tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bean William R <>
Subject RE: .net web service client calling Tomcat 7
Date Mon, 03 Jun 2013 17:47:08 GMT
>When client sends a request there are written 2 lines at tomcat access log:
> - - [03/Jun/2013:16:02:24 +0200] "POST /ades-server/adesOperationsWebService
HTTP/1.1" 401 951
> - - [01/Jan/1970:00:59:59 +0100] "<s:Envelope xmlns:s=""><s:Body
null" 400 -
>Basically the .net client never sends Authorization header at first time.
>I used wireshark to see the communication:
>1. C sends packet with http headers.
>2. C sends  packet with first part of soap xml request that begins <s:Envelope ...
>3. S replies 401 Unauthorized.
>4. S replies 400 Bad Request.
>5. S sends RST (reset packet).

I can't offer an answer, but sympathy and a workaround:

We ran into this exact same issue when we moved to Apache httpd webservers.  We opted to disable
keepalive for "MS Web Services" clients with:

BrowserMatch "MS Web Services" nokeepalive

rather than fighting an RFC interpretation battle... 

It looks like similar could be done in tomcat with "restrictedUserAgents" option on the http

-- Bill

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message