Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6646229

CookieManager.get() checks requestHeaders for null but never uses it



    • Bug
    • Status: Open
    • P3
    • Resolution: Unresolved
    • 6u3
    • None
    • core-libs
    • Cause Known
    • generic
    • solaris_nevada


      When using CookieManager in conjunction with HttpUrlConnection, the 'obvious' thing is to do something like this:

          // variable CookieManager cookies is initialised elsewhere.
          URL url = uri.toURL();
          HttpUrlConnection conn = (HttpUrlConnection) url.openConnection();
          for (Map.Entry<String, List<String>> c :
            cookies.get(uri, conn.getHeaderFields().entrySet()) {
              StringBuilder value = new StringBuilder();
              for (String v : c.getValue()) {
                  if (value/length() > 0) {
              conn.addRequestProperty(c.getKey(), value.toString());

      The problem is that the call to conn.getHeaderFields() opens the connection and makes the request, so the subsequent call to conn.addRequestproperty() throws an exception, as the request has already been made and attemting to set the request parameters clearly shouldn't be allowed.

      If we actually look at the source of CookieManager.get() we see that the value passed in as requestHeaders is never used, but we have this:

          public Map<String, List<String>>
              get(URI uri, Map<String, List<String>> requestHeaders)
              throws IOException
              // pre-condition check
              if (uri == null || requestHeaders == null) {
                  throw new IllegalArgumentException("Argument is null");

      So if we pass it in as null, an exception is thrown. The only way around this is to create a 'dummy' requestHeaders parameter for CookieManager.get(), consisting of an empty Map<String, List<String>>.

      The requestHeaders == null check should be removed, and the method documented to make it clear that null can be passed.

      Also, it's far from clear why requestParameters would ever be needed by CookieManager.get(), or why the CookieHandler abstract base class evey declares it as a parameter in the first place - when setting cookies for a request, why would you ever need access to the request headers of the previous request? And passing in the request parameters of the current request makes little sense either, unless I'm missing something obvious (which is entirely possible ;-)

      Shouldn't the CookieHandler.get() method be replaced with a single-argument one that just takes the URI parameter?




            Unassigned Unassigned
            alanbur Alan Burlison
            0 Vote for this issue
            1 Start watching this issue