I've had this same nightmare. Here is what I've learned:
MS SOAP Toolkit does not support cookies or redirects ( they view the
former as unnecessary and the latter as a security issue )
Apache SOAP Toolkit supports cookies but does not support redirects
Systinet SOAP Toolkit supports redirects but not cookies.
I don't get it. They should all support cookies and redirects if you ask
me. This is the basis for any SSO product and some proxy servers.
_______________________
Will Spies
Towers Perrin
Phone: (215)246-7145
e-mail: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
"Brian BBA41 cc: (bcc: Will Spies/Towers
Perrin)
Bannister" Subject: Re: HTTP redirects and SOAP
<bbannister@qanta
s.com.au>
04/02/02 07:35 PM
Please respond to
soap-user
Why don't you set up the servlet to be container protected and allow the
container to do the basic authentication? We do this with weblogic and
apache SOAP and it works well. An unauthenticated user gets a 401
unauthorized and can reply with the basic authentication header. An
unauthenticated user that sends the basic authentication header on first
request gets straight through.
Martin Hubley
<[EMAIL PROTECTED] To:
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
om> cc:
Subject: HTTP redirects and
SOAP
03/04/2002 06:43
Please respond to
soap-user
Hi,
My basic question is does Apache SOAP (or any other SOAP implementation)
support http redirect headers in a response for a client?? The gory details
follow...
We have a setup where I am using the GLUE SOAP servlet as part of a J2EE
ear running in JBoss 2.4.4 (with Tomcat 4.0.1), where the servlet (and our
other servlets) is protected by a custom filter implemented for
single-sign-on purposes. This filter redirects all requests without our
auth cookie to an auth servlet, which requests basic auth from the client,
and which when successful sets a cookie and redirects back to the original
url. When in an Apache SOAP test client and I make a call to the original
URL, i.e. http://localhost:8000/soap/urn:service.wsdl, I get a SOAP fault
back containing the HTTP 302 response from the server (as well as a
SOAPException with an unsupported content type as the HTTP 302 response is
text/html). (This call works fine in the test client if I deploy the
servlet and SOAP implementation without our filters that do the
authentication redirects)
The actual response coming back from our SingleSignOnFilter is a standard
redirect with the URL we want to redirect to for authentication:
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Date: Tue, 02 Apr 2002 19:14:33 GMT
Location:
http://localhost:8080/auth/AuthServlet?ds.sso.return-url=http%3A%2F%2Flocalhost%3A8080%2Fsoap%2Furn%3Aservice
Server: Apache Tomcat/4.0.1 (HTTP/1.1 Connector)
Connection: close
followed by a standard Apache error page containing the 302 info.
Are there any easy ways to do such redirects using Apache SOAP or any other
SOAP implementation? Am I missing something obvious here, i.e. perhaps
there is a way to do redirects in a SOAP message instead of with HTTP
headers? Any help appreciated,
Thanks,
Martin
Qantas
