Unfortunately for reasons which are too long to go into here, we can't do that. Basically we are trying to have container-independent authentication and authorization using a mix of programmatic authentication and JAAS (container-specific module) for authorization. Don't ask why!
Thanks,
Martin
> -----Original Message-----
> From: Brian BBA41 Bannister [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, April 02, 2002 7:36 PM
> To: [EMAIL PROTECTED]
> Subject: Re: HTTP redirects and SOAP
>
>
>
> Why don't you set up the servlet to be container protected
> and allow the
> container to do the basic authentication? We do this with weblogic and
> apache SOAP and it works well. An unauthenticated user gets a 401
> unauthorized and can reply with the basic authentication header. An
> unauthenticated user that sends the basic authentication
> header on first
> request gets straight through.
>
>
>
>
>
>
> Martin Hubley
>
>
> <[EMAIL PROTECTED] To:
> "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
>
> om> cc:
>
>
> Subject: HTTP
> redirects and SOAP
>
> 03/04/2002 06:43
>
>
> Please respond to
>
>
> soap-user
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Hi,
>
> My basic question is does Apache SOAP (or any other SOAP
> implementation)
> support http redirect headers in a response for a client??
> The gory details
> follow...
>
> We have a setup where I am using the GLUE SOAP servlet as
> part of a J2EE
> ear running in JBoss 2.4.4 (with Tomcat 4.0.1), where the
> servlet (and our
> other servlets) is protected by a custom filter implemented for
> single-sign-on purposes. This filter redirects all requests
> without our
> auth cookie to an auth servlet, which requests basic auth
> from the client,
> and which when successful sets a cookie and redirects back to
> the original
> url. When in an Apache SOAP test client and I make a call to
> the original
> URL, i.e. http://localhost:8000/soap/urn:service.wsdl, I get
> a SOAP fault
> back containing the HTTP 302 response from the server (as well as a
> SOAPException with an unsupported content type as the HTTP
> 302 response is
> text/html). (This call works fine in the test client if I deploy the
> servlet and SOAP implementation without our filters that do the
> authentication redirects)
>
> The actual response coming back from our SingleSignOnFilter
> is a standard
> redirect with the URL we want to redirect to for authentication:
>
> HTTP/1.1 302 Moved Temporarily
> Content-Type: text/html
> Date: Tue, 02 Apr 2002 19:14:33 GMT
> Location:
> http://localhost:8080/auth/AuthServlet?ds.sso.return-url=http%
> 3A%2F%2Flocalhost%3A8080%2Fsoap%2Furn%3Aservice
>
> Server: Apache Tomcat/4.0.1 (HTTP/1.1 Connector)
> Connection: close
>
> followed by a standard Apache error page containing the 302 info.
>
> Are there any easy ways to do such redirects using Apache
> SOAP or any other
> SOAP implementation? Am I missing something obvious here, i.e. perhaps
> there is a way to do redirects in a SOAP message instead of with HTTP
> headers? Any help appreciated,
>
> Thanks,
>
> Martin
>
>
>
>
>
>
> Qantas
>
