You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Michael Watson (JIRA)" <ji...@apache.org> on 2013/02/27 03:15:12 UTC
[jira] [Created] (CXF-4858) Maintain Session (Cookie) is not
honoured when using NTLM
Michael Watson created CXF-4858:
-----------------------------------
Summary: Maintain Session (Cookie) is not honoured when using NTLM
Key: CXF-4858
URL: https://issues.apache.org/jira/browse/CXF-4858
Project: CXF
Issue Type: Bug
Components: Transports
Affects Versions: 2.7.3
Environment: Windows Server 2008 R2 Standard SP1 (Client & Server).
JDK6 + 7 both tried (Client).
IIS 7 (Server)
Reporter: Michael Watson
When using the AsyncHTTPConduit in an attempt to authenticate against an IIS based webservice that requires NTLM & an authentication cookie (ASP.NET_SessionId) I see that the NTLM authentication succeeds but because the session cookie is missing the endpoint returns another 401.
I'll attach wireshark output that demonstrates this behaviour.
I've narrowed it down to:
HTTPConduit$WrappedOutputStream#authorizationRetransmit()
where authorizationToken below is always null when using NTLM so it returns false and doesn't continue down to the block of code about 6 lines down that sets the cookies!
String authorizationToken =
authSupplier.getAuthorization(effectiveAthPolicy, currentURI, outMessage,
authHeader.getFullHeader());
if (authorizationToken == null) {
// authentication not possible => we give up
return false;
}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira