[jira] [Commented] (AXIS2-6023) Basic Auth creds missing if target auth not required

Thu, 13 Jan 2022 08:34:09 -0800 


    [ 
https://issues.apache.org/jira/browse/AXIS2-6023?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17475524#comment-17475524
 ] 

Robert Lazarski commented on AXIS2-6023:
----------------------------------------

I suspect this is handled by the Apache httpclient 4.x libs automatically.

There is probably a way to force the request to send credentials but we'd have 
to specifically override the default httpclient 4.x configuration with your own 
supplied one via CACHED_HTTP_CLIENT like so - depends on how you invoke the 
ServiceClient: 

getServiceClient().getOptions().setProperty(HTTPConstants.CACHED_HTTP_CLIENT, 
myHttpClient);

I am actually working on some of this stuff now for documentation improvements 
regarding SSL as some of that is stale now in httpclient 4.x. Looks like the 
basic auth docs need an update too.

 

> Basic Auth creds missing if target auth not required
> ----------------------------------------------------
>
>                 Key: AXIS2-6023
>                 URL: https://issues.apache.org/jira/browse/AXIS2-6023
>             Project: Axis2
>          Issue Type: Bug
>    Affects Versions: 1.8.0
>            Reporter: Rod
>            Priority: Major
>
> This might be working as designed, but there's a clear change in behavior 
> between Axis2 v1.7.9 and v1.8.0 which is affecting functionality dependent on 
> client provided username:
> WSDL generated client provides basic auth credentials as such:
>   Options opt = thestub._getServiceClient().getOptions();
>   HttpTransportPropertiesImpl.Authenticator basicAuth = new 
> HttpTransportPropertiesImpl.Authenticator();
>   basicAuth.setUsername(user);
>   basicAuth.setPassword(pass);
>   basicAuth.setPreemptiveAuthentication(true);
>   opt.setProperty(HTTPConstants.AUTHENTICATE, basicAuth);
>   opt.setProperty(HttpTransportPropertiesImpl.Authenticator.BASIC, basicAuth);
>         
> opt.setProperty(org.apache.axis2.transport.http.HTTPConstants.CHUNKED, 
> Boolean.FALSE);
>         thestub._getServiceClient().setOptions(opt);
> If targeting Axis2 v1.7.9, the user/pass basicAuth is received by target 
> service, however, in v1.8.0 it is not.
> After looking around deep in org.apache.axis2.transport.http, it appears this 
> might be occurring if the target endpoint doesn't require authentication. 
> Is this by design? Is there a known way to force the transmission of 
> credentials?
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org

Reply via email to