cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dmitriy Fedoriv (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-6007) WebClient does not resend request in Digest authentication for HTTP methods GET, HEAD, DELETE, OPTIONS (with no body).
Date Thu, 18 Sep 2014 13:49:35 GMT

    [ https://issues.apache.org/jira/browse/CXF-6007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14138961#comment-14138961
] 

Dmitriy Fedoriv commented on CXF-6007:
--------------------------------------

Hi Sergey,

Thank you for reply.

>> Can you clarify please which parts of 1) or 2) may be affecting the digest re-try
in case of the empty requests ? 
Code is responsible for setting the "WWW-Authenticate" header located in method - authorizationRetransmit(HttpURLConnection
connection, Message message, CacheAndWriteOutputStream cachedStream) line: 1047

If we go up the call stack, we can find that the only one place is it calling this is the
method (1).
So, what I think is wrong that is condition in line: 1448.

if (cachedStream != null || ("GET".equals(connection.getRequestMethod()) && getClient().isAutoRedirect()))
{
 ...
connection = processRetransmit(connection, outMessage, cachedStream); 
 ...
}

It allows retransmits (needed for digest authorization) only for HTTP methods whose body is
cached (like POST and PUT) or GET method, provided that the auto-redirection is enabled.

Code responsible for caching (creating cachedStream) located in the method (2) line: 1353.

...
if (!"POST".equals(connection.getRequestMethod()) && !"PUT".equals(connection.getRequestMethod()))
{
    return;
}
if (outMessage.get("org.apache.cxf.post.empty") != null) {
    return;
}
if (cachingForRetransmission) {
    cachedStream =  new CacheAndWriteOutputStream(connection.getOutputStream());
    wrappedStream = cachedStream;
} else {
     wrappedStream = connection.getOutputStream();
}

>>If you had a chance to debug, what is different there when say a POST with body is
done, which does make a digest re-try to succeed ?
In this part of code we can see that cachedStream create only for POST and PUT methods with
not empty body. This is the difference.

Thanks and regards,
Dmitriy.

> WebClient does not resend request in Digest authentication for HTTP methods GET, HEAD,
DELETE, OPTIONS (with no body).
> ----------------------------------------------------------------------------------------------------------------------
>
>                 Key: CXF-6007
>                 URL: https://issues.apache.org/jira/browse/CXF-6007
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS, Transports
>    Affects Versions: 3.0.0, 3.0.1
>         Environment: Windows 7, jdk1.7.0_65, cxf-rt-transports-http: 3.0.x
>            Reporter: Dmitriy Fedoriv
>
> Hi guys,
> I try to send DELETE, GET (auto-redirect disabled), HEAD, OPTIONS or any other HTTP requests
with no body used digest authentication to RESTful service. In this case I always get "first"
HTTP response with status code 401 - Unathorized but client does not resend "answer" with
"WWW-Authenticate" header.
> I had the assumption that the problem arises due to incorrect cache settings in methods:
> 1) HTTPConduit.WrappedOutputStream.handleHeadersTrustCaching()
> and
> 2) HTTPConduit.WrappedOutputStream.handleRetransmits()).
> in package org.apache.cxf.transport.http.
> Is there any way to be properly authorized by the service (digest mode) in these cases?

> In my application I use, depending on the following versions of products:
> - javax.ws.rs-api: 2.0 
> - javax.annotation-api: 1.2 
> - cxf-core: 3.0.1 
> - cxf-rt-rs-client: 3.0.1 
> - cxf-rt-frontend-jaxrs: 3.0.1 
> - cxf-rt-transports-http: 3.0.1 
> - cxf-rt-transports-http-hc: 3.0.1 
> - httpasyncclient: 4.0.1 
> - httpclient: 4.3.2 
> - httpcore: 4.3.2 
> - httpcore-nio:4.3.2
> I look forward to your assistance. Thank you.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message