Re: FW: Issues to retreive cross domain cookies

Mon, 02 Mar 2015 04:00:07 -0800

By the way, you can do a basic test without even having to write a server. Write a client code that does GET on some address and register a ClientRequestFilter which aborts the chain with Response where you emulate the response headers/cookies as needed. 

Sergey

On 27/02/15 16:18, Sergey Beryozkin wrote:

Hi

I don't understand where the problem is.
I've just typed

NewCookie c = NewCookie.valueOf(

"xxx-XSRF_G3T_100=bar;comment=comment;path=path;max-age=10;domain=domain;secure;version=1");

         assertTrue("bar".equals(c.getValue())
                    && "xxx-XSRF_G3T_100".equals(c.getName())
                    && 1 == c.getVersion()
                    && "path".equals(c.getPath())
                    && "domain".equals(c.getDomain())
                    && "comment".equals(c.getComment())
                    && 10 == c.getMaxAge());

and it works, so I'd like to know more details.
Can you offer a simple test case ?
Or clarify further, example,

In the "From the code" part I see no "xxx-XSRF_G3T_100" cookie, only
"XXX_SESSIONID_X3T_100".

In the "From the code" part I see "XXX_SESSIONID_X3T_100" cookie with a
"xxx-XSRF_G3T_100" parameter.

Are you referring to the fact NewCookie interface has no way to access
custom parameters ?

Please clarify

Sergey




On 27/02/15 06:44, Khare, Aparna wrote:

Dear Colleagues,

    I'm not able to retrieve the cross domain cookies.
Around one month back I reported the same issue and found that with
3.0.4 the issue is fixed but found that the issues occurs again for
some other proxified api's

Please see the details of the cookie

 From the code
XXX_SESSIONID_X3T_100=foEPAA2NOECcyhSD6rieowJV216-ShHkiHQAUFa0PPA%3d;
path=/,
MYXXXSSO2=AjQxMDMBABhBAEQASwBPAEwASQAgACAAIAAgACAAIAACAAYxADAAMAADABBHADMAVAAgACAAIAAgACAABAAYMgAwADEANQAwADIAMgA3ADAANgAyADkABQAEAAAACAYAAlgACQACRQD%2fATQwggEwBgkqhkiG9w0BBwKgggEhMIIBHQIBATELMAkGBSsOAwIaBQAwCwYJKoZIhvcNAQcBMYH9MIH6AgEBMFAwRTELMAkGA1UEBhMCREUxDzANBgNVBAoTBlNBUC1BRzEMMAoGA1UECxMDRzNUMRcwFQYDVQQDDA4qLndkZi5zYXAuY29ycAIHIBQCAxAZATAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTUwMjI3MDYyOTQxWjAjBgkqhkiG9w0BCQQxFgQUJ%21nUioGvLQTxvzNWOqCsQvL%21zNEwCQYHKoZIzjgEAwQuMCwCFBwqgz8zXv4LrLdhxjEDp8ZIx%2fevAhRgGHgOwMt0haPc43MID1Pe6jSLdg%3d%3d;
path=/; domain=.sdsd.ass.corp

In the rest client
XXX_SESSIONID_X3T _100=hHXh7jWAUcW9XDd-tqY_OWxwugu-SBHkiHQAUFa0PPA%3d;
xxx-XSRF_G3T_100=qECjPi_D0m4joqEdx9b__A%3d%3d20150227061820KrlKU5OV02Q_jFupRMXxKYWSuM4aWnL_Ky5XB1JeZAg%3d


The cookie like xxx-XSRF_G3T_100 is not retrieved FROM apache cxf

Can you please help with this issue as this blocks the testing of our
api .most of the api's cookie values are not retrieved correctly

Thanksm
Aparna

-----Original Message-----
From: Sergey Beryozkin [mailto:[email protected]]
Sent: Tuesday, January 20, 2015 4:52 PM
To: Khare, Aparna
Subject: Re: Issues to retreive cross domain cookies

OK, sounds good. CXF 2.7.14/3.0.4 would be released in the next few weeks

Sergey
On 20/01/15 11:08, Khare, Aparna wrote:

Sorry Sergey,I could test this and it worked. Sorry for the mail .

Just wanted to know whether the fix is available in the released branch.

Thanks a lot for the help

-----Original Message-----
From: Sergey Beryozkin [mailto:[email protected]]
Sent: Tuesday, January 20, 2015 4:31 PM
To: Khare, Aparna
Subject: Re: Issues to retreive cross domain cookies

Hi

Well, it is hard to know what is happening without a test case...
How many Set-Cookie headers you have coming in back ? Are all of those
headers not captured properly or only some of them ?

Can you please select one of Set-Cookie values that is not captured
correctly in Response.getHeaders() and send to me and I'll test

Sergey

On 20/01/15 05:32, Khare, Aparna wrote:

Hi ,

      Thanks a lot for all the help .But unfortunately the
response.getHeaders() is also giving  not giving the full value for
the response header set-cookie.

I'm still not able to figure out why I don't get the proper value .

Thanks
-----Original Message-----
From: Sergey Beryozkin [mailto:[email protected]]
Sent: Monday, January 19, 2015 8:12 PM
To: Khare, Aparna
Subject: Re: Issues to retreive cross domain cookies

Hi

CXF NewCookie parser is case-sensitive which is probably a bug, however
JAX-RS NewCookie.equals is case-sensitive... I'll need to clarify few
details and get back to you; the possible problem is that
NewToken.fromString(s).toString() will not produce the identical
strings...

at this stage please consider a workaround, use Response.getHeaders()
and parse Set-Cookie manually. I'll keep you up to date...

Thanks, Sergey

On 19/01/15 14:19, Khare, Aparna wrote:

Hi,Please see the logs

---------------------------
ID: 2
Response-Code: 200
Encoding: ISO-8859-1
Content-Type: application/atomsvc+xml
Headers: {cache-control=[no-store, no-cache, must-revalidate,
max-age=0, post-check=0, pre-check=0], connection=[keep-alive],
Content-Length=[6444], content-type=[application/atomsvc+xml],
dataserviceversion=[2.0], expires=[Tue, 03 Jul 2001 06:00:00 GMT],
last-modified=[Mon, 19 Jan 2015 14:02:34 GMT], pragma=[no-cache],
sap-metadata-last-modified=[Thu, 15 Jan 2015 11:48:40 GMT],
server,set-cookie=[BIGipServertestmaint-sapapimgmt.river.jpaas.sapbydesign.com=2619950090.29727.0000;
path=/]}
Payload: <?xml version="1.0" encoding="UTF-8"?><app:service
xmlns:app="http://www.w3.org/2007/app";
xmlns:atom="http://www.w3.org/2005/Atom"; xmlns:gp="jjjj"
xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata";
xmlns:sapjjj" xml:lang="en"
xml:base="jjjjjjjj/GWDEMO10/"><app:workspace><atom:title
type="text">Data</atom:title><app:collection
sap:addressable="false" sap:content-version="1"
href="ContactPersonCollection"><atom:title </app:service>

Whereas in case of httpclient
Set cookie read the proper value

set-cookie:
MYSAPSSO2=AjQxMDMBABhBAEQASwBPAEwASQAgACAAIAAgACAAIAACAAYxADAAMAADABBHADMAVAAgACAAIAAgACAABAAYMgAwADEANQAwADEAMQA5ADEANAAxADQABQAEAAAACAYAAlgACQACRQD%2fATUwggExBgkqhkiG9w0BBwKgggEiMIIBHgIBATELMAkGBSsOAwIaBQAwCwYJKoZIhvcNAQcBMYH%21MIH7AgEBMFAwRTELMAkGA1UEBhMCREUxDzANBgNVBAoTBlNBUC1BRzEMMAoGA1UECxMDRzNUMRcwFQYDVQQDDA4qLndkZi5zYXAuY29ycAIHIBQCAxAZATAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTUwMTE5MTQxNDUwWjAjBgkqhkiG9w0BCQQxFgQUE44GmBBJ0oZB5gBD2cKkDhFTt60wCQYHKoZIzjgEAwQvMC0CFQCeiy5yaTGt0fdwp%21o71DXrsmOznwIUOVeDlSFbLo2XjBUV2Z7iIG%2f22O4%3d;
path=/; domain=.adf.lap.corp
set-cookie: xxxxxx=T7xIWcf1-DhBuVgktK8asYZ2-J2f5RHksb4AUFa0PPA%3d;
path=/
set-cookie:
sap-xxxxx=k8e0QqHJt2chKzKJiOTX1Q%3d%3d201501191414504AcJrLmXgNVZKp-JKdf-uadDSwCazuN7SKXLAk3oUXg%3d;
path=/; HttpOnly

Thanks
-----Original Message-----
From: Sergey Beryozkin [mailto:[email protected]]
Sent: Monday, January 19, 2015 7:21 PM
To: Khare, Aparna
Subject: Re: Issues to retreive cross domain cookies

Hi, thanks for the extra details,

Right, I wonder if it is some kind of a Set-Cookie parsing issue...
Can you please do

rsClient = WebClient.create(baseURI);
WebClient.getConfig(rsClient).getInInterceptors().add(new
LoggingInInterceptor());

and let me know the exact format of Set-Cookie values (you can replace
some sensitive properties with something like a=b if you prefer, but I
need to look at the actual Set-Cookie format).

Thanks, Sergey

On 19/01/15 13:41, Khare, Aparna wrote:

Sorry for the information provided
I prepare the webclient with url and pass all required parameters
like Authentication,SSL ,Proxy and then call the process response
where I pass rsClient.get()

Please see the code snippet below

        WebClient rsClient=null;
        try {
            baseURI = new URI(client.getURL());
            rsClient = WebClient.create(baseURI);
        } catch (URISyntaxException e) {

            e.printStackTrace();

then I call processResponse(rsClient.get()) after building the client

    protected void processResponse(Response response){
      HttpClient client = new HttpClient();

        setResponse((InputStream) response.getEntity());
        System.out.println(response.getCookies()+"res.getCookies");
        Map<String, NewCookie> map = response.getCookies();
        //Iterator<Map.Entry<Integer, Integer>> entries =
map.entrySet().iterator();
        for (Entry<String, NewCookie> entry : map.entrySet()) {
        System.out.println("Key = " + entry.getKey() + ", Value =
" + entry.getValue());
        NewCookie cookie = entry.getValue();
        System.out.println(cookie.getName());
        System.out.println(cookie.getDomain());
        System.out.println(cookie.getValue());

    }
         // ...

        setResponseHeaders(response.getHeaders());

    }

When I print headers(response.getHeaders()) in the set-cookie
header im not getting the proper cookie value instead I get
{path=path=/;Version=1} whereas why I use the httpclient api's I
get proper value in the cookie.

Note:-The url is a proxies api so cross domain cookies I might
have to use.

Thanks,




-----Original Message-----
From: Sergey Beryozkin [mailto:[email protected]]
Sent: Monday, January 19, 2015 5:15 PM
To: [email protected]
Subject: Re: Issues to retreive cross domain cookies

Hi,
I can't help unless you provide enough information...

Sergey
On 19/01/15 11:40, Khare, Aparna wrote:

import javax.ws.rs.core.Response;  response is an instance of
this the problem is even in the headers im not getting the cross
domain cookies whereas it comes in Rest client

Thanks

-----Original Message-----
From: Sergey Beryozkin [mailto:[email protected]]
Sent: Monday, January 19, 2015 4:07 PM
To: [email protected]
Subject: Re: Issues to retreive cross domain cookies

Hi
On 19/01/15 10:12, Khare, Aparna wrote:

Hello Users,

          I have a requirement where I want to retrieve the
cross domain cookies.

When I do response.getCookies() .I'm getting
{path=path=/;Version=1} and not the proper domain name.

I have a proxied API which I'm testing .I'm getting the proper
response with Get but I also need the cookies because this is
used for some
Authentication when I do a POST to the same proxied API.




Is 'response' an instance of JAX-RS Response class ?
If so, can you use Response.getHeaders() and check what are the
actual
values of Set-Cookie headers ?

Cheers, Sergey


Can some help how cross domain cookies are retrieved with apache
cxf.
Thanks,






















--
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Blog: http://sberyozkin.blogspot.com

Reply via email to