0

i've sending the "same" request (a simple get-request) to a server and with Postman all works fine and with RestEasyClient it doesn't (401 Unauthorized)...

I looked on both requests by fiddler and saw some differences which might be the cause of the problem (i actually don't know) but at least in my opinion it makes no sense to send these parameters... but i have no idea where to turn it off, it seems to be a default behavior from RESTEasyClient.

Here the postman request:

GET https://xxxx/ping HTTP/1.1
Authorization: Bearer 7e6e4255-0d94-3d29-8527-fb5c8ff8e23b
cache-control: no-cache
Postman-Token: 7d54d38f-ca13-4fb0-8d14-18153f9b2f93
User-Agent: PostmanRuntime/7.3.0
Accept: */*
Host: xxxx
accept-encoding: gzip, deflate
Connection: close

Here the RESTEasyClient-Request:

GET https://tapi002-vpn-api.e-bk.m086/t1/msc-grawe/v1/ping HTTP/1.1
Authorization: Bearer 7e6e4255-0d94-3d29-8527-fb5c8ff8e23b
Host: xxxx
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_144)
Cookie: ROUTEID=.2

My questions are:

  • Why sends RESTEasyClient Connection: Keep-Alive? Wouldn't it be better to send connection close, because there is no session?!
  • Why does RESTEasyClient send a Cookie? I don't want and need any cookies...
  • And by the way: What's the postman token?!

Update: The Cookie: ROUTEID=.2 causes the error... so the important question is how to remove the Cookie from the RESTEasyClient request header.

Update 2: The server requested to set the cookie in the token-response... strange... i will try to remove the cookie...

Set-Cookie: ROUTEID=.1; path=/;Secure;HttpOnly; max-age=1200
user3227576
  • 554
  • 8
  • 22
  • 1
    Could you provide [Minimal, Complete and Verifiable example](https://stackoverflow.com/help/mcve) for us to see how you're creating the request, please? – Kizivat Oct 22 '18 at 09:11
  • Bearer token is normally a jwt that looks like a guid not a jwt. – Linda Lawton - DaImTo Oct 22 '18 at 09:17
  • @DaImTo a bearer token can simply be a reference that is replaced by the correct jwt inside the cloud. That way authentication details can be hidden from the client. – jokster Oct 22 '18 at 09:39
  • 1
    As for Keep-Alive: Because RestEasy uses HTTP/1.1 with connection reuse by default. That doesn't mean a session. – jokster Oct 22 '18 at 09:40

1 Answers1

0

Why sends RESTEasyClient Connection: Keep-Alive? Wouldn't it be better to send connection close, because there is no session?!

As for Keep-Alive: Because RestEasy uses HTTP/1.1 with connection reuse by default. That doesn't mean a session

Thanks to jokster for this answer.

Why does RESTEasyClient send a Cookie? I don't want and need any cookies...

RESTEasyClient does not send any cookies by default! In this case: Because the server requested the cookie in a request before...

And by the way: What's the postman token?!

Have a look at: What is the postman-token in generated code from Postman?

user3227576
  • 554
  • 8
  • 22