You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Michael Watson (JIRA)" <ji...@apache.org> on 2013/02/27 03:15:12 UTC

[jira] [Created] (CXF-4858) Maintain Session (Cookie) is not honoured when using NTLM

Michael Watson created CXF-4858:
-----------------------------------

             Summary: Maintain Session (Cookie) is not honoured when using NTLM
                 Key: CXF-4858
                 URL: https://issues.apache.org/jira/browse/CXF-4858
             Project: CXF
          Issue Type: Bug
          Components: Transports
    Affects Versions: 2.7.3
         Environment: Windows Server 2008 R2 Standard SP1 (Client & Server). 
JDK6 + 7 both tried (Client).
IIS 7 (Server)
            Reporter: Michael Watson


When using the AsyncHTTPConduit in an attempt to authenticate against an IIS based webservice that requires NTLM & an authentication cookie (ASP.NET_SessionId) I see that the NTLM authentication succeeds but because the session cookie is missing the endpoint returns another 401.

I'll attach wireshark output that demonstrates this behaviour.

I've narrowed it down to:   
  HTTPConduit$WrappedOutputStream#authorizationRetransmit()
where authorizationToken below is always null when using NTLM so it returns false and doesn't continue down to the block of code about 6 lines down that sets the cookies!

String authorizationToken =   
  authSupplier.getAuthorization(effectiveAthPolicy, currentURI, outMessage,   
                                authHeader.getFullHeader());
if (authorizationToken == null) {
  // authentication not possible => we give up
  return false;
}




--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira