[jira] [Commented] (AXIS2-6023) Basic Auth creds missing if target auth not required

Fri, 14 Jan 2022 13:45:04 -0800 


    [ 
https://issues.apache.org/jira/browse/AXIS2-6023?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17476444#comment-17476444
 ] 

Rod commented on AXIS2-6023:
----------------------------

Thanks [~robertlazarski].

I ended up creating the httpclient with a custom reemptiveAuthInterceptor and 
setting that client as you described. However I'm wondering if this could be 
abstracted out within the Axis2 client code, perhaps based on a client option 
for preemtauth?

> Basic Auth creds missing if target auth not required
> ----------------------------------------------------
>
>                 Key: AXIS2-6023
>                 URL: https://issues.apache.org/jira/browse/AXIS2-6023
>             Project: Axis2
>          Issue Type: Bug
>    Affects Versions: 1.8.0
>            Reporter: Rod
>            Priority: Major
>
> This might be working as designed, but there's a clear change in behavior 
> between Axis2 v1.7.9 and v1.8.0 which is affecting functionality dependent on 
> client provided username:
> WSDL generated client provides basic auth credentials as such:
>   Options opt = thestub._getServiceClient().getOptions();
>   HttpTransportPropertiesImpl.Authenticator basicAuth = new 
> HttpTransportPropertiesImpl.Authenticator();
>   basicAuth.setUsername(user);
>   basicAuth.setPassword(pass);
>   basicAuth.setPreemptiveAuthentication(true);
>   opt.setProperty(HTTPConstants.AUTHENTICATE, basicAuth);
>   opt.setProperty(HttpTransportPropertiesImpl.Authenticator.BASIC, basicAuth);
>         
> opt.setProperty(org.apache.axis2.transport.http.HTTPConstants.CHUNKED, 
> Boolean.FALSE);
>         thestub._getServiceClient().setOptions(opt);
> If targeting Axis2 v1.7.9, the user/pass basicAuth is received by target 
> service, however, in v1.8.0 it is not.
> After looking around deep in org.apache.axis2.transport.http, it appears this 
> might be occurring if the target endpoint doesn't require authentication. 
> Is this by design? Is there a known way to force the transmission of 
> credentials?
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to