Uploaded image for project: 'HttpComponents HttpClient'
  1. HttpComponents HttpClient
  2. HTTPCLIENT-1909

Cookies received during authentication challenge not processed

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 4.5.5
    • Fix Version/s: 5.0 Alpha2
    • Component/s: None
    • Labels:
      None

      Description

      We fail to authenticate against a gateway requiring authentication and which is tracking progress by way of setting and updating a session cookie even during the authentication challenge:

      • client GET to same url again
        authentication transmitted
        cookie X=1 transmitted again, should have been X=2

      This is caused by actually processing the cookies only outside the MainClientExec, by the calling ProtocolExec. But with receiving the 401, the loop in MainClientExec#execute(...) is not left but the request is sent again with having only added the authentication header. The cookies having received with the 401 response are dismissed.

       

      Workaround (hack IMHO):

      final TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy() {
          private final ResponseProcessCookies fResponseProcessCookies = new ResponseProcessCookies();
          private final RequestAddCookies fRequestAddCookies = new RequestAddCookies();
      
          @Override
          public Map<String, Header> getChallenges(HttpHost authhost,
                                                   HttpResponse response,
                                                   HttpContext context) throws MalformedChallengeException {
              try {
                  fResponseProcessCookies.process(response, context);
                  final HttpClientContext clientContext = HttpClientContext.adapt(context);
                  final HttpRequest request = clientContext.getRequest();
                  request.removeHeaders("Cookie");
                  fRequestAddCookies.process(request, context);
              } catch (HttpException | IOException e) {
                  throw new MalformedChallengeException(e.getMessage(), e);
              }
              return super.getChallenges(authhost, response, context);
          }
      };
      
      final CloseableHttpClient authClient = httpClientBuilder
          .setTargetAuthenticationStrategy(authStrategy)
          .build();
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                jstammi Johannes Stamminger
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: