Nevermind, I see that JSESSIONID is added to the response automatically from
Tomcat.
The code
System.out.println(connection.getHeaderField("Set-Cookie"));
prints
JSESSIONID=56136B3CE4CC657DD36C226E264A97AD; Path=/mywebservice; Secure
So now I think I just have to include that cookie in every request. Will write
back if it does not work.
--- On Sun, 12/14/08, removeps-gro...@yahoo.com <removeps-gro...@yahoo.com>
wrote:
> From: removeps-gro...@yahoo.com <removeps-gro...@yahoo.com>
> Subject: RE: Server returned HTTP response code: 408 for URL:
> https...j_security_check
> To: "Tomcat Users List" <users@tomcat.apache.org>
> Date: Sunday, December 14, 2008, 9:18 PM
> > It should be a POST request to
> /[webapp]/j_security_check,
> > and include the JSESSIONID cookie set by the server
> when the
> > login page was returned.
>
> Thanks, this seems to be the issue. There is a call to
> org.apache.catalina.connector.Request.setRequestedSessionId(String
> id) from parseSessionCookiesId?
>
> How does the client get the JSESSIONID? When the server
> generates the login page does it have to call
> response.addCookie? From where should the servlet get the
> session id? How does the client read the cookie?
>
> Thanks.
>
>
>
> --- On Sun, 12/14/08, Caldarale, Charles R
> <chuck.caldar...@unisys.com> wrote:
>
> > From: Caldarale, Charles R
> <chuck.caldar...@unisys.com>
> > Subject: RE: Server returned HTTP response code: 408
> for URL: https...j_security_check
> > To: "Tomcat Users List"
> <users@tomcat.apache.org>
> > Date: Sunday, December 14, 2008, 9:02 PM
> > > From: removeps-gro...@yahoo.com
> > [mailto:removeps-gro...@yahoo.com]
> > > Subject: RE: Server returned HTTP response code:
> 408
> > for URL:
> > > https...j_security_check
> > >
> > > The request input stream is set to
> > >
> >
> "j_username=username&j_password=password".
> >
> > Good so far.
> >
> > > But to what URL should the above response be
> posted?
> >
> > It should be a POST request to
> /[webapp]/j_security_check,
> > and include the JSESSIONID cookie set by the server
> when the
> > login page was returned.
> >
> > > <form action="j_security_check"
> > ...>...</form>.
> >
> > Again, note that the method should be POST (which your
> code
> > does seem to be doing).
> >
> > > A browser does not know about Tomcat protocols,
> so it
> > > would I imagine send the request to
> j_security_check.
> >
> > Correct, but that's accepted by Tomcat only when a
> > login form has just been returned to the client.
> > There's no indication in your code that the
> > j_security_check is being sent as a response to a
> login
> > form, nor is the required JSESSIONID cookie being
> returned.
> >
> > > So any ideas on how to make https requests
> through
> > code?
> >
> > This isn't tied to HTTPS, just form login. The
> SSL
> > negotiation is completely separate.
> >
> > - Chuck
> >
> >
> > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR
> > OTHERWISE PROPRIETARY MATERIAL and is thus for use
> only by
> > the intended recipient. If you received this in error,
> > please contact the sender and delete the e-mail and
> its
> > attachments from all computers.
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail:
> > users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
