HttpURLConnection client and API different Header from same client
In terms of security I try to extend the communication between my client and my API with a session. The client sends its header to the API and the API generates a session.
Client:
public static JSONObject send(String info)
StringBuffer resp = new StringBuffer();
try
URL url = new URL( "http://localhost:8080/myapi/" );
HttpURLConnection con = ( HttpURLConnection ) url.openConnection() );
con.setRequestMethod("POST");
con.setRequestProperty( "USER-AGENT", USER_AGENT );
con.setRequestProperty( "Accept-Charset", "UTF-8");
con.setRequestProperty( "Content-Type", "application/json" );
con.setDoOutput( true );
String data = info ;
DataOutputStream output = new DataOutputStream( con.getOutputStream);
output.writeBytes( data );
output.flush();
output.close();
int returnCode = con.getResponseCode();
BufferedReader reader = null;
if (returnCode==200)
reader = new BufferedReader( new InputStreamReader(con.getInputStream()));
else
reader = new BufferedReader( new InputStreamReader(con.getErrorStream()));
String input;
while( ( input = reader.readLine() ) != null )
resp.append( input );
reader.close();
return new JSONObject( resp.toString() );
catch( Exception e )
System.out.println( e.getMessage() );
return new JSONObject( resp.toString() );
finally
if( con != null )
con.disconnect();
API:
HttpServletRequest request = requestGlobals.getHttpServletRequest();
HttpSession session = request.getSession();
Idea: The first request with send creates the connection with the API and the API generates the session which is stored inside it. The second send from the same client should send the same header, so the API can generate the same session and compared it to the saved one. For example, I am able to guarantee further calls only after a successful login
Problem: If the connection is reestablished on the second send, the same client sends a different header with a different content length, resulting in a different session being generated. I tried to set a if( con == null ) around the area where the connection is build at the client but that didn't solve my problem.
Question: What do i have to do so that the second send uses the already existing connection or send the same header?
java session servlets httpurlconnection
asked Nov 15 '18 at 12:59
Stormed17Stormed17
114
add a comment |
In terms of security I try to extend the communication between my client and my API with a session. The client sends its header to the API and the API generates a session.
Client:
public static JSONObject send(String info)
StringBuffer resp = new StringBuffer();
try
URL url = new URL( "http://localhost:8080/myapi/" );
HttpURLConnection con = ( HttpURLConnection ) url.openConnection() );
con.setRequestMethod("POST");
con.setRequestProperty( "USER-AGENT", USER_AGENT );
con.setRequestProperty( "Accept-Charset", "UTF-8");
con.setRequestProperty( "Content-Type", "application/json" );
con.setDoOutput( true );
String data = info ;
DataOutputStream output = new DataOutputStream( con.getOutputStream);
output.writeBytes( data );
output.flush();
output.close();
int returnCode = con.getResponseCode();
BufferedReader reader = null;
if (returnCode==200)
reader = new BufferedReader( new InputStreamReader(con.getInputStream()));
else
reader = new BufferedReader( new InputStreamReader(con.getErrorStream()));
String input;
while( ( input = reader.readLine() ) != null )
resp.append( input );
reader.close();
return new JSONObject( resp.toString() );
catch( Exception e )
System.out.println( e.getMessage() );
return new JSONObject( resp.toString() );
finally
if( con != null )
con.disconnect();
API:
HttpServletRequest request = requestGlobals.getHttpServletRequest();
HttpSession session = request.getSession();
Idea: The first request with send creates the connection with the API and the API generates the session which is stored inside it. The second send from the same client should send the same header, so the API can generate the same session and compared it to the saved one. For example, I am able to guarantee further calls only after a successful login
Problem: If the connection is reestablished on the second send, the same client sends a different header with a different content length, resulting in a different session being generated. I tried to set a if( con == null ) around the area where the connection is build at the client but that didn't solve my problem.
Question: What do i have to do so that the second send uses the already existing connection or send the same header?
java session servlets httpurlconnection
asked Nov 15 '18 at 12:59
Stormed17Stormed17
114
add a comment |
In terms of security I try to extend the communication between my client and my API with a session. The client sends its header to the API and the API generates a session.
Client:
public static JSONObject send(String info)
StringBuffer resp = new StringBuffer();
try
URL url = new URL( "http://localhost:8080/myapi/" );
HttpURLConnection con = ( HttpURLConnection ) url.openConnection() );
con.setRequestMethod("POST");
con.setRequestProperty( "USER-AGENT", USER_AGENT );
con.setRequestProperty( "Accept-Charset", "UTF-8");
con.setRequestProperty( "Content-Type", "application/json" );
con.setDoOutput( true );
String data = info ;
DataOutputStream output = new DataOutputStream( con.getOutputStream);
output.writeBytes( data );
output.flush();
output.close();
int returnCode = con.getResponseCode();
BufferedReader reader = null;
if (returnCode==200)
reader = new BufferedReader( new InputStreamReader(con.getInputStream()));
else
reader = new BufferedReader( new InputStreamReader(con.getErrorStream()));
String input;
while( ( input = reader.readLine() ) != null )
resp.append( input );
reader.close();
return new JSONObject( resp.toString() );
catch( Exception e )
System.out.println( e.getMessage() );
return new JSONObject( resp.toString() );
finally
if( con != null )
con.disconnect();
API:
HttpServletRequest request = requestGlobals.getHttpServletRequest();
HttpSession session = request.getSession();
Idea: The first request with send creates the connection with the API and the API generates the session which is stored inside it. The second send from the same client should send the same header, so the API can generate the same session and compared it to the saved one. For example, I am able to guarantee further calls only after a successful login
Problem: If the connection is reestablished on the second send, the same client sends a different header with a different content length, resulting in a different session being generated. I tried to set a if( con == null ) around the area where the connection is build at the client but that didn't solve my problem.
Question: What do i have to do so that the second send uses the already existing connection or send the same header?
java session servlets httpurlconnection
asked Nov 15 '18 at 12:59
Stormed17Stormed17
114
In terms of security I try to extend the communication between my client and my API with a session. The client sends its header to the API and the API generates a session.
Client:
public static JSONObject send(String info)
StringBuffer resp = new StringBuffer();
try
URL url = new URL( "http://localhost:8080/myapi/" );
HttpURLConnection con = ( HttpURLConnection ) url.openConnection() );
con.setRequestMethod("POST");
con.setRequestProperty( "USER-AGENT", USER_AGENT );
con.setRequestProperty( "Accept-Charset", "UTF-8");
con.setRequestProperty( "Content-Type", "application/json" );
con.setDoOutput( true );
String data = info ;
DataOutputStream output = new DataOutputStream( con.getOutputStream);
output.writeBytes( data );
output.flush();
output.close();
int returnCode = con.getResponseCode();
BufferedReader reader = null;
if (returnCode==200)
reader = new BufferedReader( new InputStreamReader(con.getInputStream()));
else
reader = new BufferedReader( new InputStreamReader(con.getErrorStream()));
String input;
while( ( input = reader.readLine() ) != null )
resp.append( input );
reader.close();
return new JSONObject( resp.toString() );
catch( Exception e )
System.out.println( e.getMessage() );
return new JSONObject( resp.toString() );
finally
if( con != null )
con.disconnect();
API:
HttpServletRequest request = requestGlobals.getHttpServletRequest();
HttpSession session = request.getSession();
Idea: The first request with send creates the connection with the API and the API generates the session which is stored inside it. The second send from the same client should send the same header, so the API can generate the same session and compared it to the saved one. For example, I am able to guarantee further calls only after a successful login
Problem: If the connection is reestablished on the second send, the same client sends a different header with a different content length, resulting in a different session being generated. I tried to set a if( con == null ) around the area where the connection is build at the client but that didn't solve my problem.
Question: What do i have to do so that the second send uses the already existing connection or send the same header?
java session servlets httpurlconnection
java session servlets httpurlconnection
asked Nov 15 '18 at 12:59
Stormed17Stormed17
114
asked Nov 15 '18 at 12:59
Stormed17Stormed17
114
asked Nov 15 '18 at 12:59
Stormed17Stormed17
114
asked Nov 15 '18 at 12:59
Stormed17Stormed17
114
asked Nov 15 '18 at 12:59
Stormed17Stormed17
114
114
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53320038%2fhttpurlconnection-client-and-api-different-header-from-same-client%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53320038%2fhttpurlconnection-client-and-api-different-header-from-same-client%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
