ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 37913] New: - Get and Post tasks: cookies not set when redirect received
Date Wed, 14 Dec 2005 18:49:44 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=37913>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=37913

           Summary: Get and Post tasks: cookies not set when redirect
                    received
           Product: Ant
           Version: 1.6.5
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Core tasks
        AssignedTo: dev@ant.apache.org
        ReportedBy: dtessman@zelestra.com


It appears that when a Set-Cookie: HTTP header is sent from the server to the 
Ant Client during a 302 Moved Temporarily response to a Get core task (or a 
Post optional task) the cookie is not stored within the Ant client. This 
violates RFC-2109 (sec 4.2.1). The result is that certain security mechanisms, 
such as SAML, that rely on HTTP redirection to establish a security context 
fail.

Example:
<target name="restart" depends="init">
  <get src="https://insecure-bank.org/saml/login?Target=/restart.jsp" 
    dest="results.html" 
    username="1214";
    password="secret"/>
</target>

If /saml/login establishes the security context and then sends a redirect 
response (status code 302) that contains a Set-Cookie and the Location header 
(/restart.jsp).  The Set-Cookie is ignored by Ant and the security context is 
lost.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org


Mime
View raw message