backoffbelief / odata4j

Automatically exported from code.google.com/p/odata4j
0 stars 0 forks source link

Not possible to enter more than ONE header with the same name in an ODataClientRequest #285

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Use any OData service with a secured create function
2. Extend the BasicAuthenticationBehavior
3. Overide the method transform() and attempt to add headers as follows

ODataClientRequest transform (ODataClientRequest request) {
    request.header ("Cookie", "SAP_SESSION_ID=hexadecimal_string");
    request.header ("Cookie", "MYSAPSSO2=hexadecimal_string");
    // etc
    return super.transform(request);
}

What is the expected output? What do you see instead?

Expect to see THREE cookies added.

Only ONE is added as the store of headers is a single map not multimap

What version of the product are you using? On what operating system?

0.8.0 / Windows 7 64 bit / Java 1.6

Extra Info

Why bother with this?

In using SAP OData, extra security is implemented around 'create' on top of 
CSRF. This uses extra info held in cookies.

If this small change became part of the main release, OData4j would be the  
best client of choice for SAP RESTful web services.

Original issue reported on code.google.com by ma...@czarnecki.biz on 19 Mar 2015 at 1:03