Thx Paul. Is there a code snippet with httpapacheclient posting user I'd and password to a form and processing the jsessionid from the output.
Vaidya
On Aug 6, 2010, at 3:39 AM, Paul Sandoz <Paul.Sandoz_at_oracle.com> wrote:
> Hi Vaidya,
>
> The Jersey client is not aware of being utilized within the context of a JAAS "transaction" nor is it aware what HTTP authentication mechanism to utilize. One could add a JAASFilter to the web resource and provides the context and the HTTP authentication details.
>
> From what you describe i think from an HTTP perspective what you require is cookie management support, such that the client remembers the cookies that were sent by the server that it must send back to the server for certain URIs. By default the Jersey client does not support cookie management, because the underlying HttpURLConnecton does not, but you can utilize the Apache HTTP client support which can manage cookies, see:
>
> https://jersey.dev.java.net/nonav/documentation/latest/user-guide.html#core_client
> https://jersey.dev.java.net/nonav/apidocs/latest/contribs/jersey-apache-client/index.html
>
> Paul.
>
> On Aug 5, 2010, at 9:37 PM, vaidya nathan wrote:
>
>> Hi,
>>
>> How do i use jersey client with a JAAS kind of authorization.
>> My set up is I have jersey resources wrapping EJBs which has JAAS security in jboss 5.1 and i want to use jersey client(1.1.5) to hit them.
>>
>> I can hit my services directly like this , and this is how my tests currently work
>> Login login = new Login();
>> login.login("bootstrap", "bootpass", "127.0.0.1");
>> Subject subject = login.getSubject();
>> Subject.doAs(subject, new PrivilegedExceptionAction() {
>> public Object run() throws Exception {
>> // hit service directly with no problem .. The subject gets passed in appropriately and the EJBs have no auth. problems.
>> }
>>
>> however, after wrapping the services with resources, when i try the same with my jersey client like this
>> Login login = new Login();
>> login.login("bootstrap", "bootpass", "127.0.0.1");
>> Subject subject = login.getSubject();
>> Subject.doAs(subject, new PrivilegedExceptionAction() {
>> public Object run() throws Exception {
>>
>> WebResource webResource = new Client().resource(// some local uri which inturn calls the EJB beans );
>> try {
>> webResource.addFilter(new LoggingFilter());
>> ClientResponse resp = webResource.accept( MediaType.APPLICATION_JSON) .type(MediaType.APPLICATION_XML).get(
>> ClientResponse.class);
>> }
>> }
>>
>> i get a "Caller Unauthorized " error. Why isnt the jersey client not passing the Subject ? if i add Cookie as header specifically then it works but i dont want to keep logging in through the browser and inputting the JSESSION_ID parameter every time, especially when these are regression tests .If there is a way in which i can get the jsession_id programmatically then i can consider that option as well.
>>
>> Cheers
>> Vaidya
>>
>