Re: Making Axis work with HTTP/Basic authentication and a VB.Net client

Fri, 28 Apr 2006 06:14:44 -0700

My authentication handler is just an modified version of the SimpleAuthenticationHandler that ships with Axis to hit my user table. To be honest, I'm not totally clear on the interaction between that handler and the HttpAuthHandler. My auth handler issues a fault if the user and password are not in the context, and Axis issues a 401 to the client.

On 4/28/06, Kevin O'Rourke <[EMAIL PROTECTED]> wrote:
Thanks for the information.  Just to be sure I understand:
- you have written your own AuthenticationHandler class and added it as
a handler in server-config.wsdd
- you have added the HTTPAuthHandler to the "http" transport flow in
server-config.wsdd
- in your services' .wsdd file you have added the "Authenticate" handler
to the request flow.

Is that correct?

So it looks like I need to write my own handler class to send back a 401
error to the client if no username and password are supplied.

I would have expected that functionality to be part of the
HTTPAuthHandler, seeing as it's a part of HTTP/Basic authentication.

Rich Rodriguez wrote:
> The auth handler I have is defined outside the service as:
>
>     <handler name="Authenticate"
> type="java:my.custom.AuthenticationHandler"/>
>
> The transport request flow is defined as:
>
>        <requestFlow>
>             <handler type="URLMapper"/>
>             <handler
> type="java:org.apache.axis.handlers.http.HTTPAuthHandler"/>
>         </requestFlow>
>
> And each service has a request flow of:
>
>         <requestFlow>
>            <handler type="Authenticate"/>
>         </requestFlow>
>
>
> On 4/27/06, *Kevin O'Rourke* <[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>> wrote:
>
>     I'm trying to do authentication for my Axis web service using HTTP/Basic
>     over SSL, as this seemed to be the easiest option.  The client is
>     written in Visual Basic .Net 2005.
>
>     I've added the HTTPAuthHandler to my WSDD file:
>     ...
>     <service name="NtiAuth" provider="java:RPC">
>       <requestFlow>
>         <handler type="java: org.apache.axis.handlers.http.HTTPAuthHandler"/>
>         <handler type="soapmonitor"/>
>       </requestFlow>
>       <responseFlow>
>         <handler type="java: org.apache.axis.handlers.http.HTTPAuthHandler"/>
>         <handler type="soapmonitor"/>
>       </responseFlow>
>     ...
>
>     However no authentication is happening.  The VB.Net client seems to be
>     waiting for a "401 WWW-Authenticate Basic" error from the server, to
>     indicate that the server wants authentication.  Axis isn't sending a
>     401
>     but is instead just happily giving me a null username and password.
>
>     Does anyone know how I can persuade Axis to send back a 401 error?
>
>     Kevin
>
>


Reply via email to