30

I am a noobie with RESTful API and I am trying to build a Login service in which I provide an email and password and if the validation is successful - to store a cookie. In addition, how do I check the cookie(if stored)?

How can this be achieved?

@Path("/login")
@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes({MediaType.APPLICATION_FORM_URLENCODED, MediaType.APPLICATION_JSON})
public Response Login(final String i_LoginDetails) throws JSONException {
    final JSONObject obj = new JSONObject(i_LoginDetails);
    try {
        if (isValidUser(obj.getString("email"), obj.getString("password"))) {
            // Set a cookie
        } else {
            // return error invalid-credentials message
        }
    } catch (Exception e) {
        e.printStackTrace();
    }
    return Response.ok("TEST").build();
}

And how do I check the cookie(if set)?

Paul Vargas
  • 41,222
  • 15
  • 102
  • 148
Gil404
  • 711
  • 1
  • 8
  • 22

1 Answers1

53

You can do the following:

  • To store a new cookie:

    @GET
@Path("/login")
@Produces(MediaType.TEXT_PLAIN)
public Response login() {
    NewCookie cookie = new NewCookie("name", "123");
    return Response.ok("OK").cookie(cookie).build();
}

  • To retrieve the cookie (javax.ws.rs.core.Cookie):

    @GET
@Path("/foo")
@Produces(MediaType.TEXT_PLAIN)
public Response foo(@CookieParam("name") Cookie cookie) {
    if (cookie == null) {
        return Response.serverError().entity("ERROR").build();
    } else {
        return Response.ok(cookie.getValue()).build();
    }
}

    However, you may only want the value:

    @GET
@Path("/foo")
@Produces(MediaType.TEXT_PLAIN)
public Response foo(@CookieParam("name") String value) {
    System.out.println(value);
    if (value == null) {
        return Response.serverError().entity("ERROR").build();
    } else {
        return Response.ok(value).build();
    }
}

By the way, you may want to try the following code:

@GET
@Path("/logout")
@Produces(MediaType.TEXT_PLAIN)
public Response logout(@CookieParam("name") Cookie cookie) {
    if (cookie != null) {
        NewCookie newCookie = new NewCookie(cookie, null, 0, false);
        return Response.ok("OK").cookie(newCookie).build();
    }
    return Response.ok("OK - No session").build();
}

This removes the cookie in the browser. The behavior depends on the implementation of JAX-RS. With RESTEasy (JBoss AS 7.0) and Google Chrome works fine.

Paul Vargas
  • 41,222
  • 15
  • 102
  • 148
  • Thank you for the answer. So before every service I execute, I should use: if (cookie == null) { return Response.serverError().entity("ERROR").build(); } else { //Execute service } How do I send the cookieparam from the client? – Gil404 Jan 17 '15 at 23:21
  • Depends on the client software. What client are you using? e.g. JQuery, `HttpURLConnection`, etc. – Paul Vargas Jan 17 '15 at 23:33
  • Currently I am testing both. – Gil404 Jan 17 '15 at 23:52
  • If you are using `jQuery.ajax`, automatically sends the cookies (in the same domain). And with `HttpURLConnection`, you just need a cookie handler. See http://stackoverflow.com/a/15546450/870248 – Paul Vargas Jan 18 '15 at 00:10
  • would there be any difference in the approach in the first example (login) if the method was annotated with `@POST` as I think it perhaps should have been? – Marcus Junius Brutus Nov 19 '16 at 23:08
  • Sorry, but "/logout" does not remove the cookie in the GlassFish 4.1 and last Google Chrome and Firefox. – RoutesMaps.com Jun 28 '18 at 12:13