F7F30A26E5B0C15DF5B3489AE569; Path=/userservice, 
SPRING_SECURITY_REMEMBER_ME_COOKIE=MktUaGkrVXZjQ09RRzdleFl1QUpEZz09OlcxemFySE5jQTlMcVAyeENva28vRmc9PQ;
 Expires=Sat, 20-Nov-2010 19:11:32 GMT; Path=/userservice]

The problematic code seems to be: 
boolean splitPossible = 
!(HttpHeaders.SET_COOKIE.equalsIgnoreCase(entry.getKey())
                                          && 
entry.getValue().get(0).contains(HttpHeaders.EXPIRES));
for (String val : entry.getValue()) {
                    String[] values = splitPossible ? val.split(",") : new 
String[]{val};
                    for (String s : values) {
                        String theValue = s.trim();
                        if (theValue.length() > 0) {
                            currentResponseBuilder.header(entry.getKey(), 
theValue);
                        }
                    }
                }
So, 

entry.getValue().get(0) = JSESSIONID=0475F7F30A26E5B0C15DF5B3489AE569; 
Path=/userservice

entry.getValue().get(1) = 
"SPRING_SECURITY_REMEMBER_ME_COOKIE=MktUaGkrVXZjQ09RRzdleFl1QUpEZz09OlcxemFySE5jQTlMcVAyeENva28vRmc9PQ;
 Expires=Sat, 20-Nov-2010 19:11:32 GMT; Path=/userservice"

splitPossible = true;

The problem is that splitting the second cookie causes the problem.

This could probably be fixed by moving the boolean splitPossible... line into 
the for loop and having it set based on the value of each cookie, not by the 
value of the first cookie. 

I'm still working on getting the CXF source up and running in Eclipse, but 
would be happy to test further once I have it set up properly. 




  
> Further problem with cookies in Jax-RS (similar to closed issue 3035)
> ---------------------------------------------------------------------
>
>                 Key: CXF-3112
>                 URL: https://issues.apache.org/jira/browse/CXF-3112
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS
>    Affects Versions: 2.3.0, 2.2.11
>            Reporter: David Hagar
>
> Prior to version 2.2.11, multiple cookies were not handled properly by the 
> method 
> org.apache.cxf.jaxrs.client.AbstractClient#setResponseBuilder(HttpURLConnection,
>  Exchange) -- this was resolved for some cookies, but it still breaks for 
> others. Specifically, any cookie that contains an "Expires" field now gets 
> split into two objects by the aforementioned method. 
> For example, if the header is:
> Set-Cookie: com.wm.visitor=10789493347; Domain=.walmart.com; Expires=Thu, 
> 01-Oct-2020 23:44:22 GMT; Path=/
> Then response.getMetadata().get("Set-Cookie"); will return an array of length 
> 2, with values = {" com.wm.visitor=10789493347; Domain=.walmart.com; 
> Expires=Thu", "01-Oct-2020 23:44:22 GMT; Path=/"
> I'm pretty sure this is a conflict of the code looking for date related 
> headers conflicting with the code looking for cookie related headers. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Issue Comment Edited: (CXF-3112) Further problem with cookies in Jax-RS (similar to closed issue 3035)

Reply via email to