You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-user@axis.apache.org by Fabrízzio Cabral de Lacerda <fa...@gmail.com> on 2005/12/14 21:23:10 UTC

Urgent: Axis 1.3 BasicAuthentication and CommonsHTTPSender problem

Hello!!

I am sending again my problem!!!!

I am using Axis 1.3, tomcat 5.5.12, java 1.5.

I am using a client-deploy.wsdd that points to CommonHTTPSender
transport so my axis client can use Http 1.1. I am
also using commonsHTTPclient-3.0-rc4.jar and commonsCodec-1-3.jar.

My web service is using those two handlers for authentication:
<requestFlow name="checks">
       <handler
type="java:org.apache.axis.handlers.SimpleAuthenticationHandler"/>
       <handler
type="java:org.apache.axis.handlers.SimpleAuthorizationHandler"/>
</requestFlow>.

I also set the userName and password for my Call object. Also set
setMaintainSession(true).

The problem is:

When the client sends the message it is not authorized (HTTP/1.1 401
Unauthorized). But the client sends
automatically the same message again, and now it is authorized.

Running ethereal I saw in the Http Header that in the first message
there is not a "Authorization: Basic + some hexadecimal stuff" entry.
The Http header response has the follow entry: WWW-Authenticate: Basic
realm="AXIS". I did not set this realm at any place (tomcat
configuration file or the axis server side).

At the axis fault string I have: <faultstring>User 'null' not
authenticated (unknown user)</faultstring>.

As I said I set the user name and password (Ah, the user name and
password exists at users.lst). Only one detail. Debugging I saw that
in the messageContext object, at the client side, that the user name
and password were empty. So in my stub I also set userName and
password for the messageContext. See the code below:

_call.getMessageContext().setUsername(userName);

_call.getMessageContext().setPassword(passWord);

The second message, that is the first one sent again, goes with the
Authorization entry at the Http header. The credentials: user name and
password, are filled. So, the message is authorized.

At last, when I use http 1.0 and HTTPSender I do not have the 
authentication problem and
the message´s duplication problem.

With this problem, when I use http 1.1 (using CommonsHTTPSender)my web
service is slower than
with http 1.0 (using HTTPSender) even running it at a local network!!!!

Could anyone help me? What is going on?

Thx,

Fabrizzio Cabral de Lacerda