users@jersey.java.net

Re: [Jersey] JSESSION cookie not returned with Spring-Jersey integration

From: Peter Coppens <pc.subscriptions_at_gmail.com>
Date: Fri, 8 May 2009 09:36:33 -0700 (PDT)

Paul,

Many thanks taking the time to reply.

Taking into account what is needed in web.xml to get Spring security to
work, It certainly looks like that part does introduce one or more filters
into the processing chain. On the other hand I would assume that these
filters sit Œbefore¹ the Jersey SpringServlet, and before any servlet in
general the webapp relies on. It also seems unlikely that Spring security
(filters) would not support a (general) servlet that writes to its¹ response
stream.

I am a bit at loss to be honest. As far as Spring security is concerned I
would think that the Jersey SpringServlet is just another Servlet doing its
thing. Don¹t understand how the Jersey servlet could spoil things for Spring
security....but then again....I am so new to Spring, Spring security and
Jersey I am probably oversimplifying lots of things. Note I am also using a
Jersey response filter but I doubt that is relevant.

I am a bit reluctant to start isolating things. I probably would prefer
getting the source code of all components and try to debug.

Not sure....will give it some thought....if you (or anyone else) would have
suggestions to guide possible research from my end....please do let me know.

Thanks,

Peter


From: "Paul Sandoz (via Nabble)" <ml-user+51078-1903583509_at_n2.nabble.com>
Reply-To: Post 2846169 on Nabble <ml-node+2846169-1499006685_at_n2.nabble.com>
Date: Fri, 8 May 2009 09:04:50 -0700 (PDT)
To: Peter Coppens <pc.subscriptions_at_gmail.com>
Subject: Re: [Jersey] JSESSION cookie not returned with Spring-Jersey
integration

Hi Peter,

I would expect that the return of the JSESSIONID cookie header in the
response is performed by some sort of response filter at a layer below
that of Jersey (e.g. at the servlet layer).

Jersey just writes the response (it does not matter if a custom
provider is used or not to do the writing) to the servlet output
stream. I am guessing that because something has been written to the
response output stream that the underlying filter can no longer set
the JSESSIONID cookie header. Perhaps you could verify with a simple
servlet? sorry i cannot be of much more help.

Paul.

On May 8, 2009, at 4:18 PM, Peter Coppens wrote:

>
> Hello,
>
> I am using Jersey 1.0 (jersey-bundle-1.0.jar) and I have a problem
> when I
> try to 'logon' using spring security (in tomcat)
>
> I implemented the logon as PUT of a credentials resource and it
> works fine
> if the PUT method does not return a response. Once the PUT method does
> return a resource (even a String) the JSESSIONID cookie is not
> returned
>
> E.g.
>
> @PUT()
> public void login(CredentialsResource credentials) {
>
> works fine
>
> but
>
> @PUT()
> public CredentialsResource login(CredentialsResource credentials) {
>
> fails...that is the call is fine, the CredentialsResource is
> returned fine
> but the cookie is no longer in the reply header.
>
> Note, not sure it is relevant, I use a custom provider
>
> Any help warmly welcomed!
>
> Peter
>
> --
> View this message in context:
http://n2.nabble.com/JSESSION-cookie-not-returned-with-Spring-Jersey-integration
-tp2845573p2845573.html
> Sent from the Jersey mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@...
<http://n2.nabble.com/user/SendEmail.jtp?type=node=2846169=0>
> For additional commands, e-mail: users-help@...
<http://n2.nabble.com/user/SendEmail.jtp?type=node=2846169=1>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@...
<http://n2.nabble.com/user/SendEmail.jtp?type=node=2846169=2>
For additional commands, e-mail: users-help@...
<http://n2.nabble.com/user/SendEmail.jtp?type=node=2846169=3>



 This email is a reply to your post @
http://n2.nabble.com/JSESSION-cookie-not-returned-with-Spring-Jersey-integra
tion-tp2845573p2846169.html
You can reply by email or by visting the link above.




-- 
View this message in context: http://n2.nabble.com/JSESSION-cookie-not-returned-with-Spring-Jersey-integration-tp2845573p2846312.html
Sent from the Jersey mailing list archive at Nabble.com.