cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <sberyoz...@gmail.com>
Subject Re: FW: Issues to retreive cross domain cookies
Date Mon, 02 Mar 2015 11:59:00 GMT
By the way, you can do a basic test without even having to write a 
server. Write a client code that does GET on some address and register a 
ClientRequestFilter which aborts the chain with Response where you 
emulate the response headers/cookies as needed.

Sergey

On 27/02/15 16:18, Sergey Beryozkin wrote:
> Hi
>
> I don't understand where the problem is.
> I've just typed
>
> NewCookie c = NewCookie.valueOf(
>
> "xxx-XSRF_G3T_100=bar;comment=comment;path=path;max-age=10;domain=domain;secure;version=1");
>
>          assertTrue("bar".equals(c.getValue())
>                     && "xxx-XSRF_G3T_100".equals(c.getName())
>                     && 1 == c.getVersion()
>                     && "path".equals(c.getPath())
>                     && "domain".equals(c.getDomain())
>                     && "comment".equals(c.getComment())
>                     && 10 == c.getMaxAge());
>
> and it works, so I'd like to know more details.
> Can you offer a simple test case ?
> Or clarify further, example,
>
> In the "From the code" part I see no "xxx-XSRF_G3T_100" cookie, only
> "XXX_SESSIONID_X3T_100".
>
> In the "From the code" part I see "XXX_SESSIONID_X3T_100" cookie with a
> "xxx-XSRF_G3T_100" parameter.
>
> Are you referring to the fact NewCookie interface has no way to access
> custom parameters ?
>
> Please clarify
>
> Sergey
>
>
>
>
> On 27/02/15 06:44, Khare, Aparna wrote:
>> Dear Colleagues,
>>
>>     I'm not able to retrieve the cross domain cookies.
>> Around one month back I reported the same issue and found that with
>> 3.0.4 the issue is fixed but found that the issues occurs again for
>> some other proxified api's
>>
>> Please see the details of the cookie
>>
>>  From the code
>> XXX_SESSIONID_X3T_100=foEPAA2NOECcyhSD6rieowJV216-ShHkiHQAUFa0PPA%3d;
>> path=/,
>> MYXXXSSO2=AjQxMDMBABhBAEQASwBPAEwASQAgACAAIAAgACAAIAACAAYxADAAMAADABBHADMAVAAgACAAIAAgACAABAAYMgAwADEANQAwADIAMgA3ADAANgAyADkABQAEAAAACAYAAlgACQACRQD%2fATQwggEwBgkqhkiG9w0BBwKgggEhMIIBHQIBATELMAkGBSsOAwIaBQAwCwYJKoZIhvcNAQcBMYH9MIH6AgEBMFAwRTELMAkGA1UEBhMCREUxDzANBgNVBAoTBlNBUC1BRzEMMAoGA1UECxMDRzNUMRcwFQYDVQQDDA4qLndkZi5zYXAuY29ycAIHIBQCAxAZATAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTUwMjI3MDYyOTQxWjAjBgkqhkiG9w0BCQQxFgQUJ%21nUioGvLQTxvzNWOqCsQvL%21zNEwCQYHKoZIzjgEAwQuMCwCFBwqgz8zXv4LrLdhxjEDp8ZIx%2fevAhRgGHgOwMt0haPc43MID1Pe6jSLdg%3d%3d;
>> path=/; domain=.sdsd.ass.corp
>>
>> In the rest client
>> XXX_SESSIONID_X3T _100=hHXh7jWAUcW9XDd-tqY_OWxwugu-SBHkiHQAUFa0PPA%3d;
>> xxx-XSRF_G3T_100=qECjPi_D0m4joqEdx9b__A%3d%3d20150227061820KrlKU5OV02Q_jFupRMXxKYWSuM4aWnL_Ky5XB1JeZAg%3d
>>
>>
>> The cookie like xxx-XSRF_G3T_100 is not retrieved FROM apache cxf
>>
>> Can you please help with this issue as this blocks the testing of our
>> api .most of the api's cookie values are not retrieved correctly
>>
>> Thanksm
>> Aparna
>>
>> -----Original Message-----
>> From: Sergey Beryozkin [mailto:sberyozkin@gmail.com]
>> Sent: Tuesday, January 20, 2015 4:52 PM
>> To: Khare, Aparna
>> Subject: Re: Issues to retreive cross domain cookies
>>
>> OK, sounds good. CXF 2.7.14/3.0.4 would be released in the next few weeks
>>
>> Sergey
>> On 20/01/15 11:08, Khare, Aparna wrote:
>>> Sorry Sergey,I could test this and it worked. Sorry for the mail .
>>>
>>> Just wanted to know whether the fix is available in the released branch.
>>>
>>> Thanks a lot for the help
>>>
>>> -----Original Message-----
>>> From: Sergey Beryozkin [mailto:sberyozkin@gmail.com]
>>> Sent: Tuesday, January 20, 2015 4:31 PM
>>> To: Khare, Aparna
>>> Subject: Re: Issues to retreive cross domain cookies
>>>
>>> Hi
>>>
>>> Well, it is hard to know what is happening without a test case...
>>> How many Set-Cookie headers you have coming in back ? Are all of those
>>> headers not captured properly or only some of them ?
>>>
>>> Can you please select one of Set-Cookie values that is not captured
>>> correctly in Response.getHeaders() and send to me and I'll test
>>>
>>> Sergey
>>>
>>> On 20/01/15 05:32, Khare, Aparna wrote:
>>>> Hi ,
>>>>
>>>>       Thanks a lot for all the help .But unfortunately the
>>>> response.getHeaders() is also giving  not giving the full value for
>>>> the response header set-cookie.
>>>>
>>>> I'm still not able to figure out why I don't get the proper value .
>>>>
>>>> Thanks
>>>> -----Original Message-----
>>>> From: Sergey Beryozkin [mailto:sberyozkin@gmail.com]
>>>> Sent: Monday, January 19, 2015 8:12 PM
>>>> To: Khare, Aparna
>>>> Subject: Re: Issues to retreive cross domain cookies
>>>>
>>>> Hi
>>>>
>>>> CXF NewCookie parser is case-sensitive which is probably a bug, however
>>>> JAX-RS NewCookie.equals is case-sensitive... I'll need to clarify few
>>>> details and get back to you; the possible problem is that
>>>> NewToken.fromString(s).toString() will not produce the identical
>>>> strings...
>>>>
>>>> at this stage please consider a workaround, use Response.getHeaders()
>>>> and parse Set-Cookie manually. I'll keep you up to date...
>>>>
>>>> Thanks, Sergey
>>>>
>>>> On 19/01/15 14:19, Khare, Aparna wrote:
>>>>> Hi,Please see the logs
>>>>>
>>>>> ---------------------------
>>>>> ID: 2
>>>>> Response-Code: 200
>>>>> Encoding: ISO-8859-1
>>>>> Content-Type: application/atomsvc+xml
>>>>> Headers: {cache-control=[no-store, no-cache, must-revalidate,
>>>>> max-age=0, post-check=0, pre-check=0], connection=[keep-alive],
>>>>> Content-Length=[6444], content-type=[application/atomsvc+xml],
>>>>> dataserviceversion=[2.0], expires=[Tue, 03 Jul 2001 06:00:00 GMT],
>>>>> last-modified=[Mon, 19 Jan 2015 14:02:34 GMT], pragma=[no-cache],
>>>>> sap-metadata-last-modified=[Thu, 15 Jan 2015 11:48:40 GMT],
>>>>> server,set-cookie=[BIGipServertestmaint-sapapimgmt.river.jpaas.sapbydesign.com=2619950090.29727.0000;
>>>>> path=/]}
>>>>> Payload: <?xml version="1.0" encoding="UTF-8"?><app:service
>>>>> xmlns:app="http://www.w3.org/2007/app"
>>>>> xmlns:atom="http://www.w3.org/2005/Atom" xmlns:gp="jjjj"
>>>>> xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata"
>>>>> xmlns:sapjjj" xml:lang="en"
>>>>> xml:base="jjjjjjjj/GWDEMO10/"><app:workspace><atom:title
>>>>> type="text">Data</atom:title><app:collection
>>>>> sap:addressable="false" sap:content-version="1"
>>>>> href="ContactPersonCollection"><atom:title </app:service>
>>>>>
>>>>> Whereas in case of httpclient
>>>>> Set cookie read the proper value
>>>>>
>>>>> set-cookie:
>>>>> MYSAPSSO2=AjQxMDMBABhBAEQASwBPAEwASQAgACAAIAAgACAAIAACAAYxADAAMAADABBHADMAVAAgACAAIAAgACAABAAYMgAwADEANQAwADEAMQA5ADEANAAxADQABQAEAAAACAYAAlgACQACRQD%2fATUwggExBgkqhkiG9w0BBwKgggEiMIIBHgIBATELMAkGBSsOAwIaBQAwCwYJKoZIhvcNAQcBMYH%21MIH7AgEBMFAwRTELMAkGA1UEBhMCREUxDzANBgNVBAoTBlNBUC1BRzEMMAoGA1UECxMDRzNUMRcwFQYDVQQDDA4qLndkZi5zYXAuY29ycAIHIBQCAxAZATAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTUwMTE5MTQxNDUwWjAjBgkqhkiG9w0BCQQxFgQUE44GmBBJ0oZB5gBD2cKkDhFTt60wCQYHKoZIzjgEAwQvMC0CFQCeiy5yaTGt0fdwp%21o71DXrsmOznwIUOVeDlSFbLo2XjBUV2Z7iIG%2f22O4%3d;
>>>>> path=/; domain=.adf.lap.corp
>>>>> set-cookie: xxxxxx=T7xIWcf1-DhBuVgktK8asYZ2-J2f5RHksb4AUFa0PPA%3d;
>>>>> path=/
>>>>> set-cookie:
>>>>> sap-xxxxx=k8e0QqHJt2chKzKJiOTX1Q%3d%3d201501191414504AcJrLmXgNVZKp-JKdf-uadDSwCazuN7SKXLAk3oUXg%3d;
>>>>> path=/; HttpOnly
>>>>>
>>>>> Thanks
>>>>> -----Original Message-----
>>>>> From: Sergey Beryozkin [mailto:sberyozkin@gmail.com]
>>>>> Sent: Monday, January 19, 2015 7:21 PM
>>>>> To: Khare, Aparna
>>>>> Subject: Re: Issues to retreive cross domain cookies
>>>>>
>>>>> Hi, thanks for the extra details,
>>>>>
>>>>> Right, I wonder if it is some kind of a Set-Cookie parsing issue...
>>>>> Can you please do
>>>>>
>>>>> rsClient = WebClient.create(baseURI);
>>>>> WebClient.getConfig(rsClient).getInInterceptors().add(new
>>>>> LoggingInInterceptor());
>>>>>
>>>>> and let me know the exact format of Set-Cookie values (you can replace
>>>>> some sensitive properties with something like a=b if you prefer, but
I
>>>>> need to look at the actual Set-Cookie format).
>>>>>
>>>>> Thanks, Sergey
>>>>>
>>>>> On 19/01/15 13:41, Khare, Aparna wrote:
>>>>>> Sorry for the information provided
>>>>>> I prepare the webclient with url and pass all required parameters
>>>>>> like Authentication,SSL ,Proxy and then call the process response
>>>>>> where I pass rsClient.get()
>>>>>>
>>>>>> Please see the code snippet below
>>>>>>
>>>>>>         WebClient rsClient=null;
>>>>>>         try {
>>>>>>             baseURI = new URI(client.getURL());
>>>>>>             rsClient = WebClient.create(baseURI);
>>>>>>         } catch (URISyntaxException e) {
>>>>>>
>>>>>>             e.printStackTrace();
>>>>>>
>>>>>> then I call processResponse(rsClient.get()) after building the client
>>>>>>
>>>>>>     protected void processResponse(Response response){
>>>>>>       HttpClient client = new HttpClient();
>>>>>>
>>>>>>         setResponse((InputStream) response.getEntity());
>>>>>>         System.out.println(response.getCookies()+"res.getCookies");
>>>>>>         Map<String, NewCookie> map = response.getCookies();
>>>>>>         //Iterator<Map.Entry<Integer, Integer>> entries
=
>>>>>> map.entrySet().iterator();
>>>>>>         for (Entry<String, NewCookie> entry : map.entrySet())
{
>>>>>>         System.out.println("Key = " + entry.getKey() + ", Value =
>>>>>> " + entry.getValue());
>>>>>>         NewCookie cookie = entry.getValue();
>>>>>>         System.out.println(cookie.getName());
>>>>>>         System.out.println(cookie.getDomain());
>>>>>>         System.out.println(cookie.getValue());
>>>>>>
>>>>>>     }
>>>>>>          // ...
>>>>>>
>>>>>>         setResponseHeaders(response.getHeaders());
>>>>>>
>>>>>>     }
>>>>>>
>>>>>> When I print headers(response.getHeaders()) in the set-cookie
>>>>>> header im not getting the proper cookie value instead I get
>>>>>> {path=path=/;Version=1} whereas why I use the httpclient api's I
>>>>>> get proper value in the cookie.
>>>>>>
>>>>>> Note:-The url is a proxies api so cross domain cookies I might
>>>>>> have to use.
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Sergey Beryozkin [mailto:sberyozkin@gmail.com]
>>>>>> Sent: Monday, January 19, 2015 5:15 PM
>>>>>> To: users@cxf.apache.org
>>>>>> Subject: Re: Issues to retreive cross domain cookies
>>>>>>
>>>>>> Hi,
>>>>>> I can't help unless you provide enough information...
>>>>>>
>>>>>> Sergey
>>>>>> On 19/01/15 11:40, Khare, Aparna wrote:
>>>>>>> import javax.ws.rs.core.Response;  response is an instance of
>>>>>>> this the problem is even in the headers im not getting the cross
>>>>>>> domain cookies whereas it comes in Rest client
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: Sergey Beryozkin [mailto:sberyozkin@gmail.com]
>>>>>>> Sent: Monday, January 19, 2015 4:07 PM
>>>>>>> To: users@cxf.apache.org
>>>>>>> Subject: Re: Issues to retreive cross domain cookies
>>>>>>>
>>>>>>> Hi
>>>>>>> On 19/01/15 10:12, Khare, Aparna wrote:
>>>>>>>> Hello Users,
>>>>>>>>
>>>>>>>>           I have a requirement where I want to retrieve the
>>>>>>>> cross domain cookies.
>>>>>>>>
>>>>>>>> When I do response.getCookies() .I'm getting
>>>>>>>> {path=path=/;Version=1} and not the proper domain name.
>>>>>>>>
>>>>>>>> I have a proxied API which I'm testing .I'm getting the proper
>>>>>>>> response with Get but I also need the cookies because this
is
>>>>>>>> used for some
>>>>>>>> Authentication when I do a POST to the same proxied API.
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> Is 'response' an instance of JAX-RS Response class ?
>>>>>>> If so, can you use Response.getHeaders() and check what are the
>>>>>>> actual
>>>>>>> values of Set-Cookie headers ?
>>>>>>>
>>>>>>> Cheers, Sergey
>>>>>>>
>>>>>>>> Can some help how cross domain cookies are retrieved with
apache
>>>>>>>> cxf.
>>>>>>>> Thanks,
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>
>>
>


-- 
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Blog: http://sberyozkin.blogspot.com

Mime
View raw message