[Freeipa-devel] json/rpc from apache/java HttpClient
Alexander Bokovoy
abokovoy at redhat.com
Tue Jun 9 03:25:06 UTC 2015
On Mon, 08 Jun 2015, Timothy Worman wrote:
>I have developed a java client that is able to successfully commit
>transactions to FreeIPA using the json/rpc API. If it is useful, I
>could abstract all this and package it up to share. But I am seeing
>some interesting things - some of it may be my lack of experience using
>HttpClient but I wanted to run it by the list to see what should be
>expected.
>
>I have been following Alexander’s guidelines
>(https://vda.li/en/posts/2015/05/28/talking-to-freeipa-api-with-sessions)
>to develop this.
>
>I am able to establish a kerberized connection to
>https://hostname/ipa/session/login_kerberos with the HttpClient,
>Krb5LoginModule, using AuthSchemes.SPNEGO, proper referer header, and
>jaas config. The connection is successful and I am caching the
>ipa-session cookie string for subsequent use (sending a second
>command). I am performing this as a PrivilegedAction.
>
>After successful authentication, I send a second transaction - a
>typical “list users” json formatted command to the server at
>https://hostname/ipa/json. I first attempted this without implementing
>PrivilegedAction since Alexander’s guide indicated I did NOT need to do
>any more authentication once I had a session key. I added a cookie
>header to a plain https transaction with the session cookie. This did
>not work - which surprised me. The app actually prompted me at this
>point for login credentials. Any thoughts here?
You have to use session-enabled end point -- /ipa/session/json, not
normal one. I think my article points out this clearly.
>I decided to create a new PrivilegedAction class to send subsequent
>json transactions to the server. I moved my code for the 2nd connection
>in there. This works. But as a test, I commented out instructions to
>explicitly add the session cookie to the transaction. And it still
>works. I found that I do not explicitly have to add the cookie header.
>I am assuming that HttpClient natively handles cookies without explicit
>interaction.
Yes, HttpClient automatically parses cookies sent in responses and puts
them into a cookie store. Unless you are explicitly managing the cookie
store, the default is to use the same cookie store for all requests sent
associated with the client instance.
>It does appear that I have a working client in any case.
Great!
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list