Announcement Announcement Module
No announcement yet.
URLConnection and PersistentTokenBasedRememberMeServices HELP! Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • URLConnection and PersistentTokenBasedRememberMeServices HELP!


    I'm trying to use sitemesh to pull content together on a screen. You have to be "logged" into the site to view the page that site mesh is displaying and you must be logged in to view the components sitemesh is trying to pull in and decorate.

    I'm using spring security and PersistentTokenBasedRememberMeServices to do this. What happens is, when site mesh calls out to get it's components to decorate it gets the login screen provided by spring security instead of the content even though the user is logged in and has access to the page.

    Digging through the sitemesh code, site mesh is making a URL and a URLconnection to make it's calls to decorate.

    URL url = new URL(;
              URLConnection urlConn = url.openConnection();
              BufferedReader in = new BufferedReader(new InputStreamReader(urlConn.getInputStream()));
    So I guess my question is... can I just attach the spring security token to the urlConnection? If so, what does the format of the cookie need to be? I've tried what is below (the gibberish is the value of the security cookie generated by spring security)

    securityCookie=Y2E0cFR1WWp6RTRjTzRBSFhYaG50dz09OjR mNzlON2syVXh3M01BSXRONGV2QXc9PQ

    It doesn't work as I get a cookie theft exception from Spring Security. Any ideas? Do I need to add the path or domain? If so what is the format?

    Does the cookie value need to be encoded in some way?