Mailing-List: contact users-help@cxf.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@cxf.apache.org
Received-SPF: pass (nike.apache.org: domain of sberyozkin@gmail.com designates
 209.85.214.41 as permitted sender)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        b=puzh5IsiGYpL1KYP76l5HAJzLLB7Hc5Re4vOGGFYOpy49HR5kwB8bcKDIpK6jh1tTB
         vCpkgyOnqDMcrAu2ugQKg8dfDm39hO9y5gOk+6vUFdapmzsd5mkSD3sEo499goP+koR+
         8meUyRzqdJTISX72VmsxxLXqidqAVXj0VmCRU=
MIME-Version: 1.0
In-Reply-To: <3E4C4C026B535E43B768DF54C946DDF6044D7744@XMB-AMS-104.cisco.com>
References: <3E4C4C026B535E43B768DF54C946DDF6043F661A@XMB-AMS-104.cisco.com>
	<AANLkTi=4iG9YLpNgxUBR9AB8vqxMXAtdpDt7SZD538nO@mail.gmail.com>
	<AANLkTikT968nEXbY=yRv7RRXC91nDm5++iGZeK45PjGK@mail.gmail.com>
	<3E4C4C026B535E43B768DF54C946DDF6044D7744@XMB-AMS-104.cisco.com>
Date: Thu, 17 Feb 2011 17:05:05 +0000
Message-ID: <AANLkTinG69vyZ86wB33Ny41HAAg2XBBJ9A+bZXxy8=Lh@mail.gmail.com>
Subject: Re: REST response over https - no-cache always set
From: Sergey Beryozkin <sberyozkin@gmail.com>
To: users@cxf.apache.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi

On Thu, Feb 17, 2011 at 3:38 PM, Tamar Furman (tfurman)
<tfurman@cisco.com> wrote:
> Thanks Sergey.
>
> The setNoCache(false) did not work for me. Also avoiding setting the cach=
e-control header still raised no-cache received on client side. I'll try us=
ing the =A0HttpServletResponse... Though, hoped to find a simpler way :-)
>

I only used setNoCache to confirm that whatever value I set is
propagated to the client over HTTPs.
The simple solution could be to register a servlet filter which will
do the only thing, it will do

response.reset()

and then delegate further, so it will be cheap but can be optimized for
response.reset() be called only when IE agent is invoking

thanks, SErgey

> T.
>
> -----Original Message-----
> From: Sergey Beryozkin [mailto:sberyozkin@gmail.com]
> Sent: Monday, February 14, 2011 3:22 PM
> To: users@cxf.apache.org
> Subject: Re: REST response over https - no-cache always set
>
> I run the jaxrs https test locally, without explicitly setting Cache-Cont=
rol no such header is returned and if I call
> setNoCache(false):
>
> CacheControl control =3D new CacheControl(); control.setNoCache(false); r=
eturn Response.ok().cacheControl(control).entity(doGetBook(id)).build();
>
> then the client code shows that no 'no-cache' value is present in the Cac=
he-Control header.
>
> But the test is using the emdedded Jetty. Thus it seems like the servlet =
container that you use forces this value.
>
> I'm looking at
>
> http://stackoverflow.com/questions/3788766/forcing-no-cache-for-internet-=
explorer-over-https-with-http-response-headers
>
>
> I guess what you can try to do is to have
>
> @Context
> HttpServletResponse response;
>
> injected and then do response.reset() before continuing using Response, j=
ust =A0to verify it works.
> If it does then you may consider =A0coding against the injected HttpServl=
etResponse only. I'd also consider not injecting HttpServletResponse and in=
stead creating a custom Servlet filter which would only do
>
> response.reset()
>
> before delegating further.
>
> Let me know if it helps
> Sergey
>
>
> On Mon, Feb 14, 2011 at 12:46 PM, Sergey Beryozkin <sberyozkin@gmail.com>=
 wrote:
>> Hi
>>
>> Sorry for a delay...
>>
>> On Mon, Feb 14, 2011 at 8:10 AM, Tamar Furman (tfurman)
>> <tfurman@cisco.com> wrote:
>>> Hi -
>>>
>>> I'm straggling this problem for several days and will appreciate any
>>> help.
>>>
>>> I'm using CXF 2.2.6 providing REST services over https. I have the
>>> following problem with download function via rest. The method returns
>>> ws.rs.Response and encapsulates in the content a download file. All
>>> works nice with Firefox but fails on IE8. There is a known bug on IE8
>>> that requires that such https response avoid 'no-cache' header.
>>> However no matter how I build the response header it seams that the
>>> ResponseBuilder puts in the 'no-cache' one and I can't get rid of it.
>>>
>>> Here is a snip of my code:
>>>
>>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0CacheControl cc =3D new =
CacheControl();
>>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0cc.setNoStore(true);
>>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0cc.setNoCache(false);
>>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Response res =3D Respons=
e.ok(file).
>>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=
 =A0 =A0 type("application/octet").
>>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=
 =A0 =A0 cacheControl(cc).
>>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=
 =A0 =A0 header("Content-Disposition",
>>> "attachment; filename=3D" + fileName).
>>>
>>> header("Content-Length:",Long.toString(file.length())).
>>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=
 =A0 =A0 build();
>>>
>>>
>>>
>>> also tried:
>>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 header("Cache-Control",=
 "no-store").
>>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 header("Cache-Control",=
 "private, max-age=3D1").
>>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 header("Pragma", "no-st=
ore").
>>>
>>>
>>>
>>> No matter what, I always see the following headers return to the client=
:
>>>
>>> =A0 =A0 =A0 =A0Pragma =A0No-cache
>>> =A0 =A0 =A0 =A0Cache-Control =A0 no-cache, no-store;no-transform
>>>
>>> Any idea how can I solve this with this cxf ResponseBuilder?
>>>
>>
>> What happens if you do not use the CacheControl utility at all ?
>>
>> I'm wondering, is it the underlying HTTPS implementation that forces
>> the 'no-cache' value ?
>>
>> Cheers, Sergey
>>
>>> Thanks,
>>> T.
>>>
>>
>