cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Watson (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CXF-4858) Maintain Session (Cookie) is not honoured when using NTLM
Date Wed, 27 Feb 2013 22:37:12 GMT

     [ https://issues.apache.org/jira/browse/CXF-4858?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Michael Watson updated CXF-4858:
--------------------------------

    Attachment: HTTPConduit.diff

Diff as shown in comments.
                
> Maintain Session (Cookie) is not honoured when using NTLM
> ---------------------------------------------------------
>
>                 Key: CXF-4858
>                 URL: https://issues.apache.org/jira/browse/CXF-4858
>             Project: CXF
>          Issue Type: Bug
>          Components: Transports
>    Affects Versions: 2.7.3
>         Environment: Windows Server 2008 R2 Standard SP1 (Client & Server). 
> JDK6 + 7 both tried (Client).
> IIS 7 (Server)
>            Reporter: Michael Watson
>         Attachments: HTTPConduit.diff
>
>
> When using the AsyncHTTPConduit in an attempt to authenticate against an IIS based webservice
that requires NTLM & an authentication cookie (ASP.NET_SessionId) I see that the NTLM
authentication succeeds but because the session cookie is missing the endpoint returns another
401.
> I'll attach wireshark output that demonstrates this behaviour.
> I've narrowed it down to:   
>   HTTPConduit$WrappedOutputStream#authorizationRetransmit()
> where authorizationToken below is always null when using NTLM so it returns false and
doesn't continue down to the block of code about 6 lines down that sets the cookies!
> String authorizationToken =   
>   authSupplier.getAuthorization(effectiveAthPolicy, currentURI, outMessage,   
>                                 authHeader.getFullHeader());
> if (authorizationToken == null) {
>   // authentication not possible => we give up
>   return false;
> }

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message