hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: R: Proxy ssl problem
Date Fri, 27 Jan 2006 11:56:26 GMT
On Fri, 2006-01-27 at 12:46 +0100, Oleg Kalnichevski wrote:
> On Fri, 2006-01-27 at 12:36 +0100, MENNO ANGELO (Esterno) wrote:
> > >This is likely to be due to the 'stale' connection check. If you think
> > >this may be the cause of some problems, disable the 'stale' connection
> > >check.
> > >
> > >For details see
> > >http://jakarta.apache.org/commons/httpclient/performance.html#Stale%
> > >20connection%20check
> > 
> > done, it works, great!
> > 
> > >What cookie policy have you been using?
> > 
> > I tried all 4 options, Default, Compatibility, Netscape, RFC_2109.
> > different headers, same wrong results and behavior.
> > 
> > There is a strange fact,
> > I'm logging headers in post-excecution :
> > for (int i = 0; i < post.getRequestHeaders().length; i++)
> > 	System.out.println("post Headers : " + post.getRequestHeaders()[i].getName() +
", " + post.getRequestHeaders()[i].getValue());
> > 
> > next, I log the cookies :
> > Cookie[] cookies = httpclient.getState().getCookies();
> > for (int i = 0; i < cookies.size(); i++) {
> > 	System.out.println("cookieName[" + i + "] = " + cookies[i].getName() + ", cookieValue["
+ i + "] = " + cookies[i].getValue());
> > }
> > 
> > ibveSession value is different, and the header one is correct (the one i posted
before in request phase, i suppose).
> > 
> 
> Tyler,
> 
> The best thing you can do in this situation is to capture the HTTP
> session generated by a browser using a browser plug-in (you cannot just
> use a traffic analyzer because the data is encrypted in transport) and
> try to emulate this HTTP session using HttpClient
> 
> Oleg  
> 

Wait. You are hitting the site via a proxy, right? So, just use a
traffic analyzer to capture the traffic between the browser and the
proxy. You can see what HTTP packets HttpClient generated by turning on
the wire log. Comparing the two will surely let see what HttpClient does
differently

Oleg


> 
> 
> > Thanks,
> > Tyler
> > 
> > -----Messaggio originale-----
> > Da: Oleg Kalnichevski [mailto:olegk@apache.org] 
> > Inviato: venerdì 27 gennaio 2006 11.33
> > A: HttpClient User Discussion
> > Cc: MENNO ANGELO (Esterno)
> > Oggetto: Re: Proxy ssl problem
> > 
> > On Fri, 2006-01-27 at 10:39 +0100, MENNO ANGELO (Esterno) wrote:
> > > Hi,
> > > i'm trying to use httpClient to connect my bank site.
> > > I 'have a proxy and the bank site use the https protocol.
> > > Login process give me an Ok Response and a javascript redirect to
> > > another page.
> > > I follow that redirect and it give me another redirect.
> > > This second one take me to a new home page with a login button! (it is
> > > different from the first home page).
> > >  
> > > If i try to get a know internal page it give me an error one with
> > > message "Session expired. You have to reconnect"
> > >  
> > > By Dolphin browser i discovered that the first redirect is correct
> > > (login is ok), not the second.
> > >  
> > > By Netscape broser i saw that :
> > > - the session cookie are 3, called ibveSession, Ibno0Session, SHARK.
> > > - connection is AES-256 256 bit of encryption grade.
> > >  
> > > -My httpClient the sequense is :
> > > - call the http home page, it give me the ibveSession with a value, for
> > > example A.
> > > - call the https login link, simulating the login form.
> > > - response is ok, ibveSession is still A and the new Ibno0Session cookie
> > > is obtained.
> > > - follow the redirect, ibveSession is changed (sic!), Ibno0Session
> > > remains the same (sic sic!!).
> > >  
> > > Using debug and -Djavax.net.debug=all options, i don't find errors, just
> > > :
> > > AWT-EventQueue-0, setSoTimeout(1) called
> > > AWT-EventQueue-0, handling exception: java.net.SocketTimeoutException:
> > > Read timed out
> > > AWT-EventQueue-0, setSoTimeout(0) called
> > > 
> > 
> > This is likely to be due to the 'stale' connection check. If you think
> > this may be the cause of some problems, disable the 'stale' connection
> > check.
> > 
> > For details see
> > http://jakarta.apache.org/commons/httpclient/performance.html#Stale%
> > 20connection%20check
> > 
> > > 
> > > that seems to be right cause it is followed by a correct comunication.
> > >  
> > > I have put my attention on html post parameters and everything seems to
> > > be ok.
> > >  
> > > I tried to give them a wrong User/password and it correctly give me an
> > > error page.
> > >  
> > > I conclude that the problem is at cookie/session level.
> > >  
> > > I have no more ideas so i try with your help.
> > >  
> > > Does httpclient support 256 encription rate?
> > 
> > HttpClient relies on JSSE for the SSL/TLS support. Any encryption
> > algorithm supported by JVM's JSSE providers can be used by HttpClient.
> > 
> > For details see
> > http://jakarta.apache.org/commons/httpclient/sslguide.html
> > 
> > > Does httpclient support 3 session cookies?
> > >  
> > 
> > HttpClient supports infinite number of cookies (limited only by the size
> > of the JVM's heap)
> > 
> > What cookie policy have you been using?
> > 
> > For details see 
> > http://jakarta.apache.org/commons/httpclient/cookies.html
> > 
> > Oleg
> > 
> > > thanks,
> > > Tyler
> > >  
> > > ps: Dolphin doesn't use httpClient... :|
> > >  
> > > 
> > > -----------------------------------------------------------------------------------------
> > > 
> > > Il contenuto del messaggio e di ogni suo allegato e' da ritenersi riservato
e confidenziale ed e' indirizzato esclusivamente al destinatario. Chi ricevesse il presente
messaggio senza esserne l'effettivo destinatario e' tenuto a non divulgarlo, diffonderlo o
riprodurlo in alcun modo. 
> > > 
> > > Qualora abbiate ricevuto la presente comunicazione per errore siete pregati
di rispedirla al mittente e di cancellare il messaggio originale dal Vostro sistema di posta
elettronica. Grazie
> > > 
> > > Agos S.p.A.
> > > via Bernina, 7
> > > 20158 MILANO
> > 
> > 
> > -----------------------------------------------------------------------------------------
> > 
> > Il contenuto del messaggio e di ogni suo allegato e' da ritenersi riservato e confidenziale
ed e' indirizzato esclusivamente al destinatario. Chi ricevesse il presente messaggio senza
esserne l'effettivo destinatario e' tenuto a non divulgarlo, diffonderlo o riprodurlo in alcun
modo. 
> > 
> > Qualora abbiate ricevuto la presente comunicazione per errore siete pregati di rispedirla
al mittente e di cancellare il messaggio originale dal Vostro sistema di posta elettronica.
Grazie
> > 
> > Agos S.p.A.
> > via Bernina, 7
> > 20158 MILANO
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> > 
> > 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message