[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl] Mac Differences than Windows


I have an application that uses SILK V3.0. The web application server
(WAS) I connect to uses a login mechanism that uses a HTTP_MOVED_TEMP
(302) response to redirect a user to a secured page.

- my client app requests page '/SecurePage.html'.
- The WAS returns a response saying that the user needs to logon to
continue (Not Http Authentication)
- The client app then sends a POST to '/pkmslogin.html' on the WAS,
which includes the login userid and password.
- If the login on the WAS was succesful, the WAS sends back a 'HTTP 302
Resource Moved Temporarily' response, which includes the 'moved' URL in
the header. This moved URL is the original '/SecurePage.html'
from the original request.

In a Browser situation: 

- The browser automatically redirects this and re-performs the original
GET or POST to '/SecurePage.html'
- the WAS would then return the 'real' response for the
'/SecurePage.html' ebcause the user is already logged on.

When using the SILK 3.0 libs under windows (IBM JRE 1.1.8) the SILK
Libraries automatically perform the redirection for me. i.e. At my
application level, I never actually get to see the 'HTTP 302' response.
I only
have to send the post to the '/pkmslogin.html' and I get the 'real'
response for the '/SecurePage.html'. The redirection occurs without my
client application seeing the redirect.

When runnign under the MacOS, the 'HTTP 302' response DOES comes back as
a response to the '/pkmslogin.html' request, and I manually have to
reperform the '/SecurePage.html' request.

I have checked the java.net.HttpURLConnection.getFollowRedirects()
property on the URLConnections and they are 'true' on both platforms. 

Is there anything else I need to check for this to work without having
to manually re-code the redirect. Seems such a waste of code considering
it is built into the W3C JigSaw code.

Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl