Search code examples
spring-bootrestcookiesinsomnia

Invalid Cookie Header returned by GET controller in both POSTMAN and Insomnia

I have the following Spring controller class:

@CrossOrigin
@RestController
@Slf4j
public class RcmApi extends ApiController {

  @Value("${rcmRestApiServer}")
  private String rcmRestApiServer;

  @GetMapping(value = "/rcm/api/v1/matter/{matterId}", produces = "application/json")
  public ResponseEntity<String> getMatter(@PathVariable String matterId) throws Exception {
    log.info("Received call to RCM api getMatter: {}", matterId);
    return buildGetResponseEntity("/api/v1/cases/" + matterId + "/aggregate");
  }

  private ResponseEntity<String> buildGetResponseEntity(String target) throws Exception {
    return buildResponseEntity(
        new HttpGet(rcmRestApiServer + target), HttpClientBuilder.create().build());
  }
}

The method buildResponseEntity() referenced by buildGetResponseEntity() is defined in the base class ApiController:

 public ResponseEntity<String> buildResponseEntity(HttpUriRequest request, HttpClient client)
      throws Exception {
    HttpResponse response = client.execute(request);
    return ResponseEntity.status(response.getStatusLine().getStatusCode())
        .headers(convertHeaders(response.getAllHeaders()))
        .body(EntityUtils.toString(response.getEntity()));
  }

 public HttpHeaders convertHeaders(Header[] responseHeaders) {
    HttpHeaders headers = new HttpHeaders();
    Arrays.stream(responseHeaders)
        .forEach(header -> headers.add(header.getName(), header.getValue()));
    return headers;
  }

The String matterId that the top-level method getMatter() receives is of form uuid, e.g c445e164-842f-44ec-9e38-6ae3a99fefd8. Unfortunately, when testing this endpoint locally from my POSTMAN at localhost:8084/rcm/api/v1/matter/c445e164-842f-44ec-9e38-6ae3a99fefd8, I notice the following:

  • POSTMAN receives a 200 OK but with boilerplate HTML source for a redirect page.

  • More interestingly, the controller thread logs of an "Invalid Cookie Header" at WARN - level:

2022-07-18 20:05:52.331-04:00  INFO 60322 --- [reactor-http-nio-3] o.f.r.caseapi.gateway.controller.RcmApi  : Received call to RCM api getMatter: c445e164-842f-44ec-9e38-6ae3a99fefd8
2022-07-18 20:05:56.803-04:00  WARN 60322 --- [reactor-http-nio-3] o.a.h.c.protocol.ResponseProcessCookies  : Invalid cookie header: "Set-Cookie: AWSALB=pAa3xa4sTidJy1nU1HKgYZEGx55KVvoCyojb+0FWnPksfr8qSmfBLg052RiLhw7FmhDYzSxzikY7rKIhfisr6YCP08ubdoUcSjJqOf8UcndIpU7q9fQzqM13GTYA; Expires=Tue, 26 Jul 2022 00:05:54 GMT; Path=/". Invalid 'expires' attribute: Tue, 26 Jul 2022 00:05:54 GMT
2022-07-18 20:05:56.804-04:00  WARN 60322 --- [reactor-http-nio-3] o.a.h.c.protocol.ResponseProcessCookies  : Invalid cookie header: "Set-Cookie: AWSALBCORS=pAa3xa4sTidJy1nU1HKgYZEGx55KVvoCyojb+0FWnPksfr8qSmfBLg052RiLhw7FmhDYzSxzikY7rKIhfisr6YCP08ubdoUcSjJqOf8UcndIpU7q9fQzqM13GTYA; Expires=Tue, 26 Jul 2022 00:05:54 GMT; Path=/; SameSite=None; Secure". Invalid 'expires' attribute: Tue, 26 Jul 2022 00:05:54 GMT

Thinking that POSTMAN was messing up the request cookie somehow, I have tried the exact same process through INSOMNIA, getting the exact same behavior. Any help appreciated.

Solution

  • Try to prepare your HttpClient like so:

    HttpClient httpClient = HttpClients.custom()
            .setDefaultRequestConfig(RequestConfig.custom()        
            .setCookieSpec(CookieSpecs.STANDARD).build())
            .build();