I am trying to write a library that accesses a RESTful web service using the Jersey Client API. The service requires a login request that sets a cookie, then subsequent requests must have that cookie set to succeed. The login request works as expected, and I am able to retrieve the cookie in the response from the login, but cannot seem to add the cookie back in subsequent requests. Can anyone tell what I might be doing wrong. Here is the code that makes the request:
MultivaluedMap<String,String> qs = new MultivaluedMapImpl();
qs.add( "xml", this.toXmlString() );
WebResource wr = client.resource( Constants.ServiceURL );    
if ( CookieJar.Cookies != null )
{
  for ( NewCookie c : CookieJar.Cookies )
  {
    logger.debug( "Setting cookie " + c.getName() );
    wr.cookie( c );
  }
}
ClientResponse response = wr.queryParams( qs ).get( ClientResponse.class );
While the request doesn't fail, the service responds with the application error "No Session". Here is the log trace of the request sequence:
Jul 15, 2011 5:20:33 PM com.sun.jersey.api.client.filter.LoggingFilter log
INFO: 1 * Client out-bound request
1 > GET https://www.company.com/TrackerXMLInterface.asp?xml=%3Cxml%3E%3CTRANTYPE%3ELOGIN%3C/TRANTYPE%3E%3CTRANPARMS%3E%3CLOGINID%3Emylogin%3C/LOGINID%3E%3CPASSPHRASE%3EBa1b2c3%3C/PASSPHRASE%3E%3C/TRANPARMS%3E%3C/xml%3E
Jul 15, 2011 5:20:35 PM com.sun.jersey.api.client.filter.LoggingFilter log
INFO: 1 * Client in-bound response
1 < 200
1 < Date: Fri, 15 Jul 2011 22:20:35 GMT
1 < Content-Length: 150
1 < Set-Cookie: ASPSESSIONIDSUBSBSRR=GBGOKGJDAAHCNDDHPBFICFIH; secure; path=/
1 < Content-Type: text/html
1 < Server: Microsoft-IIS/7.0
1 < X-Powered-By: ASP.NET
1 < Cache-Control: private
1 < 
<XML><TRANRESULTS><TRANRETURNCODE>L00</TRANRETURNCODE><TRANRETURNMSG>Valid Login         </TRANRETURNMSG><TRANDETAIL></TRANDETAIL></TRANRESULTS></XML>
[continued below]
I'm thinking the following request should have the cookies in the header:
Jul 15, 2011 5:20:35 PM com.sun.jersey.api.client.filter.LoggingFilter log
INFO: 1 * Client out-bound request
1 > GET https://www.company.com/TrackerXMLInterface.asp?xml=%3Cxml%3E%3CTRANTYPE%3ESSNLAST%3C/TRANTYPE%3E%3CTRANPARMS%3E%3CSSN%3E123456789%3C/SSN%3E%3CLASTNAME%3ESchmoe%3C/LASTNAME%3E%3C/TRANPARMS%3E%3C/xml%3E
Jul 15, 2011 5:20:35 PM com.sun.jersey.api.client.filter.LoggingFilter log
INFO: 1 * Client in-bound response
1 < 200
1 < Date: Fri, 15 Jul 2011 22:20:35 GMT
1 < Content-Length: 150
1 < Set-Cookie: ASPSESSIONIDSUBSBSRR=HBGOKGJDIAPBBEIGLOILDJDN; secure; path=/
1 < Content-Type: text/html
1 < Server: Microsoft-IIS/7.0
1 < X-Powered-By: ASP.NET
1 < Cache-Control: private
1 < 
<XML><TRANRESULTS><TRANRETURNCODE>R04</TRANRETURNCODE><TRANRETURNMSG>No Session          </TRANRETURNMSG><TRANDETAIL></TRANDETAIL></TRANRESULTS></XML>
Any guidance on this is much appreciated.
put("Cookie", cookies); } ClientResponse response = getNext(). handle(request); if (response. getCookies() != null) { if (cookies == null) { cookies = new ArrayList<Object>(); } // simple addAll just for illustration (should probably check for duplicates and expired cookies) cookies.
To set a cookie in REST API response, get the Response reference and use it's cookie() method.
set() The set() method of the cookies API sets a cookie containing the specified cookie data. This method is equivalent to issuing an HTTP Set-Cookie header during a request to a given URL.
The problem is WebResource is immutable - the cookie() method returns WebResource.Builder. So, doing the following just creates a new instance of WebResource.Builder every time you call cookie (and does not modify the original WebResource at all). You ignore those Builder instances and still perform the request on the original WebResource:
for ( NewCookie c : CookieJar.Cookies ) {
    logger.debug( "Setting cookie " + c.getName() );
    wr.cookie( c );
}
You should do the following instead:
WebResource.Builder builder = wr.getRequestBuilder();
for (NewCookie c : CookieJar.Cookies) {
    builder = builder.cookie(c);
}
Then you can make the request by:
ClientResponse response = builder.queryParams(qs).get(ClientResponse.class);
Also, to avoid duplicating this code in all your resource methods, you may want to consider writing a client filter, which will do it for you for all your requests. E.g. the following code would ensure cookies sent from the server get set for each response:
client.addFilter(new ClientFilter() {
    private ArrayList<Object> cookies;
    @Override
    public ClientResponse handle(ClientRequest request) throws ClientHandlerException {
        if (cookies != null) {
            request.getHeaders().put("Cookie", cookies);
        }
        ClientResponse response = getNext().handle(request);
        if (response.getCookies() != null) {
            if (cookies == null) {
                cookies = new ArrayList<Object>();
            }
            // simple addAll just for illustration (should probably check for duplicates and expired cookies)
            cookies.addAll(response.getCookies());
        }
        return response;
    }
});
NOTE: This will only work if you don't share client instances with multiple threads!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With