Issue
I have an API servlet java application that let users view an external page by his user and password, the view URL need the cookies to be set before calling it
I use this code to view the page
CookieManager cookieManager = new CookieManager();
CookieHandler.setDefault(cookieManager);
String request_url = "http://url/view.jsp?id"+ id;
URL url = new URL(request_url);
HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
httpURLConnection.setInstanceFollowRedirects(false);
httpURLConnection.setUseCaches(false);
httpURLConnection.setDoInput(true);
httpURLConnection.setDoOutput(true);
httpURLConnection.setRequestMethod("GET");
httpURLConnection.setConnectTimeout(20000);
httpURLConnection.setReadTimeout(20000);
httpURLConnection.connect();
try (BufferedReader in = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()))) {
String inputLine;
while ((inputLine = in.readLine()) != null) {
data = data + inputLine;
helper.status = 0;
helper.errorDesc = "0";
}
in.close();
}
httpURLConnection.disconnect();
if it returns no access data I use this code to login with user credential
CookieManager cookieManager = new CookieManager();
CookieHandler.setDefault(cookieManager);
String urlParameters = "username=" + username + "&password=" + password + "&displayLangCode=" + lang + "&langCode=" + lang;
System.out.println("urlParameters" + urlParameters);
byte[] postData = urlParameters.getBytes(StandardCharsets.UTF_8);
int postDataLength = postData.length;
String activeUrl = "http://url/login.jsp";
URL url = new URL(activeUrl);
HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
httpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
httpURLConnection.setRequestProperty("X-Service", "AuthenticateUser");
httpURLConnection.setRequestProperty("Content-Length", Integer.toString(postDataLength));
httpURLConnection.setInstanceFollowRedirects(false);
httpURLConnection.setUseCaches(false);
httpURLConnection.setDoInput(true);
httpURLConnection.setDoOutput(true);
httpURLConnection.setRequestMethod("POST");
httpURLConnection.setConnectTimeout(20000);
httpURLConnection.setReadTimeout(20000);
httpURLConnection.connect();
try (DataOutputStream wr = new DataOutputStream(httpURLConnection.getOutputStream())) {
wr.write(postData);
wr.close();
}
httpURLConnection.disconnect();
it's working fine and I can get the content,
the issue is that if another user makes the call to view the content he can see the content as the first user that logged in
that mean the cookies has been set by API level, not by user level,
I need a help because I have no idea how I can resolve this cookies issue to set cookies per user call
Solution
I am able to fix this issue by disabling the automatic cookies
CookieManager cookieManager = new CookieManager();
cookieManager.setCookiePolicy(CookiePolicy.ACCEPT_NONE);
then in the login method, I am extracting the cookies and return it from the function
List<String> cookies = httpURLConnection.getHeaderFields().get("Set-Cookie");
String token = null;
if (cookies != null) {
for (String cookie : cookies) {
token = cookie.split(";", 1)[0];
}
}
return token
then every time when calling the view function we passing the cookies
httpURLConnection.addRequestProperty("Cookie", token);
Answered By - Mostafa King
