Net-dev, I'm attempting to use java.net.http.HttpClient to make a login form
submission and follow a sequence of redirects. To my surprise, the HttpClient
redirect internals (jdk.internal.net.http.HttpRequestImpl) seem to carry the
original request body into subsequent requests. In my case, that means sending
user credentials (gasp!) to the target of a redirect. Additionally, GET
requests with bodies are rejected outright by the target system.
Why is HttpClient behaving this way? Browsers certainly doin't do this. Am I
missing a config option?
-----
HttpClient client = HttpClient.newBuilder()
.version(HttpClient.Version.HTTP_1_1)
.connectTimeout(Duration.ofSeconds(5))
.cookieHandler(new CookieManager())
.followRedirects(HttpClient.Redirect.ALWAYS)
.build();
String url = "...";
Map<String, String> body = Map.of(
"emailAddress", "...",
"password", "...");
String encoded = body.entrySet().stream()
.map(e -> e.getKey() + "=" + UrlEncoded.encodeString(e.getValue(),
StandardCharsets.UTF_8))
.collect(Collectors.joining("&"));
HttpRequest request = HttpRequest.newBuilder()
.timeout(Duration.ofSeconds(5))
.uri(URI.create(url))
.header("User-Agent", "...")
.header("Content-Type", "application/x-www-form-urlencoded")
.POST(HttpRequest.BodyPublishers.ofString(encoded))
.build();
HttpResponse<String> response = client.send(request,
HttpResponse.BodyHandlers.ofString());
System.out.println(response.statusCode());
System.out.println(response.headers());
System.out.println(response.body());
