I am trying to write a library that accesses a RESTful web service using the Jersey Client API. The service requires a login request that sets a cookie, then subsequent requests must have that cookie set to succeed. The login request works as expected, and I am able to retrieve the cookie in the response from the login, but cannot seem to add the cookie back in subsequent requests. Can anyone tell what I might be doing wrong. Here is the code that makes the request:
MultivaluedMap<String,String> qs = new MultivaluedMapImpl();
qs.add( "xml", this.toXmlString() );
WebResource wr = client.resource( Constants.ServiceURL );
if ( CookieJar.Cookies != null )
{
for ( NewCookie c : CookieJar.Cookies )
{
logger.debug( "Setting cookie " + c.getName() );
wr.cookie( c );
}
}
ClientResponse response = wr.queryParams( qs ).get( ClientResponse.class );
While the request doesn't fail, the service responds with the application error "No Session". Here is the log trace of the request sequence:
Jul 15, 2011 5:20:33 PM com.sun.jersey.api.client.filter.LoggingFilter log
INFO: 1 * Client out-bound request
1 > GET https://www.company.com/TrackerXMLInterface.asp?xml=%3Cxml%3E%3CTRANTYPE%3ELOGIN%3C/TRANTYPE%3E%3CTRANPARMS%3E%3CLOGINID%3Emylogin%3C/LOGINID%3E%3CPASSPHRASE%3EBa1b2c3%3C/PASSPHRASE%3E%3C/TRANPARMS%3E%3C/xml%3E
Jul 15, 2011 5:20:35 PM com.sun.jersey.api.client.filter.LoggingFilter log
INFO: 1 * Client in-bound response
1 < 200
1 < Date: Fri, 15 Jul 2011 22:20:35 GMT
1 < Content-Length: 150
1 < Set-Cookie: ASPSESSIONIDSUBSBSRR=GBGOKGJDAAHCNDDHPBFICFIH; secure; path=/
1 < Content-Type: text/html
1 < Server: Microsoft-IIS/7.0
1 < X-Powered-By: ASP.NET
1 < Cache-Control: private
1 <
<XML><TRANRESULTS><TRANRETURNCODE>L00</TRANRETURNCODE><TRANRETURNMSG>Valid Login </TRANRETURNMSG><TRANDETAIL></TRANDETAIL></TRANRESULTS></XML>
[continued below]
I'm thinking the following request should have the cookies in the header:
Jul 15, 2011 5:20:35 PM com.sun.jersey.api.client.filter.LoggingFilter log
INFO: 1 * Client out-bound request
1 > GET https://www.company.com/TrackerXMLInterface.asp?xml=%3Cxml%3E%3CTRANTYPE%3ESSNLAST%3C/TRANTYPE%3E%3CTRANPARMS%3E%3CSSN%3E123456789%3C/SSN%3E%3CLASTNAME%3ESchmoe%3C/LASTNAME%3E%3C/TRANPARMS%3E%3C/xml%3E
Jul 15, 2011 5:20:35 PM com.sun.jersey.api.client.filter.LoggingFilter log
INFO: 1 * Client in-bound response
1 < 200
1 < Date: Fri, 15 Jul 2011 22:20:35 GMT
1 < Content-Length: 150
1 < Set-Cookie: ASPSESSIONIDSUBSBSRR=HBGOKGJDIAPBBEIGLOILDJDN; secure; path=/
1 < Content-Type: text/html
1 < Server: Microsoft-IIS/7.0
1 < X-Powered-By: ASP.NET
1 < Cache-Control: private
1 <
<XML><TRANRESULTS><TRANRETURNCODE>R04</TRANRETURNCODE><TRANRETURNMSG>No Session </TRANRETURNMSG><TRANDETAIL></TRANDETAIL></TRANRESULTS></XML>
Any guidance on this is much appreciated.
The problem is WebResource is immutable - the cookie() method returns WebResource.Builder. So, doing the following just creates a new instance of WebResource.Builder every time you call cookie (and does not modify the original WebResource at all). You ignore those Builder instances and still perform the request on the original WebResource:
for ( NewCookie c : CookieJar.Cookies ) {
logger.debug( "Setting cookie " + c.getName() );
wr.cookie( c );
}
You should do the following instead:
WebResource.Builder builder = wr.getRequestBuilder();
for (NewCookie c : CookieJar.Cookies) {
builder = builder.cookie(c);
}
Then you can make the request by:
ClientResponse response = builder.queryParams(qs).get(ClientResponse.class);
Also, to avoid duplicating this code in all your resource methods, you may want to consider writing a client filter, which will do it for you for all your requests. E.g. the following code would ensure cookies sent from the server get set for each response:
client.addFilter(new ClientFilter() {
private ArrayList<Object> cookies;
@Override
public ClientResponse handle(ClientRequest request) throws ClientHandlerException {
if (cookies != null) {
request.getHeaders().put("Cookie", cookies);
}
ClientResponse response = getNext().handle(request);
if (response.getCookies() != null) {
if (cookies == null) {
cookies = new ArrayList<Object>();
}
// simple addAll just for illustration (should probably check for duplicates and expired cookies)
cookies.addAll(response.getCookies());
}
return response;
}
});
NOTE: This will only work if you don't share client instances with multiple threads!
I have found that a simpler way to ensure cookies are sent back is to use the Apache HTTP client integration of jersey-client. It is found in the maven package jersey-apache-client:
<dependency>
<groupId>com.sun.jersey.contribs</groupId>
<artifactId>jersey-apache-client</artifactId>
<version>1.13</version>
<type>jar</type>
</dependency>
You can then do:
ApacheHttpClientConfig config = new DefaultApacheHttpClientConfig();
config.getProperties().put(ApacheHttpClientConfig.PROPERTY_HANDLE_COOKIES, true);
ApacheHttpClient client = ApacheHttpClient.create(config);
From then on, just keep using the same client across requests and the cookies will be collected and sent back to the server as expected.
Perhaps you need to fit cookies into a WebResource call that had been working previously without them. Then you might find yourself breaking up your line of code that you can work with the builder part way through. To include cookies, your code might go from:
clientResponse = webResource.queryParams(parameters).type(httpContentType).accept(httpAcceptType).post(ClientResponse.class, requestBody);
To:
builder = webResource.queryParams(parameters).type(httpContentType);
if (cookieJar != null)
{
for (Cookie c : cookieJar)
builder = builder.cookie(c);
}
clientResponse = builder.accept(httpAcceptType).post(ClientResponse.class, requestBody);