I'm trying to use sitemesh to pull content together on a screen. You have to be "logged" into the site to view the page that site mesh is displaying and you must be logged in to view the components sitemesh is trying to pull in and decorate.
I'm using spring security and PersistentTokenBasedRememberMeServices to do this. What happens is, when site mesh calls out to get it's components to decorate it gets the login screen provided by spring security instead of the content even though the user is logged in and has access to the page.
Digging through the sitemesh code, site mesh is making a URL and a URLconnection to make it's calls to decorate.
URL url = new URL(this.page);
URLConnection urlConn = url.openConnection();
urlConn.setUseCaches(true);
BufferedReader in = new BufferedReader(new InputStreamReader(urlConn.getInputStream()));
So I guess my question is... can I just attach the spring security token to the urlConnection like this?
URL url = new URL(page);
URLConnection urlConn = url.openConnection();
urlConn.setRequestProperty("Cookie", myCookie);
urlConn.setUseCaches(true);
urlConn.connect();
If so, what does the format of the cookie need to be? I've tried what is below (the gibberish is the value of the security cookie generated by spring security)
securityCookie=Y2E0cFR1WWp6RTRjTzRBSFhYaG50dz09OjR mNzlON2syVXh3M01BSXRONGV2QXc9PQ
It doesn't work as I get a cookie theft exception from Spring Security. Any ideas? Do I need to add the path or domain? If so what is the format?
Does the cookie value need to be encoded in some way?
