Set the SMSESSION cookie to get the response back

arsenal picture arsenal · Jul 5, 2011 · Viewed 16k times · Source

I am trying to get the response back from the server. So for that what I did is, I passed my username and password in the code for authentication because that server needs authentication and then I got the response back from the server... So is there any way that I can set the SMSESSION cookie of that user instead of passing username and password in the code.. Supposing user has already login into that browser with his/her username and password. This is my below code.. As I commented out that portion of passing username and password.. and that one is working fine.. But instead of passing username and password, I want to set the SMSESSION cookie of that user that has already login into that browser.. So I added the code of setting cookie but it is not working, I am getting

Access Denied Error




<%@ page language="java" import="
org.apache.http.HttpEntity,
org.apache.http.HttpResponse,
org.apache.http.auth.AuthScope,
org.apache.http.auth.UsernamePasswordCredentials,
org.apache.http.client.methods.HttpPost,
org.apache.http.client.methods.HttpGet,
org.apache.http.impl.client.DefaultHttpClient,
org.apache.http.util.EntityUtils,
java.io.InputStream,
java.io.InputStreamReader,
java.io.BufferedReader,
java.security.KeyStore,
java.io.FileInputStream,
java.io.File,
org.apache.http.conn.ssl.SSLSocketFactory,
org.apache.http.conn.scheme.Scheme,
javax.net.ssl.HostnameVerifier,
org.apache.http.impl.conn.SingleClientConnManager,
javax.net.ssl.HttpsURLConnection,
org.apache.http.conn.scheme.SchemeRegistry,
javax.net.ssl.SSLContext,
java.security.cert.X509Certificate,
javax.net.ssl.X509TrustManager,
javax.net.ssl.TrustManager,
org.apache.http.conn.ClientConnectionManager,
java.security.cert.CertificateException,
org.apache.http.conn.scheme.Scheme"
contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>

<%
String a_Url = request.getParameter( "url" ) ;

DefaultHttpClient httpclient = new DefaultHttpClient();


/*
    httpclient.getCredentialsProvider().setCredentials(
            new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT, null),
            new UsernamePasswordCredentials("test", "pass"));
*/



    Cookie[] cookies = request.getCookies();
    boolean foundCookie = false;
   // System.out.println(" hello  " +cookies);
    for(int i = 0; i < cookies.length; i++) { 
        Cookie c = cookies[i];
        //System.out.println("  " +c);
        if (c.getName().equals("SMSESSION")) {
            System.out.println("sm = " + c.getValue());
            foundCookie = true;
        }
    }

    if (foundCookie) {
        //System.out.println(foundCookie);
        Cookie c = new Cookie("SMSESSION", "3jHUz3BcnWfVfgWH806Sro9Qs9obgTS6gp+b71d86HcPpupyZ8kcSI48KBpxcLT0DlTxnaKjP4Mgdn8iQFRkyJ1Uyji83qupvMy8zaD0b83h+5edOqF4GrDiXUDqzRBhwJ9wHMmswbf4As6gcu6aJDOoppI1pCoeA+yoLHpxMYi+B3VM1IZhOKiVkKb2+IrQwhvLCxMKy3oF/ew2gctmJ6AVfe/cA053niXPERjWW111cJhJMViFd/fP7YuxLuLZNzqBEBAdSBoK8YorzGwUTX0DDUTI7QJF9OGdeGETpmddHzE4u3hdqMZxrIdAYQc6zDLOf5I5MoMie7WnQVIu5gH8xa3b37BDk3rVuf4orOcaahv/UlrHPRRjIUtaWal1sAZXBHpYgQKH4wd3nNtPthW0hBAlxXQnGgHqZvJvQH4jLWlTV9uwC2q1hbMHrmo9zXCNO7uIxK6o0PyTYW6UhdVmcYtoHn/+mAX3dW3PRYAUM7ItAdIfsPV6LAs+bLiVexDf2P9E2ub4zF+ZSN+3AUSssMLiGKCOnWQ/IQyB8WOngkMa9Qc58pZv8g8E5Lxm5g/udiGbhqK24kYauJ8cUI4JtTW+JJKqwoqTbnwwdbTqdSenyNnrEnbH13CDowNxbSgJZeSUw2Z51ELARrXp+N5kGokLr+YXxwsgmvoXQxxo/5y9Lgn1RKtc4QAJiWjQNzDOFX2HoiFw+oWUXgrET8qTHHVOj+v9auqyxS0cPgcXj8wQmjJrUH+tYGlQmCdF2CCt5Ywf12Jaev+wfNcVb447fAmTR7LJTgtb/D5U15YqAMYZg36tVrPkx1MhP37XbEYLsCcpfdDO4FUVKb5t7zl0rTAhUvbCF3/Wn6V/0LjJ58UGl4GEhIF2y4K+vFJSkL7qJ+2ufVi9hfXu5362QKCtqqXt0LihgjmH9z0Mgg1Brfgl0jVPuO44os0KBKzfCuhFMzEK9oorNVpgWrVWED+yiBNO0B2JA4lurdsFFAwOcx3ZFyhJ1TC2jUYJpIBW ");
        c.setMaxAge(24*60*60);
        response.addCookie(c); 
    }     


    HttpGet httpget = new HttpGet(a_Url);



    System.out.println("executing request" + httpget.getRequestLine());
    HttpResponse res = httpclient.execute(httpget);

    HttpEntity entity = res.getEntity();

    System.out.println("----------------------------------------");
    System.out.println(res.getStatusLine());
    if (entity != null) {

        System.out.println("Response content length: " + entity.getContentLength());
        InputStream input = entity.getContent();
        BufferedReader reader = new BufferedReader(new InputStreamReader(input));
        String ln = "";
        while((ln = reader.readLine()) != null) {
            out.println("" + ln);
        }
        entity.consumeContent();
    }
    EntityUtils.consume(entity);

%>

And in the response header I am getting this:-

Response Headers
Content-Type    text/html; charset=iso-8859-1
Expires Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie  SMSESSION="3jHUz3BcnWfVfgWH806Sro9Qs9obgTS6gp+b71d86HcPpupyZ8kcSI48KBpxcLT0DlTxnaKjP4Mgdn8iQFRkyJ1Uyji83qupvMy8zaD0b83h+5edOqF4GrDiXUDqzRBhwJ9wHMmswbf4As6gcu6aJDOoppI1pCoeA+yoLHpxMYi+B3VM1IZhOKiVkKb2+IrQwhvLCxMKy3oF/ew2gctmJ6AVfe/cA053niXPERjWW111cJhJMViFd/fP7YuxLuLZNzqBEBAdSBoK8YorzGwUTX0DDUTI7QJF9OGdeGETpmddHzE4u3hdqMZxrIdAYQc6zDLOf5I5MoMie7WnQVIu5gH8xa3b37BDk3rVuf4orOcaahv/UlrHPRRjIUtaWal1sAZXBHpYgQKH4wd3nNtPthW0hBAlxXQnGgHqZvJvQH4jLWlTV9uwC2q1hbMHrmo9zXCNO7uIxK6o0PyTYW6UhdVmcYtoHn/+mAX3dW3PRYAUM7ItAdIfsPV6LAs+bLiVexDf2P9E2ub4zF+ZSN+3AUSssMLiGKCOnWQ/IQyB8WOngkMa9Qc58pZv8g8E5Lxm5g/udiGbhqK24kYauJ8cUI4JtTW+JJKqwoqTbnwwdbTqdSenyNnrEnbH13CDowNxbSgJZeSUw2Z51ELARrXp+N5kGokLr+YXxwsgmvoXQxxo/5y9Lgn1RKtc4QAJiWjQNzDOFX2HoiFw+oWUXgrET8qTHHVOj+v9auqyxS0cPgcXj8wQmjJrUH+tYGlQmCdF2CCt5Ywf12Jaev+wfNcVb447fAmTR7LJTgtb/D5U15YqAMYZg36tVrPkx1MhP37XbEYLsCcpfdDO4FUVKb5t7zl0rTAhUvbCF3/Wn6V/0LjJ58UGl4GEhIF2y4K+vFJSkL7qJ+2ufVi9hfXu5362QKCtqqXt0LihgjmH9z0Mgg1Brfgl0jVPuO44os0KBKzfCuhFMzEK9oorNVpgWrVWED+yiBNO0B2JA4lurdsFFAwOcx3ZFyhJ1TC2jUYJpIBW";Expires=Wed, 06-Jul-11 16:57:11 GMT
Content-Length  2786
Server  Jetty(6.1.21)

Any suggestions will be appreciated...

Answer

sk_ picture sk_ · Sep 4, 2011

SMSESSION is a system cookie used by Siteminder. You shouldn't/mustn't mess with it.

If your application is Siteminder-enabled, Siteminder will take care of the authentication process of the users.
Once the user is authenticated by Siteminder, the Siteminder agent on your application will add specific HTTP headers (notably SM_USER) that will contain information about the user.
You just have to fetch those informations from the request.