users@jersey.java.net

Re: [Jersey] Using session info...

From: Paul Sandoz <Paul.Sandoz_at_Sun.COM>
Date: Thu, 22 May 2008 10:40:47 +0200

Hi Nick,

The client API does not currently have easy support for cookies, we do
need to improve this (as in general for configuration).

Unfortunately you need to it yourself, for example by writing a cookie
ClientFilter to:

1) process "Set-Cookie2" headers returned from the server;

2) send "Cookie" or "Cookie2" headers with appropriate requests.

It would be nice to have such a general component distributed with Jersey.

If the client knows how to construct the cookie information (IMHO the
only way cookies can used be RESTfully) then it is easier to write a
ClientFilter that just adds the specific cookie header.

Hope this helps,
Paul.

Nick Stuart wrote:
> Maybe I am going about this the wrong way, so I wanted to get some
> ideas. Basically I want to be able to have our resources secure so that
> not just any random joe can post stuff to the resources as they see fit.
> Currently the rest of our app security is taken care of with Spring
> Security and works fine. If I try to add security to our resources then
> I always get redirected to the main if I am using the jersey Client
> (makes sense, no session/cookie info is passed in). If I try to just
> access the resource through the URL it works fine. Is there anyway the
> Client can use the current session for this? Any other ways to go about
> this?
>
> Thanks for the help!
> -Nick

-- 
| ? + ? = To question
----------------\
    Paul Sandoz
         x38109
+33-4-76188109