Hello All, I have got a simple question on BASIC authentication on webresources using Tomcat. I had set up this BASIC authentication on tomcat and tomcat[because of my misconfiguration????] seems to authenticate user every time they accesses resource though the client is sending back the jsessionID cookie for session tracking... 2 request-response formats are as follows..Ideally i dont expect it to throw me an unauthorized error for the 2nd request..Can anyone point out what am i doing wrong?? Many Thanks ==== 1st Request ==== POST /WebServiceProject/services/CCIAuthSOAP HTTP/1.0 Content-Type: text/xml; charset=utf-8 Accept: application/soap+xml, application/dime, multipart/related, text/* User-Agent: Axis/1.2.1 Host: localhost:9000 Cache-Control: no-cache Pragma: no-cache SOAPAction: "http://www.example.com/CCIAuth/getCCIUserCredentials"; Content-Length: 294 Authorization: Basic dG9tY2F0OnRvbWNhdA== <?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";><soapenv:Body><getCCIUserCredentials xmlns=""/></soapenv:Body></soapenv:Envelope> ==== 1st Response ==== HTTP/1.1 200 OK Set-Cookie: JSESSIONID=BAADBF8C883BD5E22DA64FE5F26293F7; Path=/WebServiceProject Content-Type: text/xml;charset=utf-8 Date: Sat, 04 Feb 2006 15:24:29 GMT Server: Apache-Coyote/1.1 Connection: close <?xml version="1.0" encoding="utf-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";><soapenv:Body><return xsi:nil="true" xmlns=""/></soapenv:Body></soapenv:Envelope> ==============
==== 2nd Request in same session[Note that iam sending back cookie to server==== POST /WebServiceProject/services/CCIAuthSOAP HTTP/1.0 Content-Type: text/xml; charset=utf-8 Accept: application/soap+xml, application/dime, multipart/related, text/* User-Agent: Axis/1.2.1 Host: localhost:9000 Cache-Control: no-cache Pragma: no-cache SOAPAction: "http://www.example.com/CCIAuth/sendHelloRequest"; Content-Length: 332 Cookie: JSESSIONID=BAADBF8C883BD5E22DA64FE5F26293F7 <?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";><soapenv:Body><sendHelloRequestRequest xmlns="">hello World</sendHelloRequestRequest></soapenv:Body></soapenv:Envelope> ==== 2nd Response in same session==== HTTP/1.1 401 Unauthorized WWW-Authenticate: Basic realm="My Club Members-only Area" Content-Type: text/html;charset=utf-8 Content-Length: 954 Date: Sat, 04 Feb 2006 15:24:29 GMT Server: Apache-Coyote/1.1 Connection: close <html><head><title>Apache Tomcat/5.0.28 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 401 - </h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u></u></p><p><b>description</b> <u>This request requires HTTP authentication ().</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/5.0.28</h3></body></html> ============== --------------------------------- Meet your soulmate! Yahoo! Asia presents Meetic - where millions of singles gather
