Download Using the ASF POST API from Java, POST API and Cookies

Using the ASF POST API from Java, POST API and Cookies
© 2011 IBM Corporation
Using the ASF POST API from Java, POST API and
Cookies
Dieter Gottschall, 2012-01-27
Page 1 of 9
Using the ASF POST API from Java, POST API and Cookies
© 2011 IBM Corporation
1 Content
1
2
3
Content .......................................................................................2
Introduction .................................................................................3
Session Affinity.............................................................................4
3.1
The JSESSIONID Cookie, jsessionid Argument .............................5
4
Handling Cookies and HTTP Session Information ................................6
4.1
The signonindirect API Request .................................................6
4.2
Processing the signonindirect Result...........................................6
4.3
Propagating Cookies and Session Information ..............................7
4.3.1
The ASFPostCookieHandler .................................................8
Page 2 of 9
Using the ASF POST API from Java, POST API and Cookies
© 2011 IBM Corporation
2 Introduction
The ASF HTTP POST API as described in the ASF API Guide can be used from
a web browser or from a Java program. Browser clients have their built-in
session and cookie managements. In case of a Java client that invokes the
API certain provisions need to be made to guarantee proper session and
cookie management, in particular when Document Connect for ASF is run in
a multi-node environment, where – typically – the WebSphere plugin of the
HTTP Server in use decides which of the nodes should process the HTTP
request. Since Document Connect for ASF is requiring Session Affinity, any
subsequent request needs to go to the same node.
Page 3 of 9
Using the ASF POST API from Java, POST API and Cookies
© 2011 IBM Corporation
3 Session Affinity
The ASF fsnservlet web application is stateful in the sense that when a signon
request of any kind (explicit, implicit, with data or indirect) is received an
http session is created, containing information which is required for any
subsequent request for that same session.
The following picture shows a multi-node setup using http server and
WebSphere plugin:
Application Server 1
JSESSIONID Cookie
Client
http server
Application Server 2
JSESSIONID Cookie
Plugin
The blue color shows the initial request, the red color any subsequent
request:
First request:
A. The Client (Browser or program) issues a signon request to fsnservlet
using the url and port if the http server
B. The http server routes that request to the plugin.
C. The plugin arbitrarily selects on of the two application servers (in our
sample case Application Server 2)
D. Fsnservlet gets invoked on the server 2
E. Fsnservlet creates an http session; a JSESSIONID cookie gets created
F. This cookie flows back to the client
Page 4 of 9
Using the ASF POST API from Java, POST API and Cookies
© 2011 IBM Corporation
Any subsequent request with the cookie attached finds its way to the right
application server – in our case Application server 2. If that cookie “gets lost”
one of the subsequent requests will eventually be routed to the wrong server
and fsnservlet will respond with a message DOC1039 Session not found.
3.1 The JSESSIONID Cookie, jsessionid Argument
This cookie is constructed the following way: [Part1]:[Part2], example:
0000fJ5vQ8Y_ZSA3yHhfsacawvF:15m24a1ld
Part2 is used by the plugin to find the correct application server
If – for some technical reason, for instance when using send-redirect the
cookie cannot be set from the server – an extra argument on the subsequent
request can be used. This will look like this:
http://localhost:9080/fsnservlet/docimframepost.html?http:/
/localhost:9080/fsnservlet/servlet;jsessionid=0000fJ5vQ8Y_ZS
A3yHhfsacawvF:15m24a1ld?cm=reload&sessionid=got++++++++++&uni
queid=1197abe2:12ec3e55cfa:-7ff9
Page 5 of 9
Using the ASF POST API from Java, POST API and Cookies
© 2011 IBM Corporation
4 Handling Cookies and HTTP Session Information
This chapter describes how in a signonindirect and sendRedirect protocol flow
cookies and session information are to be propagated.
4.1 The signonindirect API Request
Signonindirect is a Document Connect for ASF POST API request that
prepares everything on web server and mainframe but instead of displaying
the document signonindirect returns a URL with cm=reload and a sessionid
parameter. This URL when loaded into a browser window will display the
document such that the user can work with that document. There are two
options concerning the reload-URL:
1) ASF is redirecting to that reload URL; this option is usable only when the
initial request was issued from a browser window
2) The URL is returned as a String, in that case it is the invoker’s
responsibility to load this URL into a browser window using the ; this
option is usable when the initial signonindirect request is issued from a
program
The diagram below shows the components and the communication protocol:
2
1
Browser
4
Web Application,
POST API consumer
dc4asf
3
5
A. The browser is connected to a web application playing the role as ASF
POST API consumer, HTTP-request (1) triggers the invocation of
Document Connect using an HTTP POST signonindirect request.
B. The web application builds the POST request and issues it using an
HttpUrlConnection Java object, (2) shows this HTTP request.
C. Dc4asf processes that request and returns a cm=reload URL (3)
D. The web application issues a sendRedirect using that URL (4)
E. In the browser the ASF screen is displayed and any further
communication goes from the browser to dc4asf (5).
4.2 Processing the signonindirect Result
The signonindirect result (3), which is the cm=reload URL carries in its HTTP
header ASF specific information, in particular a JSESSIONID cookie. That
particular cookie is needed on any communication following (5). This means
that cookie needs to be attached to the sendRedirect issued by the POST API
consumer.
Page 6 of 9
Using the ASF POST API from Java, POST API and Cookies
© 2011 IBM Corporation
4.3 Propagating Cookies and Session Information
To access the cookies returned with (3) an implementation of the
java.net.CookieHandler class is required. Cookie handlers can access
incoming cookies and attach them to a URL. Before issuing the sendRedirect
(4) the cookies need to be retrieved from (3) and added to (4).
The code fragment below demonstrates the use of a CookieHandler, in that
sample only the JSESSIONID cookie is propagated.
private void issuePost() throws ConnectException, IOException,
ProtocolException
{
URI uri = null;
AsfPostCookieHandler ch = new AsfPostCookieHandler();
String jSess = null;
CookieHandler.setDefault(ch);
try
{
uri = targetUrl.toURI();
}
catch (URISyntaxException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
System.out.println("About to connect");
// HTTP header: Method=POST
targetConnection.setRequestMethod("POST");
// Get the stream to write the request
OutputStream sendStream = targetConnection.getOutputStream();
// Write the request to that stream
writeRequest(sendStream);
// Issue the request
sendStream.flush();
sendStream.close();
targetConnection.connect();
System.out.println("Connected");
if (uri != null)
{
String oneKey;
List<String> oneList;
Map<String, List<String>> requestHeaders = targetConnection
.getHeaderFields();
Map<String, List<String>> cookies = ch.get(uri, requestHeaders);
Set<String> mapKeys = cookies.keySet();
Page 7 of 9
Using the ASF POST API from Java, POST API and Cookies
© 2011 IBM Corporation
Iterator<String> mapIter = mapKeys.iterator();
while (mapIter.hasNext())
{
oneKey = mapIter.next();
if (oneKey != null)
{
oneList = cookies.get(oneKey);
System.out.println(oneList.toString());
jSess = this.getJSessionIdCookieValue(oneList);
if (jSess != null)
{
break;
}
}
}
if (jSess != null)
{
System.out.println("j=" + jSess);
}
else
{
System.out.println("No JSESSIONID cookie found");
}
}
// Look a potential error stream first
InputStream errorStream = targetConnection.getErrorStream();
if (errorStream != null)
{
this.asfResult = processStream(errorStream);
}
// Then look at the (normal) response stream.
InputStream responseStream = targetConnection.getInputStream();
if (responseStream != null)
{
this.asfResult = processStream(responseStream);
if (jSess != null)
{
this.asfResult = addJSess(this.asfResult, jSess);
}
}
}
4.3.1 The ASFPostCookieHandler
import java.io.IOException;
import java.net.CookieHandler;
import java.net.URI;
Page 8 of 9
Using the ASF POST API from Java, POST API and Cookies
© 2011 IBM Corporation
import
import
import
import
import
java.util.HashMap;
java.util.Iterator;
java.util.List;
java.util.Map;
java.util.Set;
public class AsfPostCookieHandler extends CookieHandler
{
@Override
public Map<String, List<String>> get(URI uri,
Map<String, List<String>> requestHeaders) throws IOException
{
Map<String, List<String>> allCookies = new HashMap<String, List<String>>();
Set<String> hdrKeys = requestHeaders.keySet();
Iterator<String> keyIter = hdrKeys.iterator();
String oneName;
List<String> oneList;
while (keyIter.hasNext())
{
oneName = keyIter.next();
if ((oneName != null) && (oneName.equals("Set-Cookie")))
{
oneList = requestHeaders.get(oneName);
allCookies.put(oneName, oneList);
}
}
return allCookies;
}
@Override
public void put(URI uri, Map<String, List<String>> responseHeaders)
throws IOException
{
// TODO Auto-generated method stub
}
}
Page 9 of 9