I have the following situation that I'm still not able to manage:
I wrote a java class to read a http response from a site that receive POST parameters
I use HttpURLConnection and pass the input parameters
the result obtained is another form that redirect to another page (via HTTPS) to which I have to pass a username and a password and an hodden value. this page show the result in a target page (that is the firt url)
I made a call to this other page via HTTPS (HttpsURLConnection) and obtained a http 302 response code
I'm not able to reach the result page, since the followredirect option doesn't work when the protocol change (from http to https)
Can anyone help me please?
Hope I have succesfully explained.
Thanks in advance for support and regards.
Related
I've browsed a bunch of questions that are similar to mine, but none of the solutions I have tried seem to work.
I have a Jersey2.0 REST service that adds a cookie to the response and returns it to an Angularjs front end application. I already have the setup done correctly (Access-Control-Allow-Credentials=true, no wildcard in Access-Control-Allow-Origin, etc..).
I do it by adding a "SET-COOKIE" header on the response like so:
MultivaluedMap<String, Object> headers = responseContext.getHeaders();
headers.add("SET-COOKIE", new NewCookie(cookieName, cookieValue);
This works, and I can see the cookie being returned in the response of that particular REST service call to that particular REST endpoint. What I mean is, on the Chrome developer console under the Network tab, I can click on the request that is supposed to return the cookie, and in both the 'Cookies' and 'Headers' tabs, I can see the cookie being returned in the response. In fact, when I make another request to the endpoint, that same cookie is now sent in the request and I can capture it on the Jersey server.
Great. The issue is that the cookie is not showing up on the 'Resources' tab. If I click on the 'Resources' tab, then along the left select the 'Cookies' dropdown and then select localhost, the cookie I'm trying to send in the response is not there. I'm assuming this is also why when I try to get the cookie in my AngularJs application via $cookies.get('cookieId'); using ngCookies, I get undefined.
Also, just in case someone mentions it in an answer/comments, I'm pretty sure the problem here is not HttpOnly. My JSESSIONID cookie gets returned, and I can see it in the 'Resources' tab with the Http field checked indicating HttpOnly.
I thought maybe because I'm in a corporate environment, they don't let me add cookies, but I'm able to do this on the Angular front end via $Cookies.put('cookieId', 'cookieValue'); and it shows on the 'Resources' tab just fine.
Any help as to why my cookies are not being added from the server?
After digging through a few more stackoverflow questions relating to my original one, I found out through this stackoverflow question that cookies that are created on one domain cannot be accessed on another domain using Javascript.
I will have to come up with a workaround for this, but my original question has been answered so marking this as answered.
For your case it is easy to solve if you just set the path of the cookie,
e.g.
Cookie myCookie = new Cookie("Name_of_cookie", "String_value_of_cookie")
myCookie.setPath("/the domain Js is using ")
Or just leave it as / for the main domain that most probably Js is deployed.
We getting a SSO request using Ping Identity Federation server which opening target URL with a post of opentoken as form data. But at my application I am getting two request one is 302 Found where I can see form data in headers but after that it issue a 200 request in which data is not there.
Is this normal if yes how to get formdata?
Just curious for this behaviour....I can still access that data from referrer header information.
I am using java/jsp.
It was actually coming in request body which need to be read using getReader. that's why it redirecting again to 200 as in first request I was consuming parameter instead of body.
I have made two J2EE applications where in one servlet in ProjectX is performing a sendRedirect to another servlet of ProjectY via https protocol.
Code is something like
response.sendRedirect("https://ip:8443/ProjectY/servletY?id=123");
In ProjectY,
SerletY is having code as
PrintWriter pw = response.getWriter();
pw.print("Passed id is ID = " + request.getParameter("id"));
My Query is ,
since the data sent accross the network is ideally encrypted when using https, why am I able to see the url of the browser after redirecting to ServletY as
"https://ip:8443/ProjectY/servletY?id=123"
I have hidden the parameter using POST method , but my question is , is it actually encrypting data while sending from ProjectX(which was in http) to ProjectY (which is https call) ?
Thanks for you support.!!!
What's happening
There is no POST request involved.
The user opens ProjectX' site in the browser
It will respond with a HTTP 302 response because of your response.sendRedirect.
The user's browser will take the Location of the response and open it
Thus the user's browser establishes an TLS connection to ip:8443
After the TLS channel is opened, it will send a GET /ProjectY/servletY?id=123 HTTP/1.1
ProjectY will respond over the secure TLS channel.
Observations
If you call ProjectX in step 1 via plain HTTP, then the 302 response won't be encrypted and everybody who has access to your connection can see the id.
The user's browser will always see the id because it needs to follow the redirect in step 3.
The user will see the id in the address bar because the browser will show its new location.
When calling ProjectY, the id is protected because it is only sent via the TLS channel.
I am sending url to another server through response.sendRedirect() method and it is generating pdf for me. I am passing all the parameters but one of the parameter data is exceeding length due to which browser is not able to handle it and request is getting blocked.
I know through Post method we can hide url Parameters and response.sendRedirect() uses GET method. Is there any POST method like sendRedirect through which we can access another server url directly through servlet? Thanks in advance.
With response.sendRedirect(newUrl) you send back a HTTP status 302 with a new Location=newUrl in response header. Thus, you cannot force browser to make POST instead of GET method.
What you could do is to consume a pdf file from within your server code and return it to the client, hiding thus from client the actual target location. You can then build any request with method and parameters you want to the new location if it accept it.
See, for example, this tutorial how to make a request to another server from your servlet http://www.mkyong.com/java/how-to-send-http-request-getpost-in-java/
I am using a code to login to a website. I am making a Get call first, to get the form parameters.
Then i am sending my login credentials, in the form, by a post call to the website.
I am getting a result like this:
Sending 'POST' request to URL : https://abc.ef.edu/login.asp
Post parameters : userName=xyz&password=xyz&Login=Sign+In
Response Code : 200
Does this result mean that i have logged into the website?
if yes, how can i check?
if no, then how can i login?
No, it doesn't mean you've logged in, it just means you pulled back a page over the web.
To test for login, you would need to "decorate" the page with some token of data (on successful login), then parse the response and look for it.
For example < !-- YOU_LOGGED_IN -->
Then search for that string.
That or create a trimmed down test version of the page that just returns the token.
That code is an HTTP response code which means that your login page was found (agais a 404 that you get when a page is not found). It has no bearing on the status of authentication. Even if the login fails, you'll still receive the HTTP code 200 only.