What steps will reproduce the problem?
1. Use any OData service with a secured create function
2. Extend the BasicAuthenticationBehavior
3. Overide the method transform() and attempt to add headers as follows
ODataClientRequest transform (ODataClientRequest request) {
request.header ("Cookie", "SAP_SESSION_ID=hexadecimal_string");
request.header ("Cookie", "MYSAPSSO2=hexadecimal_string");
// etc
return super.transform(request);
}
What is the expected output? What do you see instead?
Expect to see THREE cookies added.
Only ONE is added as the store of headers is a single map not multimap
What version of the product are you using? On what operating system?
0.8.0 / Windows 7 64 bit / Java 1.6
Extra Info
Why bother with this?
In using SAP OData, extra security is implemented around 'create' on top of
CSRF. This uses extra info held in cookies.
If this small change became part of the main release, OData4j would be the
best client of choice for SAP RESTful web services.
Original issue reported on code.google.com by ma...@czarnecki.biz on 19 Mar 2015 at 1:03
Original issue reported on code.google.com by
ma...@czarnecki.bizon 19 Mar 2015 at 1:03