Michael Watson created CXF-4858:
-----------------------------------
Summary: Maintain Session (Cookie) is not honoured when using NTLM
Key: CXF-4858
URL: https://issues.apache.org/jira/browse/CXF-4858
Project: CXF
Issue Type: Bug
Components: Transports
Affects Versions: 2.7.3
Environment: Windows Server 2008 R2 Standard SP1 (Client & Server).
JDK6 + 7 both tried (Client).
IIS 7 (Server)
Reporter: Michael Watson
When using the AsyncHTTPConduit in an attempt to authenticate against an IIS
based webservice that requires NTLM & an authentication cookie
(ASP.NET_SessionId) I see that the NTLM authentication succeeds but because the
session cookie is missing the endpoint returns another 401.
I'll attach wireshark output that demonstrates this behaviour.
I've narrowed it down to:
HTTPConduit$WrappedOutputStream#authorizationRetransmit()
where authorizationToken below is always null when using NTLM so it returns
false and doesn't continue down to the block of code about 6 lines down that
sets the cookies!
String authorizationToken =
authSupplier.getAuthorization(effectiveAthPolicy, currentURI, outMessage,
authHeader.getFullHeader());
if (authorizationToken == null) {
// authentication not possible => we give up
return false;
}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
