Simple. You can't. Not in the MS SOAP Toolkit 2.0SP2 anyway. I even got it
in writing. The following is a response from Microsoft from my question
about why the don't support cookies and redirects.
>>This is so because it is the first version of the product mainly. We
>>saw redirects as a major security risk and cookie as something most Soap
>>applications wouldn't use because we specifically didn't want to support
>>sessions. As I said before, the Wininet connector doesn't have these
>>limitations because it uses the IE http stack instead of HTTPLIB.
>>Soap uses some of the http infrastructure but it isn't a normal http
>>application.
To: <[EMAIL PROTECTED]>
"Hozefa Botee" cc: (bcc: Will Spies/Towers
Perrin)
<hoze@interlacesy Subject: RE: HTTP redirects and SOAP
stems.com>
04/03/02 03:02 PM
Please respond to
soap-user
How does one implement session behavior with MS
SOAP toolkit without cookies? esp. when talking
to an AXIS server?
H
> -----Original Message-----
> From: Will Spies/Towers Perrin [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, April 03, 2002 3:57 AM
> To: [EMAIL PROTECTED]
> Subject: Re: HTTP redirects and SOAP
>
>
>
>
> I've had this same nightmare. Here is what I've learned:
>
> MS SOAP Toolkit does not support cookies or redirects ( they
> view the former as unnecessary and the latter as a security
> issue ) Apache SOAP Toolkit supports cookies but does not
> support redirects Systinet SOAP Toolkit supports redirects
> but not cookies.
>
> I don't get it. They should all support cookies and redirects
> if you ask me. This is the basis for any SSO product and some
> proxy servers.
>
> _______________________
> Will Spies
> Towers Perrin
> Phone: (215)246-7145
> e-mail: [EMAIL PROTECTED]
>
>
>
>
>
>
>
>
> To:
> [EMAIL PROTECTED]
>
> "Brian BBA41 cc:
> (bcc: Will Spies/Towers Perrin)
>
> Bannister" Subject: Re:
> HTTP redirects and SOAP
>
> <bbannister@qanta
>
>
> s.com.au>
>
>
>
>
>
> 04/02/02 07:35 PM
>
>
> Please respond to
>
>
> soap-user
>
>
>
>
>
>
>
>
>
>
>
>
>
> Why don't you set up the servlet to be container protected
> and allow the container to do the basic authentication? We do
> this with weblogic and apache SOAP and it works well. An
> unauthenticated user gets a 401 unauthorized and can reply
> with the basic authentication header. An unauthenticated user
> that sends the basic authentication header on first request
> gets straight through.
>
>
>
>
> Martin Hubley
>
> <[EMAIL PROTECTED] To:
> "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
>
> om> cc:
>
> Subject: HTTP
> redirects and SOAP
> 03/04/2002 06:43
>
> Please respond to
>
> soap-user
>
>
>
>
>
>
>
>
>
> Hi,
>
> My basic question is does Apache SOAP (or any other SOAP
> implementation) support http redirect headers in a response
> for a client?? The gory details follow...
>
> We have a setup where I am using the GLUE SOAP servlet as
> part of a J2EE ear running in JBoss 2.4.4 (with Tomcat
> 4.0.1), where the servlet (and our other servlets) is
> protected by a custom filter implemented for single-sign-on
> purposes. This filter redirects all requests without our auth
> cookie to an auth servlet, which requests basic auth from the
> client, and which when successful sets a cookie and redirects
> back to the original url. When in an Apache SOAP test client
> and I make a call to the original URL, i.e.
> http://localhost:8000/soap/urn:service.wsdl, I > get a SOAP
> fault back containing the HTTP 302 response from the server
> (as well as a SOAPException with an unsupported content type
> as the HTTP 302 response is text/html). (This call works fine
> in the test client if I deploy the servlet and SOAP
> implementation without our filters that do the authentication
> redirects)
>
> The actual response coming back from our SingleSignOnFilter
> is a standard redirect with the URL we want to redirect to
> for authentication:
>
> HTTP/1.1 302 Moved Temporarily
> Content-Type: text/html
> Date: Tue, 02 Apr 2002 19:14:33 GMT
> Location:
> http://localhost:8080/auth/AuthServlet?ds.sso.return-url=http%
3A%2F%2Flocalhost%3A8080%2Fsoap%2Furn%3Aservice
Server: Apache Tomcat/4.0.1 (HTTP/1.1 Connector)
Connection: close
followed by a standard Apache error page containing the 302 info.
Are there any easy ways to do such redirects using Apache SOAP or any
other SOAP implementation? Am I missing something obvious here, i.e.
perhaps there is a way to do redirects in a SOAP message instead of with
HTTP headers? Any help appreciated,
Thanks,
Martin
Qantas
