Re: HTTP redirects and SOAP

Tue, 02 Apr 2002 16:11:20 -0800 


Why don't you set up the servlet to be container protected and allow the
container to do the basic authentication? We do this with weblogic and
apache SOAP and it works well. An unauthenticated user gets a 401
unauthorized and can reply with the basic authentication header. An
unauthenticated user that sends the basic authentication header on first
request gets straight through.



                                                                                       
                                                
                      Martin Hubley                                                    
                                                
                      <[EMAIL PROTECTED]        To:       "'[EMAIL PROTECTED]'" 
<[EMAIL PROTECTED]>                       
                      om>                      cc:                                     
                                                
                                               Subject:  HTTP redirects and SOAP       
                                                
                      03/04/2002 06:43                                                 
                                                
                      Please respond to                                                
                                                
                      soap-user                                                        
                                                
                                                                                       
                                                
                                                                                       
                                                






Hi,

My basic question is does Apache SOAP (or any other SOAP implementation)
support http redirect headers in a response for a client?? The gory details
follow...

We have a setup where I am using the GLUE SOAP servlet as part of a J2EE
ear running in JBoss 2.4.4 (with Tomcat 4.0.1), where the servlet (and our
other servlets) is protected by a custom filter implemented for
single-sign-on purposes. This filter redirects all requests without our
auth cookie to an auth servlet, which requests basic auth from the client,
and which when successful sets a cookie and redirects back to the original
url. When in an Apache SOAP test client and I make a call to the original
URL, i.e. http://localhost:8000/soap/urn:service.wsdl, I get a SOAP fault
back containing the HTTP 302 response from the server (as well as a
SOAPException with an unsupported content type as the HTTP 302 response is
text/html). (This call works fine in the test client if I deploy the
servlet and SOAP implementation without our filters that do the
authentication redirects)

The actual response coming back from our SingleSignOnFilter is a standard
redirect with the URL we want to redirect to for authentication:

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Date: Tue, 02 Apr 2002 19:14:33 GMT
Location:
http://localhost:8080/auth/AuthServlet?ds.sso.return-url=http%3A%2F%2Flocalhost%3A8080%2Fsoap%2Furn%3Aservice

Server: Apache Tomcat/4.0.1 (HTTP/1.1 Connector)
Connection: close

followed by a standard Apache error page containing the 302 info.

Are there any easy ways to do such redirects using Apache SOAP or any other
SOAP implementation? Am I missing something obvious here, i.e. perhaps
there is a way to do redirects in a SOAP message instead of with HTTP
headers? Any help appreciated,

Thanks,

Martin






Qantas

Reply via email to