You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Miller, Gerald" <Ge...@Vistronix.com> on 2015/08/20 21:28:02 UTC
RE: HTTP Authenticate ignored by Tomcat 7 (Windows)
Follow-up: I reviewed the logs and saw a number of requests coming from localhost, where I had run experimental queries to the exact same service. I also confirmed through Rawcap that they were using the same Authorization header field. The only one receiving the 401 status was the one coming from the VM, using the host IP address and port in place of localhost and port.
From: Miller, Gerald
Sent: Thursday, August 20, 2015 2:27 PM
To: 'users@tomcat.apache.org' <us...@tomcat.apache.org>
Subject: HTTP Authenticate ignored by Tomcat 7 (Windows)
I had previously set up Tomcat 8 on an Ubuntu VM, communicating over localhost, and was able to authenticate to the server by intercepting calls to soap_put_header() and inserting
Authorization: Basic dG9tY2F0OnRvbWNhdAo=
After setting up Tomcat 7 in Windows and running tcpdump in Ubuntu (no longer using localhost, obviously) to diagnose the HTTP/1.1 401, I find that although my request header field is still intact, it's apparently being ignored, and I get a WWW-Authenticate in the response header. Why this apparently inconsistent behavior?
I chose Tomcat 8 initially, because it was the most current version, but after rereading the README for the projects to be supported and seeing all kinds of Java errors, I switched to version 7, so apparently there are issues with war file support through the Metro library as well.
Re: HTTP Authenticate ignored by Tomcat 7 (Windows)
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Gerald,
On 8/20/15 3:28 PM, Miller, Gerald wrote:
> Follow-up:
(Weird... I never got the first message. Thanks for including it. I'm
going to re-arrange the message so it's not in top-posting form.)
> I had previously set up Tomcat 8 on an Ubuntu VM, communicating
> over localhost, and was able to authenticate to the server by
> intercepting calls to soap_put_header() and inserting
> Authorization: Basic dG9tY2F0OnRvbWNhdAo=
Where were you intercepting those calls to soap_put_header()? That's
not a Tomcat thing.
> After setting up Tomcat 7 in Windows and running tcpdump in Ubuntu
> (no longer using localhost, obviously) to diagnose the HTTP/1.1
> 401, I find that although my request header field is still intact,
> it's apparently being ignored, and I get a WWW-Authenticate in the
> response header. Why this apparently inconsistent behavior?
So you are making an HTTP request that includes an Authorization:
header and you get a 401 with a WWW-Authenticate: header in the
response? Silly question... are you using valid credentials? Is this
HTTP BASIC or HTTP DIGEST?
> I chose Tomcat 8 initially, because it was the most current
> version, but after rereading the README for the projects to be
> supported
What README file with "projects to be supported"?
> and seeing all kinds of Java errors
Like what?
Any web application that can be deployed on Tomcat 7 should be able to
be deployed on Tomcat 8 as well.
> I switched to version 7, so apparently there are issues with war
> file support through the Metro library as well.
I'm completely and totally lost at this point. Metro supports WAR
files? Metro is a library? I thought Metro was an attempt to get
desktop users to run applications full-screen as if they were tablets...
> * Follow-up * I reviewed the logs and saw a number of requests
> coming from localhost, where I had run experimental queries to the
> exact same service. I also confirmed through Rawcap that they were
> using the same Authorization header field. The only one receiving
> the 401 status was the one coming from the VM, using the host IP
> address and port in place of localhost and port.
So where is the VM?
Are you saying that if you run a unit test from localhost it always
works (regardless of which localhost that is... the Windows host or
the Linux host) and when you make the request remotely (non-localhost)
it never works?
Tomcat usually doesn't care whence the request comes. Are there any
other components that we don't know about?
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJV1kksAAoJEBzwKT+lPKRYn7kQAL47l1Z1iTWh1MZvgYXpBqkH
KbF6syxbu6t7ujc7mj0XT5IdX8u2mj3jZ+MoYdrqgr+/tmEKRwwiOpOeNN5d9hmx
yfFE6ksTODLNpI517GWqTGlb7zFSlzqFHIePHXhYvJCjPW+S1+V4RL7iGMh7/HVy
GDk2wEQv0olBV3WxJkViXwa6Ro7g8ZpmCR6XvNCjpYvrBT7rBu88JlrN3M70iHjw
Vw26CqmPrSCjrpONGfKikUtiSpILWqJ9afOK0sVSC8Gay/eyaYX10eShHUoUkWSq
rIsdm3cFMwx0DTT/rVSEfm04n0kidb4fRkifqSm0ODxx4prEVd/EQg8KmMcveaXh
4jYc37gnm7mWf//IwJSz0tUUNm3j53TIrfFCiIdazTHcUkp4Eda3wT0zsYkqN/fn
ivOthYNuejF1DHvsub7WAREvRXN7ZkrER62G/Lm6EjC3m3rMuoLNLZa17+iH0A6y
LZ5jy3/JXuWEX97BBK9mV93bUAPGhxs9wBV+vzYzfjwF/z2rc41+71qnrcRauXzs
kD8hvA2eqexgf1E9g6yaYShBstBLFgmXluPjwZEYfW1KK/pAey6+TCJFTyOXf0eG
0rH8Zw8xGV6BMke/Ng4r1XQ87h2NozR46gzxXZWkkgTQNZAXpzkuDlPBUkr+70FJ
ITA6nPraksC0LxWCcfss
=IW2n
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org