hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lee Francis Wilhelmsen <le...@start.no>
Subject Re: Posting XML over authenticated connection using SSL
Date Tue, 18 May 2004 12:18:36 GMT
>> - The server responds saying not authorized with a realm value
>> - HTTP Client then resends the post using the credentitals
>>   I have supplied (why doesn't it do this the first time?)
> 
> This is the standard behaviour. You can enable preemtive authentication.

Ok, so I found a setAuthenticationPreemptive(boolean) method in the 
HttpState object that I set before setting the credentials. However, my 
wire trace is still telling me that the HTTP Client API isn't sending 
the "Authorization" header until after a 401 response has been returned 
from the server first.

The server is also returning a cookie which is used by the HTTP Client 
API but doesn't seem to have any effect on the authorization procedure 
even though it is sent to the server after the first successful request. 
The server still sends the 401 response.

I'm sending a "Connection: close" header with every request to rectify a 
possible bug on the server. I don't know if this has anything to do with 
this.

Here's what the code looks like:


client.setStrictMode(false);

UsernamePasswordCredentials upc =
	new UsernamePasswordCredentials(username, password);
client.getState().setAuthenticationPreemptive(true);
client.getState().setCredentials(realm, host, upc);

PostMethod method = new PostMethod(url);
method.addParameter("something", something);
method.setHttp11(true);
method.setDoAuthentication(true);
method.setRequestHeader("Connection", "close");

DefaultMethodRetryHandler methodRetryHandler =
	new DefaultMethodRetryHandler();
method.setMethodRetryHandler(methodRetryHandler);

status = client.executeMethod(hostConfiguration, method, httpState);


Here's a part of the wire log illustrating the process for two requests 
(the first and second of a batch of many requests). As far as I can tell 
the log is telling me that HTTP Client is using two requests for every 
one nesessary. I can live with that, but I'd like to know why first.


 >> "POST /sting/StingServlet HTTP/1.1[\r][\n]"
 >> "Connection: close[\r][\n]"
 >> "User-Agent: Jakarta Commons-HttpClient/2.0final[\r][\n]"
 >> "Host: e-torg.no.ihost.com[\r][\n]"
 >> "Content-Length: 817[\r][\n]"
 >> "Content-Type: application/x-www-form-urlencoded[\r][\n]"
 >> "[\r][\n]"
 >> "something=first request removed"

<< "HTTP/1.1 401 Unauthorized [\r][\n]"
<< "Server: IBM HTTP Server/V5R3M0[\r][\n]"
<< "Date: Tue, 18 May 2004 11:00:01 GMT[\r][\n]"
<< "Connection: close[\r][\n]"
<< "Accept-Ranges: bytes[\r][\n]"
<< "Content-Type: text/html; charset=IBM-1047[\r][\n]"
<< "Content-Length: 282[\r][\n]"
<< "Last-Modified: Tue, 18 May 2004 11:00:01 GMT[\r][\n]"
<< "Expires: Tue, 18 May 2004 11:00:01 GMT[\r][\n]"
<< "Pragma: no-cache[\r][\n]"
<< "Cache-Control: no-cache[\r][\n]"
<< "WWW-Authenticate: Basic realm="STING_Restricted"[\r][\n]"
<< "<HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY>Authentication

failed.</BODY></HTML>"

 >> "POST /sting/StingServlet HTTP/1.1[\r][\n]"
 >> "Connection: close[\r][\n]"
 >> "User-Agent: Jakarta Commons-HttpClient/2.0final[\r][\n]"
 >> "Host: e-torg.no.ihost.com[\r][\n]"
 >> "Content-Length: 817[\r][\n]"
 >> "Content-Type: application/x-www-form-urlencoded[\r][\n]"
 >> "Authorization: Basic aTAweGRrOmVqYjl3aQ==[\r][\n]"
 >> "[\r][\n]"
 >> "something=first request removed"

<< "HTTP/1.1 200 ok [\r][\n]"
<< "Server: IBM HTTP Server/V5R3M0[\r][\n]"
<< "Date: Tue, 18 May 2004 11:00:03 GMT[\r][\n]"
<< "Connection: close[\r][\n]"
<< "Accept-Ranges: bytes[\r][\n]"
<< "Content-Type: text/xml[\r][\n]"
<< "Content-Length: 22264[\r][\n]"
<< "Last-Modified: Tue, 18 May 2004 11:00:03 GMT[\r][\n]"
<< "Expires: Thu, 01 Dec 1994 16:00:00 GMT[\r][\n]"
<< "Set-Cookie: sesessionid=9777DdKU6v_coYhba0G3GUEb;Path=/[\r][\n]"
<< "Cache-Control: no-cache="set-cookie,set-cookie2"[\r][\n]"
<< "<?xml version="1.0" encoding="UTF-8"?>[\n]"
<< "first xml response removed [\n]"

 >> "POST /sting/StingServlet HTTP/1.1[\r][\n]"
 >> "Connection: close[\r][\n]"
 >> "User-Agent: Jakarta Commons-HttpClient/2.0final[\r][\n]"
 >> "Host: e-torg.no.ihost.com[\r][\n]"
 >> "Cookie: $Version=0; sesessionid=9777DdKU6v_coYhba0G3GUEb; 
$Path=/[\r][\n]"
 >> "Content-Length: 865[\r][\n]"
 >> "Content-Type: application/x-www-form-urlencoded[\r][\n]"
 >> "[\r][\n]"
 >> "something=second request removed"

<< "HTTP/1.1 401 Unauthorized [\r][\n]"
<< "Server: IBM HTTP Server/V5R3M0[\r][\n]"
<< "Date: Tue, 18 May 2004 11:00:06 GMT[\r][\n]"
<< "Connection: close[\r][\n]"
<< "Accept-Ranges: bytes[\r][\n]"
<< "Content-Type: text/html; charset=IBM-1047[\r][\n]"
<< "Content-Length: 282[\r][\n]"
<< "Last-Modified: Tue, 18 May 2004 11:00:06 GMT[\r][\n]"
<< "Expires: Tue, 18 May 2004 11:00:06 GMT[\r][\n]"
<< "Pragma: no-cache[\r][\n]"
<< "Cache-Control: no-cache[\r][\n]"
<< "WWW-Authenticate: Basic realm="STING_Restricted"[\r][\n]"
<< "<HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY>Authentication

failed.</BODY></HTML>"

 >> "POST /sting/StingServlet HTTP/1.1[\r][\n]"
 >> "Connection: close[\r][\n]"
 >> "User-Agent: Jakarta Commons-HttpClient/2.0final[\r][\n]"
 >> "Host: e-torg.no.ihost.com[\r][\n]"
 >> "Content-Length: 865[\r][\n]"
 >> "Content-Type: application/x-www-form-urlencoded[\r][\n]"
 >> "Authorization: Basic aTAweGRrOmVqYjl3aQ==[\r][\n]"
 >> "Cookie: $Version=0; sesessionid=9777DdKU6v_coYhba0G3GUEb; 
$Path=/[\r][\n]"
 >> "[\r][\n]"
 >> "something=second request removed"

<< "HTTP/1.1 200 ok [\r][\n]"
<< "Server: IBM HTTP Server/V5R3M0[\r][\n]"
<< "Date: Tue, 18 May 2004 11:00:07 GMT[\r][\n]"
<< "Connection: close[\r][\n]"
<< "Accept-Ranges: bytes[\r][\n]"
<< "Content-Type: text/xml[\r][\n]"
<< "Content-Length: 22181[\r][\n]"
<< "Last-Modified: Tue, 18 May 2004 11:00:07 GMT[\r][\n]"
<< "<?xml version="1.0" encoding="UTF-8"?>[\n]"
<< "second xml response removed [\n]"

etc.

Any ideas why this is happening?

Best regards
Lee Francis Wilhelmsen


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message