add authorization header (user/password) before sendRedirect
in [Java Help]
|
From: Daniel Pitts on 10 Dec 2009 14:35 eunever32(a)yahoo.co.uk wrote: > On Dec 7, 8:01 pm, Daniel Pitts > <newsgroup.spamfil...(a)virtualinfinity.net> wrote: >> euneve...(a)yahoo.co.uk wrote: >>> So I then tried apache-commons HttpClient which worked(!) but the >>> JSESSIONID was not present in the returned html which meant any >>> further http requests returned "user/password not found." Could this >>> be because the server doesn't think the client supports cookies? >>> Any suggestions on how to proceed? >>> I would be happy with the HttpClient if it worked but am concerned >>> that it may not be future-proof (should the server side change in >>> future). >> HttpClient from the apache-commons is a great toolkit. >> >> Usually, JSESSIONID is set as a cookie. You will probably have to >> inspect the response from the downstream server, and re-write the >> cookies to match your domain. Then, when you make a request, make sure >> that you pass the users cookies to the downstream server. >> >> -- >> Daniel Pitts' Tech Blog: <http://virtualinfinity.net/wordpress/> > > Hi > > Request 1: PC -> Tomcat -> LoadBalancer ->ServerNode > Request 2, 3, 4, 5 etc: PC->LoadBalancer->ServerNode > The arrangement is the first request to RemoteServer is as follows: > HttpClient originates on the Tomcat; html response is streamed into > response to the browser > !Subsequent requests from PC go directly to RemoteServer! Hence > missing cookie. > > > I know a little more about the issue and the problem is because we're > hitting a load-balancer first > and then a server-node behind the load-balancer. > > If we bypass the load-balancer everything works. > > However the requirement is to route through the load balancer. > > There is a cookie required for the load-balancer which the browser is > not sending. > > The jsessionid is okay because that's on the URL > > I guess if I can get the Cookie into the browser that might work. > > I have tried setting the Cookie in the response but didn't work. > > This is the code: > String[] cookieParams = h.getValue().split(";"); > String[] currentParam = cookieParams[0].split("="); > Cookie cookie = new Cookie(currentParam[0], currentParam[1]); > cookie.setDomain("load-balancer-host"); > response.addCookie(cookie); > > Does the setDomain look correct? > > Is there an alternative way to test this? For example if jsessionid > can be passed in the URL, > can the cookie for the load-balancer-node also be set on the URL? > Because I did try this but to no avail. > > Thoughts suggestions appreciated. You're server node is going to have to set the cookie, not your original request to tomcat. The reason is you can't set a cookie on another domain. -- Daniel Pitts' Tech Blog: <http://virtualinfinity.net/wordpress/>
From: eunever32 on 10 Dec 2009 18:07 On Dec 10, 7:35 pm, Daniel Pitts <newsgroup.spamfil...(a)virtualinfinity.net> wrote: > euneve...(a)yahoo.co.uk wrote: > > On Dec 7, 8:01 pm, Daniel Pitts > > <newsgroup.spamfil...(a)virtualinfinity.net> wrote: > >> euneve...(a)yahoo.co.uk wrote: > >>> So I then tried apache-commons HttpClient which worked(!) but the > >>> JSESSIONID was not present in the returned html which meant any > >>> further http requests returned "user/password not found." Could this > >>> be because the server doesn't think the client supports cookies? > >>> Any suggestions on how to proceed? > >>> I would be happy with the HttpClient if it worked but am concerned > >>> that it may not be future-proof (should the server side change in > >>> future). > >> HttpClient from the apache-commons is a great toolkit. > > >> Usually, JSESSIONID is set as a cookie. You will probably have to > >> inspect the response from the downstream server, and re-write the > >> cookies to match your domain. Then, when you make a request, make sure > >> that you pass the users cookies to the downstream server. > > >> -- > >> Daniel Pitts' Tech Blog: <http://virtualinfinity.net/wordpress/> > > > Hi > > > Request 1: PC -> Tomcat -> LoadBalancer ->ServerNode > > Request 2, 3, 4, 5 etc: PC->LoadBalancer->ServerNode > > The arrangement is the first request to RemoteServer is as follows: > > HttpClient originates on the Tomcat; html response is streamed into > > response to the browser > > !Subsequent requests from PC go directly to RemoteServer! Hence > > missing cookie. > > > I know a little more about the issue and the problem is because we're > > hitting a load-balancer first > > and then a server-node behind the load-balancer. > > > If we bypass the load-balancer everything works. > > > However the requirement is to route through the load balancer. > > > There is a cookie required for the load-balancer which the browser is > > not sending. > > > The jsessionid is okay because that's on the URL > > > I guess if I can get the Cookie into the browser that might work. > > > I have tried setting the Cookie in the response but didn't work. > > > This is the code: > > String[] cookieParams = h.getValue().split(";"); > > String[] currentParam = cookieParams[0].split("="); > > Cookie cookie = new Cookie(currentParam[0], currentParam[1]); > > cookie.setDomain("load-balancer-host"); > > response.addCookie(cookie); > > > Does the setDomain look correct? > > > Is there an alternative way to test this? For example if jsessionid > > can be passed in the URL, > > can the cookie for the load-balancer-node also be set on the URL? > > Because I did try this but to no avail. > > > Thoughts suggestions appreciated. > > You're server node is going to have to set the cookie, not your original > request to tomcat. The reason is you can't set a cookie on another domain.. > > -- > Daniel Pitts' Tech Blog: <http://virtualinfinity.net/wordpress/> Thanks Daniel If it's not possible to use a cookie, is there any other way to get the value into the request? Would it be a header or a parameter?
From: Daniel Pitts on 10 Dec 2009 19:17
eunever32(a)yahoo.co.uk wrote: > On Dec 10, 7:35 pm, Daniel Pitts > <newsgroup.spamfil...(a)virtualinfinity.net> wrote: >> euneve...(a)yahoo.co.uk wrote: >>> On Dec 7, 8:01 pm, Daniel Pitts >>> <newsgroup.spamfil...(a)virtualinfinity.net> wrote: >>>> euneve...(a)yahoo.co.uk wrote: >>>>> So I then tried apache-commons HttpClient which worked(!) but the >>>>> JSESSIONID was not present in the returned html which meant any >>>>> further http requests returned "user/password not found." Could this >>>>> be because the server doesn't think the client supports cookies? >>>>> Any suggestions on how to proceed? >>>>> I would be happy with the HttpClient if it worked but am concerned >>>>> that it may not be future-proof (should the server side change in >>>>> future). >>>> HttpClient from the apache-commons is a great toolkit. >>>> Usually, JSESSIONID is set as a cookie. You will probably have to >>>> inspect the response from the downstream server, and re-write the >>>> cookies to match your domain. Then, when you make a request, make sure >>>> that you pass the users cookies to the downstream server. >>>> -- >>>> Daniel Pitts' Tech Blog: <http://virtualinfinity.net/wordpress/> >>> Hi >>> Request 1: PC -> Tomcat -> LoadBalancer ->ServerNode >>> Request 2, 3, 4, 5 etc: PC->LoadBalancer->ServerNode >>> The arrangement is the first request to RemoteServer is as follows: >>> HttpClient originates on the Tomcat; html response is streamed into >>> response to the browser >>> !Subsequent requests from PC go directly to RemoteServer! Hence >>> missing cookie. >>> I know a little more about the issue and the problem is because we're >>> hitting a load-balancer first >>> and then a server-node behind the load-balancer. >>> If we bypass the load-balancer everything works. >>> However the requirement is to route through the load balancer. >>> There is a cookie required for the load-balancer which the browser is >>> not sending. >>> The jsessionid is okay because that's on the URL >>> I guess if I can get the Cookie into the browser that might work. >>> I have tried setting the Cookie in the response but didn't work. >>> This is the code: >>> String[] cookieParams = h.getValue().split(";"); >>> String[] currentParam = cookieParams[0].split("="); >>> Cookie cookie = new Cookie(currentParam[0], currentParam[1]); >>> cookie.setDomain("load-balancer-host"); >>> response.addCookie(cookie); >>> Does the setDomain look correct? >>> Is there an alternative way to test this? For example if jsessionid >>> can be passed in the URL, >>> can the cookie for the load-balancer-node also be set on the URL? >>> Because I did try this but to no avail. >>> Thoughts suggestions appreciated. >> You're server node is going to have to set the cookie, not your original >> request to tomcat. The reason is you can't set a cookie on another domain.. > Thanks Daniel > If it's not possible to use a cookie, is there any other way to get > the value into the request? Would it be a header or a parameter? You can not make the client user-agent do anything at all. You can only intercept and proxy, or redirect. Your cookie should be set by your server-node. Tomcat could use a redirect to send the client to a particular URL on your server/load-balancer. The response of *that* URL should be the one that sets the cookie! Hint, if your Tomcat instance is the only one that knows the proper value, of the redirect URL contain a query parameter. -- Daniel Pitts' Tech Blog: <http://virtualinfinity.net/wordpress/> |