Jetty HTTP client supports cookies out of the box. The HttpClient instance receives cookies from HTTP responses and stores them in a java.net.CookieStore, a class that is part of the JDK. When new requests are made, the cookie store is consulted and if there are matching cookies (that is, cookies that are not expired and that match domain and path of the request) then they are added to the requests.

Applications can programmatically access the cookie store to find the cookies that have been set:

CookieStore cookieStore = httpClient.getCookieStore();
List<HttpCookie> cookies = cookieStore.get(URI.create("http://domain.com/path"));

      

Applications can also programmatically set cookies as if they were returned from a HTTP response:

CookieStore cookieStore = httpClient.getCookieStore();
HttpCookie cookie = new HttpCookie("foo", "bar");
cookie.setDomain("domain.com");
cookie.setPath("/");
cookie.setMaxAge(TimeUnit.DAYS.toSeconds(1));
cookieStore.add(URI.create("http://domain.com"), cookie);

      

You can remove cookies that you do not want to be sent in future HTTP requests:

CookieStore cookieStore = httpClient.getCookieStore();
URI uri = URI.create("http://domain.com");
List<HttpCookie> cookies = cookieStore.get(uri);
for (HttpCookie cookie : cookies)
    cookieStore.remove(uri, cookie);

      

If you want to totally disable cookie handling, you can install a HttpCookieStore.Empty instance in this way:

httpClient.setCookieStore(new HttpCookieStore.Empty());

      

You can enable cookie filtering by installing a cookie store that performs the filtering logic in this way:

httpClient.setCookieStore(new GoogleOnlyCookieStore());

public class GoogleOnlyCookieStore extends HttpCookieStore
{
    @Override
    public void add(URI uri, HttpCookie cookie)
    {
        if (uri.getHost().endsWith("google.com"))
            super.add(uri, cookie);
    }
}

      

The example above will retain only cookies that come from the google.com domain or sub-domains.

Jetty HTTP client supports the "Basic" and "Digest" authentication mechanisms defined by RFC 2617.

You can configure authentication credentials in the HTTP client instance as follows:

String uri = "http://domain.com/secure";
String realm = "MyRealm";
String user = "username";
String pass = "password";

// Add authentication credentials
AuthenticationStore auth = httpClient.getAuthenticationStore();
auth.addAuthentication(new BasicAuthentication(uri, realm, user, pass));

ContentResponse response = httpClient
        .newRequest(uri)
        .send()
        .get(5, TimeUnit.SECONDS);

      

Jetty HTTP client tests authentication credentials against the challenge(s) the server issues, and if they match it automatically sends the right authentication headers to the server for authentication. If the authentication is successful, it caches the result and reuses it for subsequent requests for the same domain and matching URIs.

Successful authentications are cached, but it is possible to clear them in order to force authentication again:

httpClient.getAuthenticationStore().clearAuthenticationResults();

      

Jetty HTTP client can be configured to use a forward proxy:

ProxyConfiguration proxyConfig = new ProxyConfiguration("proxyHost", proxyPort);
// Do not proxy requests for localhost:8080
proxyConfig.getExcludedOrigins().add("localhost:8080");

httpClient.setProxyConfiguration(proxyConfig);

ContentResponse response = httpClient.GET(uri);

      

You specify the proxy host and port, and optionally also the origins that you do not want to be proxied, and then set the proxy configuration on the HttpClient instance.

Configured in this way, HttpClient makes requests to the proxy (for plain-text HTTP requests) or establishes a tunnel via HTTP CONNECT (for encrypted HTTPS requests).