cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Kulp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-4858) Maintain Session (Cookie) is not honoured when using NTLM
Date Wed, 06 Mar 2013 22:32:12 GMT

    [ https://issues.apache.org/jira/browse/CXF-4858?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13595204#comment-13595204
] 

Daniel Kulp commented on CXF-4858:
----------------------------------


Michael,

Instead of making modifications to HTTPConduit$WrappedOutputStream#authorizationRetransmit(),
I overrode that method in the AsyncHTTPConduit subclass so it would be specific to the Async
things.   In anycase, if Jenkins builds are successful tonights, tomorrows 2.7.4-SNAPSHOT
should have it.

Thanks!
                
> Maintain Session (Cookie) is not honoured when using NTLM
> ---------------------------------------------------------
>
>                 Key: CXF-4858
>                 URL: https://issues.apache.org/jira/browse/CXF-4858
>             Project: CXF
>          Issue Type: Bug
>          Components: Transports
>    Affects Versions: 2.7.3
>         Environment: Windows Server 2008 R2 Standard SP1 (Client & Server). 
> JDK6 + 7 both tried (Client).
> IIS 7 (Server)
>            Reporter: Michael Watson
>            Assignee: Daniel Kulp
>             Fix For: 2.7.4
>
>         Attachments: HTTPConduit.diff
>
>
> When using the AsyncHTTPConduit in an attempt to authenticate against an IIS based webservice
that requires NTLM & an authentication cookie (ASP.NET_SessionId) I see that the NTLM
authentication succeeds but because the session cookie is missing the endpoint returns another
401.
> I'll attach wireshark output that demonstrates this behaviour.
> I've narrowed it down to:   
>   HTTPConduit$WrappedOutputStream#authorizationRetransmit()
> where authorizationToken below is always null when using NTLM so it returns false and
doesn't continue down to the block of code about 6 lines down that sets the cookies!
> String authorizationToken =   
>   authSupplier.getAuthorization(effectiveAthPolicy, currentURI, outMessage,   
>                                 authHeader.getFullHeader());
> if (authorizationToken == null) {
>   // authentication not possible => we give up
>   return false;
> }

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message