Uploaded image for project: 'HttpComponents HttpClient'
  1. HttpComponents HttpClient
  2. HTTPCLIENT-1909

Cookies received during authentication challenge not processed

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 4.5.5
    • 5.0 Alpha2
    • None
    • None

    Description

      We fail to authenticate against a gateway requiring authentication and which is tracking progress by way of setting and updating a session cookie even during the authentication challenge:

      • client GET to same url again
        authentication transmitted
        cookie X=1 transmitted again, should have been X=2

      This is caused by actually processing the cookies only outside the MainClientExec, by the calling ProtocolExec. But with receiving the 401, the loop in MainClientExec#execute(...) is not left but the request is sent again with having only added the authentication header. The cookies having received with the 401 response are dismissed.

       

      Workaround (hack IMHO):

      final TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy() {
    private final ResponseProcessCookies fResponseProcessCookies = new ResponseProcessCookies();
    private final RequestAddCookies fRequestAddCookies = new RequestAddCookies();

    @Override
    public Map<String, Header> getChallenges(HttpHost authhost,
                                             HttpResponse response,
                                             HttpContext context) throws MalformedChallengeException {
        try {
            fResponseProcessCookies.process(response, context);
            final HttpClientContext clientContext = HttpClientContext.adapt(context);
            final HttpRequest request = clientContext.getRequest();
            request.removeHeaders("Cookie");
            fRequestAddCookies.process(request, context);
        } catch (HttpException | IOException e) {
            throw new MalformedChallengeException(e.getMessage(), e);
        }
        return super.getChallenges(authhost, response, context);
    }
};

final CloseableHttpClient authClient = httpClientBuilder
    .setTargetAuthenticationStrategy(authStrategy)
    .build();

      Attachments

        Issue Links

          duplicates

          Improvement - An improvement or enhancement to an existing feature or task. HTTPCLIENT-1451 HttpClient does not store response cookies on a 401

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              jstammi Johannes Stamminger
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: