How does one implement session behavior with MS SOAP toolkit without cookies? esp. when talking to an AXIS server?
H > -----Original Message----- > From: Will Spies/Towers Perrin [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, April 03, 2002 3:57 AM > To: [EMAIL PROTECTED] > Subject: Re: HTTP redirects and SOAP > > > > > I've had this same nightmare. Here is what I've learned: > > MS SOAP Toolkit does not support cookies or redirects ( they > view the former as unnecessary and the latter as a security > issue ) Apache SOAP Toolkit supports cookies but does not > support redirects Systinet SOAP Toolkit supports redirects > but not cookies. > > I don't get it. They should all support cookies and redirects > if you ask me. This is the basis for any SSO product and some > proxy servers. > > _______________________ > Will Spies > Towers Perrin > Phone: (215)246-7145 > e-mail: [EMAIL PROTECTED] > > > > > > > > > To: > [EMAIL PROTECTED] > > "Brian BBA41 cc: > (bcc: Will Spies/Towers Perrin) > > Bannister" Subject: Re: > HTTP redirects and SOAP > > <bbannister@qanta > > > s.com.au> > > > > > > 04/02/02 07:35 PM > > > Please respond to > > > soap-user > > > > > > > > > > > > > > Why don't you set up the servlet to be container protected > and allow the container to do the basic authentication? We do > this with weblogic and apache SOAP and it works well. An > unauthenticated user gets a 401 unauthorized and can reply > with the basic authentication header. An unauthenticated user > that sends the basic authentication header on first request > gets straight through. > > > > > Martin Hubley > > <[EMAIL PROTECTED] To: > "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > > om> cc: > > Subject: HTTP > redirects and SOAP > 03/04/2002 06:43 > > Please respond to > > soap-user > > > > > > > > > > Hi, > > My basic question is does Apache SOAP (or any other SOAP > implementation) support http redirect headers in a response > for a client?? The gory details follow... > > We have a setup where I am using the GLUE SOAP servlet as > part of a J2EE ear running in JBoss 2.4.4 (with Tomcat > 4.0.1), where the servlet (and our other servlets) is > protected by a custom filter implemented for single-sign-on > purposes. This filter redirects all requests without our auth > cookie to an auth servlet, which requests basic auth from the > client, and which when successful sets a cookie and redirects > back to the original url. When in an Apache SOAP test client > and I make a call to the original URL, i.e. > http://localhost:8000/soap/urn:service.wsdl, I > get a SOAP > fault back containing the HTTP 302 response from the server > (as well as a SOAPException with an unsupported content type > as the HTTP 302 response is text/html). (This call works fine > in the test client if I deploy the servlet and SOAP > implementation without our filters that do the authentication > redirects) > > The actual response coming back from our SingleSignOnFilter > is a standard redirect with the URL we want to redirect to > for authentication: > > HTTP/1.1 302 Moved Temporarily > Content-Type: text/html > Date: Tue, 02 Apr 2002 19:14:33 GMT > Location: > http://localhost:8080/auth/AuthServlet?ds.sso.return-url=http% 3A%2F%2Flocalhost%3A8080%2Fsoap%2Furn%3Aservice Server: Apache Tomcat/4.0.1 (HTTP/1.1 Connector) Connection: close followed by a standard Apache error page containing the 302 info. Are there any easy ways to do such redirects using Apache SOAP or any other SOAP implementation? Am I missing something obvious here, i.e. perhaps there is a way to do redirects in a SOAP message instead of with HTTP headers? Any help appreciated, Thanks, Martin Qantas
