ResponseEntity headers do not show cookie [SPR-7498]

[spring-projects-issues]

praveenkumar kg opened SPR-7498 and commented

I am using RestTemplate to test my API. Headers from ResponseEntity seems to show only 'Set-Cookie' but for further requests it does not pull up the cookie in the header. Any particular reason why? I verified that response from the server do contain header cookie.

ResponseEntity<String> response = restTemplate.exchange(uri.toString(), HttpMethod.PUT, requestEntity, String.class, new HashMap<String,String>());
			
HttpHeaders headers = response.getHeaders();
Set<String> keys = headers.keySet();
for (String header : keys) 
{
	System.out.println("Header: "+header);
	List<String> values = headers.get(header);
	for (String value : values) 
	{
		System.out.println("Header Value: "+ value);
	}
}

Output showing 'Set-Cookie'

Header: Server
Header Value: Apache-Coyote/1.1
Header: X-Powered-By
Header Value: 
Header: Set-Cookie
Header Value: JSESSIONID=0B66BF319B5D6E236A5F9679F72459F5.dev37; Path=/; Secure
Header: Content-Type
Header Value: application/xml;charset=ISO-8859-1
Header: Content-Language
Header Value: en-US
Header: Content-Length
Header Value: 130
Header: Date
Header Value: Wed, 25 Aug 2010 22:55:16 GMT

Output not showing Cookie in the header:

Header: Server
Header Value: Apache-Coyote/1.1
Header: X-Powered-By
Header Value: 
Header: Content-Type
Header Value: application/xml;charset=ISO-8859-1
Header: Content-Language
Header Value: en-US
Header: Content-Length
Header Value: 655
Header: Date
Header Value: Wed, 25 Aug 2010 23:00:19 GMT 

---

Affects: 3.0.2

[spring-projects-issues]

praveenkumar kg commented

How does this system work? Do I need votes to get this fixed?

[spring-projects-issues]

Arjen Poutsma commented

Added formatting

[spring-projects-issues]

Arjen Poutsma commented

RestTemplate does not have support for Cookies, or at least, there is no support for cookies in the RestTemplate code base. This is intentional: the RestTemplate is designed for programmatic HTTP access, not
as a web browser substitute.

You might be able to make cookies work by using the CommonsClientHttpRequestFactory rather than the default SimpleClientHttpRequestFactory as a RestTemplate constructor argument. See http://hc.apache.org/httpclient-3.x/cookies.html for more info.

[virmundi]

There is nothing in Rest the precludes cookies. In fact cookies make REST stateless. Here's where I need this feature: JWT/OAuth2 refresh. A RestTemplate sets the bearer token. The resource declines due to the bearer token expiration. The RestTemplate then posts the refresh token to get a new bearer token. If that works, the request is replayed using the new token.

If the auth system returns a cookie, as one would expect for HTTP only JS access, the rest template can use the cookie and then pass the returned cookie as part of the response for the original request.

Here's the scenario. Web browser sends the cookie to a traditional Spring MVC site. The site uses REST behind the scenes to get data. The bearer token from the cookie expired. The Rest Template does what I said above.

[rstoyanchev]

@virmundi use the WebClient.