[prev in list] [next in list] [prev in thread] [next in thread]
List: httpclient-users
Subject: Issues with parsing httpClient cookie for XSRF handling
From: "Khare, Aparna" <aparna.khare () sap ! com>
Date: 2016-05-09 18:24:21
Message-ID: 19e0d4b0b68b4fb0bbce807dacf7ac21 () DEWDFE13DE17 ! global ! corp ! sap
[Download RAW message or body]
Dear Colleagues,
I have a service which does CSRF protection for POST and PUT method when I Do GET
I should first fetch the xsrf token passing fetch header with that I get the client \
cookies and the same cookies should be sent
I get the XSRF as well as cookies but somehow the token is giving CSRF Validation \
failed looks like an issue with cookie handling
Snippet of my code is as below
private CookieStore getCookieStore() {
HttpServletRequest req = getHttpServletRequest();
Object cs = req.getSession().getAttribute("mmmmm");
if (cs == null) {
cs = new BasicCookieStore();
req.getSession().setAttribute("mmmm", cs);
}
return (CookieStore) cs;
}
private HttpServletRequest getHttpServletRequest() {
return (HttpServletRequest) getContext().
getParameter(context.HTTP_SERVLET_REQUEST_OBJECT);
}
private void putCookieStore(CookieStore cs) {
getHttpServletRequest().getSession().setAttribute("mmm", cs);
}
Initialization of http client
DefaultHttpClient rsClient = new DefaultHttpClient();
setTrustAll(rsClient);
rsClient.setCookieStore(cs);
What can be the issue can someone please help
Thanks,
Aparna
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic