[prev in list] [next in list] [prev in thread] [next in thread] 

List:       httpclient-users
Subject:    Issues with parsing httpClient cookie for XSRF handling
From:       "Khare, Aparna" <aparna.khare () sap ! com>
Date:       2016-05-09 18:24:21
Message-ID: 19e0d4b0b68b4fb0bbce807dacf7ac21 () DEWDFE13DE17 ! global ! corp ! sap
[Download RAW message or body]


Dear Colleagues,

   I have a service which does CSRF protection for POST and PUT method when I Do GET
I should first fetch the xsrf token passing fetch header with that I get the client \
cookies and the same cookies should be sent

I get the XSRF as well as cookies but somehow the token is giving CSRF Validation \
failed looks like an issue with cookie handling

Snippet of my code is as below

private CookieStore getCookieStore() {
    HttpServletRequest req = getHttpServletRequest();
    Object cs = req.getSession().getAttribute("mmmmm");
    if (cs == null) {
      cs = new BasicCookieStore();
      req.getSession().setAttribute("mmmm", cs);
  }
  return (CookieStore) cs;
}
  private HttpServletRequest getHttpServletRequest() {
    return (HttpServletRequest) getContext().
          getParameter(context.HTTP_SERVLET_REQUEST_OBJECT);
  }


  private void putCookieStore(CookieStore cs) {
  getHttpServletRequest().getSession().setAttribute("mmm", cs);
}

Initialization of http client
DefaultHttpClient rsClient = new DefaultHttpClient();
    setTrustAll(rsClient);
    rsClient.setCookieStore(cs);

What can be the issue can someone please help

Thanks,
Aparna



[prev in list] [next in list] [prev in thread] [next in thread]