You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "jeff ling (JIRA)" <ji...@apache.org> on 2007/03/01 07:11:50 UTC
[jira] Created: (AXIS2-2274) Axis 2 as a client, access https://
doesn't work
Axis 2 as a client, access https:// doesn't work
------------------------------------------------
Key: AXIS2-2274
URL: https://issues.apache.org/jira/browse/AXIS2-2274
Project: Axis 2.0 (Axis2)
Issue Type: Bug
Components: transports
Affects Versions: 1.1
Reporter: jeff ling
Priority: Critical
When the server is IIS, https doesn't work. https itself is supported through Httpclient.
The credential is put in to "state" as:
agent.getState().setCredentials(new AuthScope(host, port, realm), creds);
The problem is that if it's https, real port is implied, and the "port" here is the default "80". However, when the response comes back, the actually port (usually 433) is returned. That caused the credential (provider) not found.
This is only one of the issues. The credential handling code below is really wrong:
if (host != null) {
if (domain != null) {
/*Credentials for NTLM Authentication*/
creds = new NTCredentials(username, password, host, domain);
} else {
/*Credentials for Digest and Basic Authentication*/
creds = new UsernamePasswordCredentials(username, password);
}
agent.getState().setCredentials(new AuthScope(host, port, realm), creds);
} else {
/*Credentials only for Digest and Basic Authentication*/
creds = new UsernamePasswordCredentials(username, password);
agent.getState().setCredentials(new AuthScope(AuthScope.ANY), creds);
}
First, whether it's basic or Digest is not decided by whether domain name exists, and realm applies to basic and digest, not integrated. If you look at the IIS web server config screen, you will see.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org
[jira] Commented: (AXIS2-2274) Axis 2 as a client, access https://
doesn't work
Posted by "Oleg Kalnichevski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AXIS2-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12477243 ]
Oleg Kalnichevski commented on AXIS2-2274:
------------------------------------------
Jeff,
I personally see no problem with the credential handling code as far as HttpClient is concerned. NTCredentials is a subclass of UsernamePasswordCredentials. Therefore it can be used with Basic and Digest auth schemes. The domain and host attributes will simply have no effect.
Besides, HTTP authentication has no relation with HTTPS of what so ever. What specifically does not work in your case? Can you produce a wire/context log of an HTTP session that exhibits the problem or the exception stack trace at the very least?
http://jakarta.apache.org/commons/httpclient/logging.html
Oleg
> Axis 2 as a client, access https:// doesn't work
> ------------------------------------------------
>
> Key: AXIS2-2274
> URL: https://issues.apache.org/jira/browse/AXIS2-2274
> Project: Axis 2.0 (Axis2)
> Issue Type: Bug
> Components: transports
> Affects Versions: 1.1
> Reporter: jeff ling
> Assigned To: Saminda Wishwajith Abeyruwan
> Priority: Critical
>
> When the server is IIS, https doesn't work. https itself is supported through Httpclient.
> The credential is put in to "state" as:
> agent.getState().setCredentials(new AuthScope(host, port, realm), creds);
> The problem is that if it's https, real port is implied, and the "port" here is the default "80". However, when the response comes back, the actually port (usually 433) is returned. That caused the credential (provider) not found.
> This is only one of the issues. The credential handling code below is really wrong:
> if (host != null) {
> if (domain != null) {
> /*Credentials for NTLM Authentication*/
> creds = new NTCredentials(username, password, host, domain);
> } else {
> /*Credentials for Digest and Basic Authentication*/
> creds = new UsernamePasswordCredentials(username, password);
> }
> agent.getState().setCredentials(new AuthScope(host, port, realm), creds);
> } else {
> /*Credentials only for Digest and Basic Authentication*/
> creds = new UsernamePasswordCredentials(username, password);
> agent.getState().setCredentials(new AuthScope(AuthScope.ANY), creds);
> }
> First, whether it's basic or Digest is not decided by whether domain name exists, and realm applies to basic and digest, not integrated. If you look at the IIS web server config screen, you will see.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org
[jira] Resolved: (AXIS2-2274) Axis 2 as a client, access https://
doesn't work
Posted by "Saminda Wishwajith Abeyruwan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AXIS2-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Saminda Wishwajith Abeyruwan resolved AXIS2-2274.
-------------------------------------------------
Resolution: Fixed
Fixed. If the protocol is https then we use the default part as 443
> Axis 2 as a client, access https:// doesn't work
> ------------------------------------------------
>
> Key: AXIS2-2274
> URL: https://issues.apache.org/jira/browse/AXIS2-2274
> Project: Axis 2.0 (Axis2)
> Issue Type: Bug
> Components: transports
> Affects Versions: 1.1
> Reporter: jeff ling
> Assigned To: Saminda Wishwajith Abeyruwan
> Priority: Critical
>
> When the server is IIS, https doesn't work. https itself is supported through Httpclient.
> The credential is put in to "state" as:
> agent.getState().setCredentials(new AuthScope(host, port, realm), creds);
> The problem is that if it's https, real port is implied, and the "port" here is the default "80". However, when the response comes back, the actually port (usually 433) is returned. That caused the credential (provider) not found.
> This is only one of the issues. The credential handling code below is really wrong:
> if (host != null) {
> if (domain != null) {
> /*Credentials for NTLM Authentication*/
> creds = new NTCredentials(username, password, host, domain);
> } else {
> /*Credentials for Digest and Basic Authentication*/
> creds = new UsernamePasswordCredentials(username, password);
> }
> agent.getState().setCredentials(new AuthScope(host, port, realm), creds);
> } else {
> /*Credentials only for Digest and Basic Authentication*/
> creds = new UsernamePasswordCredentials(username, password);
> agent.getState().setCredentials(new AuthScope(AuthScope.ANY), creds);
> }
> First, whether it's basic or Digest is not decided by whether domain name exists, and realm applies to basic and digest, not integrated. If you look at the IIS web server config screen, you will see.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org
[jira] Commented: (AXIS2-2274) Axis 2 as a client, access https://
doesn't work
Posted by "Oleg Kalnichevski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AXIS2-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12477391 ]
Oleg Kalnichevski commented on AXIS2-2274:
------------------------------------------
I am not really "assigned" to this issue. All I am saying I see nothing wrong with Axis2 code as far as HttpClient is concerned. Per default Axis2 uses AuthScope.ANY_PORT as the port value for the auth scope, therefore the port the target server is listening on should not matter. The same set of credentials will apply to any port of the given target host.
Oleg
> Axis 2 as a client, access https:// doesn't work
> ------------------------------------------------
>
> Key: AXIS2-2274
> URL: https://issues.apache.org/jira/browse/AXIS2-2274
> Project: Axis 2.0 (Axis2)
> Issue Type: Bug
> Components: transports
> Affects Versions: 1.1
> Reporter: jeff ling
> Assigned To: Saminda Wishwajith Abeyruwan
> Priority: Critical
>
> When the server is IIS, https doesn't work. https itself is supported through Httpclient.
> The credential is put in to "state" as:
> agent.getState().setCredentials(new AuthScope(host, port, realm), creds);
> The problem is that if it's https, real port is implied, and the "port" here is the default "80". However, when the response comes back, the actually port (usually 433) is returned. That caused the credential (provider) not found.
> This is only one of the issues. The credential handling code below is really wrong:
> if (host != null) {
> if (domain != null) {
> /*Credentials for NTLM Authentication*/
> creds = new NTCredentials(username, password, host, domain);
> } else {
> /*Credentials for Digest and Basic Authentication*/
> creds = new UsernamePasswordCredentials(username, password);
> }
> agent.getState().setCredentials(new AuthScope(host, port, realm), creds);
> } else {
> /*Credentials only for Digest and Basic Authentication*/
> creds = new UsernamePasswordCredentials(username, password);
> agent.getState().setCredentials(new AuthScope(AuthScope.ANY), creds);
> }
> First, whether it's basic or Digest is not decided by whether domain name exists, and realm applies to basic and digest, not integrated. If you look at the IIS web server config screen, you will see.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org
[jira] Assigned: (AXIS2-2274) Axis 2 as a client, access https://
doesn't work
Posted by "Deepal Jayasinghe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AXIS2-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Deepal Jayasinghe reassigned AXIS2-2274:
----------------------------------------
Assignee: Saminda Wishwajith Abeyruwan
Saminda , could you please have a look at this issue
Thanks
Deepal
> Axis 2 as a client, access https:// doesn't work
> ------------------------------------------------
>
> Key: AXIS2-2274
> URL: https://issues.apache.org/jira/browse/AXIS2-2274
> Project: Axis 2.0 (Axis2)
> Issue Type: Bug
> Components: transports
> Affects Versions: 1.1
> Reporter: jeff ling
> Assigned To: Saminda Wishwajith Abeyruwan
> Priority: Critical
>
> When the server is IIS, https doesn't work. https itself is supported through Httpclient.
> The credential is put in to "state" as:
> agent.getState().setCredentials(new AuthScope(host, port, realm), creds);
> The problem is that if it's https, real port is implied, and the "port" here is the default "80". However, when the response comes back, the actually port (usually 433) is returned. That caused the credential (provider) not found.
> This is only one of the issues. The credential handling code below is really wrong:
> if (host != null) {
> if (domain != null) {
> /*Credentials for NTLM Authentication*/
> creds = new NTCredentials(username, password, host, domain);
> } else {
> /*Credentials for Digest and Basic Authentication*/
> creds = new UsernamePasswordCredentials(username, password);
> }
> agent.getState().setCredentials(new AuthScope(host, port, realm), creds);
> } else {
> /*Credentials only for Digest and Basic Authentication*/
> creds = new UsernamePasswordCredentials(username, password);
> agent.getState().setCredentials(new AuthScope(AuthScope.ANY), creds);
> }
> First, whether it's basic or Digest is not decided by whether domain name exists, and realm applies to basic and digest, not integrated. If you look at the IIS web server config screen, you will see.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org
[jira] Commented: (AXIS2-2274) Axis 2 as a client, access https://
doesn't work
Posted by "jeff ling (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AXIS2-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12477376 ]
jeff ling commented on AXIS2-2274:
----------------------------------
So you are working on httpclient, not Axis2? Then I guess this should be
assigned to someone else. Can you reassign this bug to someone else in Axis2
to fix the first (443 port) issue? The problem here is how does Axis2 knows
which port to stick in to the "state"? Since the https port can be changed,
how does httpclient find out which one to connect to? Anyway, you guys know
better.
Yes, the 2nd problem lies in httpclient.
Thanks,
Jeff
--
Jeff Ling
Product Solutions Engineer
GOOGLE
Office: (650) 253-3095
Fax: (650) 618-1835
Email: jeffling@google.com
> Axis 2 as a client, access https:// doesn't work
> ------------------------------------------------
>
> Key: AXIS2-2274
> URL: https://issues.apache.org/jira/browse/AXIS2-2274
> Project: Axis 2.0 (Axis2)
> Issue Type: Bug
> Components: transports
> Affects Versions: 1.1
> Reporter: jeff ling
> Assigned To: Saminda Wishwajith Abeyruwan
> Priority: Critical
>
> When the server is IIS, https doesn't work. https itself is supported through Httpclient.
> The credential is put in to "state" as:
> agent.getState().setCredentials(new AuthScope(host, port, realm), creds);
> The problem is that if it's https, real port is implied, and the "port" here is the default "80". However, when the response comes back, the actually port (usually 433) is returned. That caused the credential (provider) not found.
> This is only one of the issues. The credential handling code below is really wrong:
> if (host != null) {
> if (domain != null) {
> /*Credentials for NTLM Authentication*/
> creds = new NTCredentials(username, password, host, domain);
> } else {
> /*Credentials for Digest and Basic Authentication*/
> creds = new UsernamePasswordCredentials(username, password);
> }
> agent.getState().setCredentials(new AuthScope(host, port, realm), creds);
> } else {
> /*Credentials only for Digest and Basic Authentication*/
> creds = new UsernamePasswordCredentials(username, password);
> agent.getState().setCredentials(new AuthScope(AuthScope.ANY), creds);
> }
> First, whether it's basic or Digest is not decided by whether domain name exists, and realm applies to basic and digest, not integrated. If you look at the IIS web server config screen, you will see.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org
[jira] Commented: (AXIS2-2274) Axis 2 as a client, access https://
doesn't work
Posted by "Oleg Kalnichevski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AXIS2-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12477373 ]
Oleg Kalnichevski commented on AXIS2-2274:
------------------------------------------
> In AbstractHttpSender, agent.getState().setCredentials(new AuthScope(host,
> port, realm), creds);
> When it's https, the port value here is 80, for example, contentvm2, 80,
> null. But because it's https, the Httpclient actually tries to connect to
> 443. So the response comes back as contentvm2, 443, null. That caused the
> getCredentials() to return null.
To me this looks like a configuration problem on your side (admittedly I know very little about Axis2 configuration). You should be using contentvm2, 443, null or contentvm2, -1, null as the correct auth scope for your credentials.
> Actually it's not exactly true. In Windows, if a domain user tries to
> authentication using Basic Auth, the domain name is required:
Yes, you are right. This is, however, a problem with HttpClient rather than Axis2. Please consider opening a Jira ticket for this issue in HttpComponents HttpClient. I am in the process of rewriting HTTP authentication code for HttpClient 4.0 and will take this issue on board.
Oleg
> Axis 2 as a client, access https:// doesn't work
> ------------------------------------------------
>
> Key: AXIS2-2274
> URL: https://issues.apache.org/jira/browse/AXIS2-2274
> Project: Axis 2.0 (Axis2)
> Issue Type: Bug
> Components: transports
> Affects Versions: 1.1
> Reporter: jeff ling
> Assigned To: Saminda Wishwajith Abeyruwan
> Priority: Critical
>
> When the server is IIS, https doesn't work. https itself is supported through Httpclient.
> The credential is put in to "state" as:
> agent.getState().setCredentials(new AuthScope(host, port, realm), creds);
> The problem is that if it's https, real port is implied, and the "port" here is the default "80". However, when the response comes back, the actually port (usually 433) is returned. That caused the credential (provider) not found.
> This is only one of the issues. The credential handling code below is really wrong:
> if (host != null) {
> if (domain != null) {
> /*Credentials for NTLM Authentication*/
> creds = new NTCredentials(username, password, host, domain);
> } else {
> /*Credentials for Digest and Basic Authentication*/
> creds = new UsernamePasswordCredentials(username, password);
> }
> agent.getState().setCredentials(new AuthScope(host, port, realm), creds);
> } else {
> /*Credentials only for Digest and Basic Authentication*/
> creds = new UsernamePasswordCredentials(username, password);
> agent.getState().setCredentials(new AuthScope(AuthScope.ANY), creds);
> }
> First, whether it's basic or Digest is not decided by whether domain name exists, and realm applies to basic and digest, not integrated. If you look at the IIS web server config screen, you will see.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org
[jira] Commented: (AXIS2-2274) Axis 2 as a client, access https://
doesn't work
Posted by "jeff ling (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AXIS2-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12477353 ]
jeff ling commented on AXIS2-2274:
----------------------------------
Hi Oleg,
Let me try to clarify it:
1. Https:
In AbstractHttpSender, agent.getState().setCredentials(new AuthScope(host,
port, realm), creds);
When it's https, the port value here is 80, for example, contentvm2, 80,
null. But because it's https, the Httpclient actually tries to connect to
443. So the response comes back as contentvm2, 443, null. That caused the
getCredentials() to return null.
2. >>I personally see no problem with the credential handling code as far as
HttpClient is concerned. NTCredentials is a subclass of
UsernamePasswordCredentials. Therefore it can be used with Basic and Digest
auth schemes. The domain and host attributes will simply have no effect.
Actually it's not exactly true. In Windows, if a domain user tries to
authentication using Basic Auth, the domain name is required:
The auth for basic auth response is: username:password and then base64
encoded. However, if it's domain account, the IIS expects:
domain\username:password and then base64 encoded. If you try to connect to
an IIS based web site using a browser, and then use tcpTrace to monitor it,
you will see what I mean.
Jeff
--
Jeff Ling
Product Solutions Engineer
GOOGLE
Office: (650) 253-3095
Fax: (650) 618-1835
Email: jeffling@google.com
> Axis 2 as a client, access https:// doesn't work
> ------------------------------------------------
>
> Key: AXIS2-2274
> URL: https://issues.apache.org/jira/browse/AXIS2-2274
> Project: Axis 2.0 (Axis2)
> Issue Type: Bug
> Components: transports
> Affects Versions: 1.1
> Reporter: jeff ling
> Assigned To: Saminda Wishwajith Abeyruwan
> Priority: Critical
>
> When the server is IIS, https doesn't work. https itself is supported through Httpclient.
> The credential is put in to "state" as:
> agent.getState().setCredentials(new AuthScope(host, port, realm), creds);
> The problem is that if it's https, real port is implied, and the "port" here is the default "80". However, when the response comes back, the actually port (usually 433) is returned. That caused the credential (provider) not found.
> This is only one of the issues. The credential handling code below is really wrong:
> if (host != null) {
> if (domain != null) {
> /*Credentials for NTLM Authentication*/
> creds = new NTCredentials(username, password, host, domain);
> } else {
> /*Credentials for Digest and Basic Authentication*/
> creds = new UsernamePasswordCredentials(username, password);
> }
> agent.getState().setCredentials(new AuthScope(host, port, realm), creds);
> } else {
> /*Credentials only for Digest and Basic Authentication*/
> creds = new UsernamePasswordCredentials(username, password);
> agent.getState().setCredentials(new AuthScope(AuthScope.ANY), creds);
> }
> First, whether it's basic or Digest is not decided by whether domain name exists, and realm applies to basic and digest, not integrated. If you look at the IIS web server config screen, you will see.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org