You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Michael Watson (JIRA)" <ji...@apache.org> on 2013/02/27 23:37:12 UTC
[jira] [Updated] (CXF-4858) Maintain Session (Cookie) is not
honoured when using NTLM
[ https://issues.apache.org/jira/browse/CXF-4858?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Watson updated CXF-4858:
--------------------------------
Attachment: HTTPConduit.diff
Diff as shown in comments.
> Maintain Session (Cookie) is not honoured when using NTLM
> ---------------------------------------------------------
>
> Key: CXF-4858
> URL: https://issues.apache.org/jira/browse/CXF-4858
> Project: CXF
> Issue Type: Bug
> Components: Transports
> Affects Versions: 2.7.3
> Environment: Windows Server 2008 R2 Standard SP1 (Client & Server).
> JDK6 + 7 both tried (Client).
> IIS 7 (Server)
> Reporter: Michael Watson
> Attachments: HTTPConduit.diff
>
>
> When using the AsyncHTTPConduit in an attempt to authenticate against an IIS based webservice that requires NTLM & an authentication cookie (ASP.NET_SessionId) I see that the NTLM authentication succeeds but because the session cookie is missing the endpoint returns another 401.
> I'll attach wireshark output that demonstrates this behaviour.
> I've narrowed it down to:
> HTTPConduit$WrappedOutputStream#authorizationRetransmit()
> where authorizationToken below is always null when using NTLM so it returns false and doesn't continue down to the block of code about 6 lines down that sets the cookies!
> String authorizationToken =
> authSupplier.getAuthorization(effectiveAthPolicy, currentURI, outMessage,
> authHeader.getFullHeader());
> if (authorizationToken == null) {
> // authentication not possible => we give up
> return false;
> }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira