RE: Error in AbstractHTTPDestination.setHeaders,AbstractHTTPDestination.setHeaders

Fri, 21 Mar 2008 08:31:13 -0700 

Glen,

Thanks again for your help.  I downloaded the source and looked at it 
before going through the laborious task of setting up for remote
debugging.

I can see the the issue is the code in AbstractHTTPDestination always 
assumes the value of the "Authorization" header will always be a base64
encoded "username:password" value -- in my case, we use Siteminder
authentication,
so sometimes the value of the "Authorization" header is just the base64
encoded
username -- without a colon and password, i.e. no ":passw", which
exactly
explains this array index out of bounds exception. 

The workaround is, I'm going to tell my users to log out of Siteminder
and re-authenticate, such that the "Authorization" header always has
both
pieces in the value. 

I would like to present a patch for the case where the "Authorization" 
header value does not contain a colon character, even for "Basic"
type of authentication, but I'm not sure special accomodation would be
made for Siteminder, unelss the RFC for Basic authentication says the
"Authorization" header may contain just an encoded username in certain 
circumstances.

 
    -Chris

-----Original Message-----
From: Glen Mazza [mailto:[EMAIL PROTECTED] 
Sent: Friday, March 21, 2008 7:12 AM
To: [email protected]
Subject: Re: Error in
AbstractHTTPDestination.setHeaders,AbstractHTTPDestination.setHeaders

Am Freitag, den 21.03.2008, 01:27 -0400 schrieb Wolf, Chris (IT):
> If I run my service inside a Tomcat-5.5 runtime configured in 
> Eclipse-3.2, all works fine.
> I run the very same code, deployed on Tomcat-5.5 on Linux, I get this 
> error.
> If anyone can suggest something short of debuggin the CXF source, that

> would be great.  I am using 2.0.4.
> 

If nobody else can answer your question, time to debug the CXF source:

http://www.jroller.com/gmazza/date/20071212

Step #5 would probably be most important for you.

Glen
--------------------------------------------------------

NOTICE: If received in error, please destroy and notify sender. Sender does not 
intend to waive confidentiality or privilege. Use of this email is prohibited 
when received in error.

Reply via email to