[
https://issues.apache.org/jira/browse/AXIS2-6055?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17723078#comment-17723078
]
Jakob Reschke commented on AXIS2-6055:
--------------------------------------
We hit the same problem that Axis2 1.8.2 does not do preemptive authentication
anymore, as described in this ticket. On top of that, HttpClient throws a
NonRepeatableRequestException when it tries to do the second HTTP request with
Authorization headers after receiving the initial HTTP 401 response:
{code:java}
org.apache.http.client.ClientProtocolException: null
at
org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:187)
~[httpclient-4.5.13.jar:4.5.13]
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72)
~[httpclient-4.5.13.jar:4.5.13]
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
~[httpclient-4.5.13.jar:4.5.13]
at
org.apache.axis2.transport.http.impl.httpclient4.RequestImpl.execute(RequestImpl.java:210)
~[axis2-transport-http-1.8.2.jar:1.8.2]
at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:194)
~[axis2-transport-http-1.8.2.jar:1.8.2]
at
org.apache.axis2.transport.http.AbstractHTTPTransportSender.writeMessageWithCommons(AbstractHTTPTransportSender.java:386)
~[axis2-transport-http-1.8.2.jar:1.8.2]
at
org.apache.axis2.transport.http.AbstractHTTPTransportSender.invoke(AbstractHTTPTransportSender.java:214)
~[axis2-transport-http-1.8.2.jar:1.8.2]
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:431)
~[axis2-kernel-1.8.2.jar:1.8.2]
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:399)
~[axis2-kernel-1.8.2.jar:1.8.2]
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)
~[axis2-kernel-1.8.2.jar:1.8.2]
at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:150)
~[axis2-kernel-1.8.2.jar:1.8.2]
[ here start the stack frames of the application code, which I cut out to
not reveal details about our customer's code ]
Caused by: org.apache.http.client.NonRepeatableRequestException: Cannot retry
request with a non-repeatable request entity.
at
org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:225)
~[httpclient-4.5.13.jar:4.5.13]
at
org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
~[httpclient-4.5.13.jar:4.5.13]
at
org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
~[httpclient-4.5.13.jar:4.5.13]
at
org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
~[httpclient-4.5.13.jar:4.5.13]
... 45 more {code}
Since the application code does not build the request entity for the
HttpClient, but Axis2 does, I do not see how to get HTTP authentication to work
in the non-preemptive way.
So it looks like, out of the box, Axis2 does not do preemptive authentication,
nor can it do non-preemptive authentication with HttpClient 4 at the moment.
The workaround is to force preemptive authentication with a custom HttpClient,
or with custom headers as shown in the ticket description. Preemptive
authentication is not a secure option everywhere (and may not even be possible
for other HTTP authentication schemes), but it does not concern our use case at
the moment.
If you expect the situation to persist for some time, please consider
documenting the issue and the known workarounds on the Axis2 web pages.
> Basic Auth credentials are missing in request
> ---------------------------------------------
>
> Key: AXIS2-6055
> URL: https://issues.apache.org/jira/browse/AXIS2-6055
> Project: Axis2
> Issue Type: Bug
> Components: TCP transport
> Affects Versions: 1.8.0
> Reporter: Markus I.
> Assignee: Robert Lazarski
> Priority: Major
>
> There is a changed behaviour between Axis2 1.7 and Axis2 1.8 when using the
> preemptive authentication in the HttpTransportPropertiesImpl.Authenticator.
> In Axis2 1.7 following code was used to achive this behaviour:
> _HttpTransportPropertiesImpl.Authenticator auth = new
> HttpTransportPropertiesImpl.Authenticator();_
> _List<String> authpref = new ArrayList<>();_
> _authpref.add(AuthPolicy.BASIC);_
> _auth.setAuthSchemes(authpref);_
> _auth.setUsername("testUser");_
> _auth.setPassword("testUserPassword");_
> _auth.setPreemptiveAuthentication(true);_
>
> _msgContext.setProperty(org.apache.axis2.transport.http.HTTPConstants.AUTHENTICATE,
> auth); //msgContext = org.apache.axis2.context.MessageContext_
> Since Axis2 1.8 the code above does not work anymore, because
> org.apache.axis2.transport.http.HTTPAuthenticator.getPreemptiveAuthentication()
> is not called anymore by the AXIS implementation. Is this an intended
> behaviour or a bug? We are using at the moment Axis2 1.8.2.
> The current workaround for us is to set the header directly as shown in
> following example:
> _List<NamedValue> l = new ArrayList<>();_
> _String credentials = "testUser:testUserPassword";_
> _l.add(new
> NamedValue(org.apache.axis2.kernel.http.HTTPConstants.HEADER_AUTHORIZATION,
> "Basic " + Base64.encode(credentials.getBytes())));_
>
> _msgContext.setProperty(org.apache.axis2.kernel.http.HTTPConstants.HTTP_HEADERS,
> l); //msgContext = org.apache.axis2.context.MessageContext_
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org
