hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject RE: cookie processing
Date Wed, 08 Mar 2006 14:44:21 GMT
On Wed, 2006-03-08 at 15:29 +0100, Hoef, Jan wrote:
> Oleg,
> 
> I did not get any response from the slide mailing list concerning plans
> to migrate 
> httpclient in slide.

I saw your post on the slide-user list. I think you should have rather
tried to talk to the Slide developers on the slide-dev

> I thinking to do the migration myself. Can you estimate how much effort
> is needed to do this?

As far as I know, there's already a patch in Bugzilla [1] that makes
Slide compatible with HttpClient 3.0. You could use it as a starting
point 

[1] http://issues.apache.org/bugzilla/attachment.cgi?id=15294


> You suggested to lend a helping hand to port the code. How will you do
> this?

I can review the patch if needed

> Does there exist some documentation about the migration. What are the
> pitfalls?

Unfortunately not. Simply act on all deprecation warnings and replace
references to deprecated methods with new methods from the 3.0 API.
Javadoc should suggest which new methods or classes to use instead of
the deprecated ones. 

Oleg

> 
> Jan
>  
> 
> -----Original Message-----
> From: Oleg Kalnichevski [mailto:olegk@apache.org] 
> Sent: maandag 20 februari 2006 18:57
> To: HttpClient Project
> Subject: RE: cookie processing
> 
> On Mon, 2006-02-20 at 17:32 +0100, Hoef, Jan wrote:
> > Hi Oleg,
> > 
> > I had a wrong statement in my first mail, the value of the second
> cookie
> > was quoted.
> >
> cadata="1,kou8Vc9O9nrV4YRnTwVz6QMNbuiWuIg2NprLOkMT4NEcDtGkSTB2P9ORB2QUHs
> > uP+E2OfwYC4rWCMgGe".
> > 
> > I tested it on httpclient 2 and 3.
> > Only the netscape draft spec of httpclient 3 parsed the sessionid
> cookie
> > into 1 cookie all the other made 2 cookies from it.
> > 
> > Jan 
> > 
> 
> Which is precisely the way it is meant to be. 
> 
> 
> You have a few choices here
> 
> (1) report the bug to the software manufacturer and get them fix it
> (2) inquire with the Slide folks if they have any plans to migrate off
> HttpClient 2.0 to HttpClient 3.0. If needed, I can lend them a helping
> help porting the code to the newest HttpClient release
> (3) fork HttpClient 2.0
> 
> Oleg
> 
> 
> > Testcase httpclient3:
> > 
> > 
> > package org.apache.commons.httpclient.cookie;
> > 
> > import org.apache.commons.httpclient.Cookie;
> > import org.apache.commons.httpclient.cookie.CookieSpec;
> > 
> > import junit.framework.TestCase;
> > 
> > public class TestWrongCookie extends TestCase {
> >      
> >     public void testParseRFC2109() throws Exception {
> >  
> >         CookieSpec parser = new RFC2109Spec();
> >         String setCookie1 =
> > "sessionid=4241de88-1c21-4f39-b7b7-f50a87d6a828, 0x409; path=/";
> >         String setCookie2 =
> >
> "cadata=\"1,kou8Vc9O9nrV4YRnTwVz6QMNbuiWuIg2NprLOkMT4NEcDtGkSTB2P9ORB2QU
> > HsuP+E2OfwYC4rWCMgGe\"; HttpOnly; secure; path=/";
> >         Cookie[] parsed1 =
> > parser.parse("127.0.0.1",80,"/",true,setCookie1);
> >         Cookie[] parsed2 =
> > parser.parse("127.0.0.1",80,"/",true,setCookie2);
> >         assertEquals(2,parsed1.length);
> >         assertEquals(1,parsed2.length);
> >      }
> >     
> >     public void testParseNetscape() throws Exception {
> >  
> >         
> >         CookieSpec parser = new NetscapeDraftSpec();
> >         String setCookie1 =
> > "sessionid=4241de88-1c21-4f39-b7b7-f50a87d6a828, 0x409; path=/";
> >         String setCookie2 =
> >
> "cadata=\"1,kou8Vc9O9nrV4YRnTwVz6QMNbuiWuIg2NprLOkMT4NEcDtGkSTB2P9ORB2QU
> > HsuP+E2OfwYC4rWCMgGe\"; HttpOnly; secure; path=/";
> >         Cookie[] parsed1 =
> > parser.parse("127.0.0.1",80,"/",true,setCookie1);
> >         Cookie[] parsed2 =
> > parser.parse("127.0.0.1",80,"/",true,setCookie2);
> >         assertEquals(1,parsed1.length);
> >         assertEquals(1,parsed2.length);
> >      }
> > }
> > 
> > -----Original Message-----
> > From: Oleg Kalnichevski [mailto:olegk@apache.org] 
> > Sent: maandag 20 februari 2006 15:54
> > To: HttpClient Project
> > Subject: RE: cookie processing
> > 
> > On Mon, 2006-02-20 at 15:46 +0100, Hoef, Jan wrote:
> > > Thanx for your explanation. I'll try out the Netscape cookie draft
> > spec.
> > > However the httpclient code generates only 3 cookies out of it, not
> 4.
> > > 
> > > Jan
> > > 
> > 
> > Jan,
> > I have not touched the HttpClient 2.x code for almost 6 months now, so
> I
> > may well be wrong about it, but I do see that both cookies violate the
> > HTTP spec. Try hitting the site with HttpClient 3.0 and see if that
> > makes any difference
> > 
> > Oleg 
> > 
> > 
> > > -----Original Message-----
> > > From: Oleg Kalnichevski [mailto:olegk@apache.org] 
> > > Sent: maandag 20 februari 2006 15:36
> > > To: HttpClient Project
> > > Subject: Re: cookie processing
> > > 
> > > On Mon, 2006-02-20 at 14:34 +0100, Hoef, Jan wrote:
> > > > Hi,
> > > >  
> > > > I am working with the jakarta project slide that uses the
> > > > commons-httpclient-2.0.2. 
> > > > I have written a client that sends requests via webdav  to the
> > > microsoft
> > > > exchange server 2003.
> > > > In the exchange server form based authentication is active. 
> > > > Wenn I enter my logon credentials in my post request, the server
> > > > responds containing 2 cookies that are needed in all next request.
> > > > These cookies are, e.g.:
> > > > - sessionid=4241de88-1c21-4f39-b7b7-f50a87d6a828, 0x409; path=/
> > > > -
> > > >
> > >
> >
> cadata=1,kou8Vc9O9nrV4YRnTwVz6QMNbuiWuIg2NprLOkMT4NEcDtGkSTB2P9ORB2QUHsu
> > > > P+E2OfwYC4rWCMgGe; HttpOnly; secure; path=/
> > > >  
> > > > However at parsing the cookies, 3 cookies are recognized, i.e.:
> > > > - sessionid=4241de88-1c21-4f39-b7b7-f50a87d6a828
> > > > - 0x409
> > > > -
> > > >
> > >
> >
> cadata=1,kou8Vc9O9nrV4YRnTwVz6QMNbuiWuIg2NprLOkMT4NEcDtGkSTB2P9ORB2QUHsu
> > > > P+E2OfwYC4rWCMgGe
> > > >  
> > > > The 0x409 part should not be a cookie but should be a part of the
> > > > sessionid cookie!!!
> > > >  
> > > 
> > > No, this is wrong. The cookie sessionid clearly violates the HTTP
> spec
> > > and the Cookie and Cookie2 specs. Please report this bug to the
> > software
> > > manufacturer.
> > > 
> > > Actually you should be getting 4 cookies in total, as the cadata
> > cookie
> > > is invalid as well.
> > > 
> > > HttpClient 3.0 provides the Netscape Draft cookie spec which may
> work
> > > with these cookies. Netscape Cookie Draft is the only spec that
> > permits
> > > the use of special separator characters, such as comma, in cookie
> > values
> > > that are not enclosed in quotes
> > > 
> > > Hope this explains the situation
> > > 
> > > Oleg  
> > > 
> > > 
> > > > The ideal solution would be to correct this in the cookie parser.
> > > > Because I am no expert in cookies and httpclient, Ii changed the
> > > > httpstate class in such a  way that I can manipulate the cookies.
> > See
> > > > path below.
> > > >  
> > > > Jan
> > > >  
> > > > 
> > > > 
> > > > [patch]
> > > > Index:
> > > >
> > >
> >
> D:/jakarta/httpclient/src/java/org/apache/commons/httpclient/HttpState.j
> > > > ava
> > > >
> ===================================================================
> > > > ---
> > > >
> > >
> >
> D:/jakarta/httpclient/src/java/org/apache/commons/httpclient/HttpState.j
> > > > ava	(revision 379076)
> > > > +++
> > > >
> > >
> >
> D:/jakarta/httpclient/src/java/org/apache/commons/httpclient/HttpState.j
> > > > ava	(working copy)
> > > > @@ -1,7 +1,7 @@
> > > >  /*
> > > >   * $Header:
> > > >
> > >
> >
> /home/jerenkrantz/tmp/commons/commons-convert/cvs/home/cvs/jakarta-commo
> > > >
> > ns//httpclient/src/java/org/apache/commons/httpclient/HttpState.java,v
> > > > 1.22.2.3 2003/10/29 03:08:49 mbecke Exp $
> > > >   * $Revision: 1.22.2.3 $
> > > > - * $Date: 2003/10/29 03:08:49 $
> > > > + * $Date$
> > > >   *
> > > >   *
> > > ====================================================================
> > > >   *
> > > > @@ -96,7 +96,7 @@
> > > >   * @author <a href="mailto:mbowler@GargoyleSoftware.com">Mike
> > > > Bowler</a>
> > > >   * @author <a href="mailto:adrian@intencha.com">Adrian Sutton</a>
> > > >   * 
> > > > - * @version $Revision: 1.22.2.3 $ $Date: 2003/10/29 03:08:49 $
> > > > + * @version $Revision: 1.22.2.3 $ $Date$
> > > >   * 
> > > >   */
> > > >  public class HttpState {
> > > > @@ -199,6 +199,7 @@
> > > >      public synchronized void addCookie(Cookie cookie) {
> > > >          LOG.trace("enter HttpState.addCookie(Cookie)");
> > > >  
> > > > +        int i = 0;
> > > >          if (cookie != null) {
> > > >              // first remove any old cookie that is equivalent
> > > >              for (Iterator it = cookies.iterator(); it.hasNext();)
> {
> > > > @@ -207,13 +208,37 @@
> > > >                      it.remove();
> > > >                      break;
> > > >                  }
> > > > +                i++;
> > > >              }
> > > >              if (!cookie.isExpired()) {
> > > > -                cookies.add(cookie);
> > > > +		    if (i==0)
> > > > +		    	   cookies.add(cookie);
> > > > +		    else	
> > > > +                	   cookies.add(i,cookie);
> > > >              }
> > > >          }
> > > >      }
> > > > +    /**
> > > > +     * Remove an {@link Cookie HTTP cookie}, any existing
> > equivalent
> > > > cookies.
> > > > +     * 
> > > > +     * @param cookie the {@link Cookie cookie} to be removed
> > > > +     * 
> > > > +     */
> > > > +    public synchronized void removeCookie(Cookie cookie) {
> > > > +        LOG.trace("enter HttpState.removeCookie(Cookie)");
> > > >  
> > > > +        if (cookie != null) {
> > > > +            // first remove any old cookie that is equivalent
> > > > +            for (Iterator it = cookies.iterator(); it.hasNext();)
> {
> > > > +                Cookie tmp = (Cookie) it.next();
> > > > +                if (cookie.equals(tmp)) {
> > > > +                    it.remove();
> > > > +                    break;
> > > > +                }
> > > > +            }
> > > > +        }
> > > > +    }
> > > > +
> > > >      /**
> > > >       * Adds an array of {@link Cookie HTTP cookies}. Cookies are
> > > added
> > > > individually and 
> > > >       * in the given array order. If any of the given cookies has
> > > > already expired it will 
> > > > 
> > > >
> > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail:
> > httpclient-dev-unsubscribe@jakarta.apache.org
> > > > For additional commands, e-mail:
> > > httpclient-dev-help@jakarta.apache.org
> > > > 
> > > > 
> > > 
> > > 
> > >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail:
> httpclient-dev-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail:
> > httpclient-dev-help@jakarta.apache.org
> > > 
> > > 
> > >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail:
> httpclient-dev-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail:
> > httpclient-dev-help@jakarta.apache.org
> > > 
> > > 
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> httpclient-dev-help@jakarta.apache.org
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> httpclient-dev-help@jakarta.apache.org
> > 
> > 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


Mime
View raw message