CODEWITHSUNDEEP
javahttpclientspnego
MaeseDude
MaeseDude

Reputation: 451

Apache httpclient 4.5.3 SPNEGO handshake does not store cookie

I am trying to perform a HTTP call to a backend with SPNEGO authentication. The SPNEGO authentication part itself seems to work according to the trace logs, but the login fails because the server backend is stateful, and the session cookie it sends back with its first 401 response is not used by httpclient. I can see in the trace log how httpclient sends the first request, gets a 401 with a "set-cookie" header, but no processing of that cookie; and then when httpclient responds with a new request with the "Authorization" header, there is no cookie; because of that, the server starts another login from scratch and just responds with a 401 again, with a new "set-cookie" header, and a fresh session.

After the failed handshake, httpclient does actually process the new, second session cookie and store it; this is also visible in the trace log. My cookie handling code looks like this:

        BasicCookieStore cookieStore = new BasicCookieStore();
        HttpClientBuilder clientBuilder = HttpClients.custom()
                .setConnectionManager(SslHandler.createClientConnectionManager(adapterType))
                .setRedirectStrategy(new IgnoreRedirectStrategy())
                .setRetryHandler(new DefaultHttpRequestRetryHandler(2, true))
                .setDefaultHeaders(allHeaders)
                .setSSLHostnameVerifier(SslHandler.getHostnameVerifier(adapterType))
                .setDefaultRequestConfig(defaultRequestConfig)
                .setDefaultCookieStore(cookieStore);

        RequestConfig localConfig = RequestConfig.custom()
                .setCookieSpec(CookieSpecs.STANDARD)
                .build();
        request.setConfig(localConfig);

        CloseableHttpClient client = clientBuilder.build();
        localcontext.setAttribute(ClientContext.COOKIE_STORE, cookieStore);
        org.apache.http.HttpResponse response = client.execute(request, localcontext);

So basically the question is: Is it necessary to do something special to enable storing / handling cookies during an SPNEGO or NTLM handshake? It seems to work outside of such handshakes, but not during them.

Upvotes: 0

Views: 680

Answers (1)

MaeseDude
MaeseDude

Reputation: 451

I could fix the issue using this code:

https://github.com/eveoh/ews-java-api/commit/c6f54bb9665c3b714e41ad43ebe31527f77b59fe

With it, the cookie is correctly stored and used during the handshake.

Upvotes: 1

Related Questions