Hi, what is your http client? Some clients need to explicitly enable this kind of preemptive authentication mode.
regards, Aki 2011/10/28 Gary Johnson <[email protected]>: > Hello All, > > I've been developing a RESTful web service by extending > CXFNonSpringJaxrsServlet and running in Tomcat 7. Configured in web.xml > is a jaxrs.inInterceptors init-param for an authorization class set to > run in the RECEIVE phase. All development so far has been within eclipse > using WebClient for testing and going well. Getting the > AuthorizationPolicy from the Message passed in to handleMessage(...) > in my AuthorizationInterceptor (based on code at > http://chrisdail.com/download/BasicAuthAuthorizationInterceptor.java) > was working perfectly in my local development environment. Then I > started testing from a browser thru a web server configured to route > https requests to my WS. The request always arrives with the > Authorization header missing making the AuthorizationPolicy null. A 401 > is returned by my interceptor and immediately followed by a request > with the Authorization header and everything works fine. > I've seen several entries inquiring about the same or similar situation, > but have not seen or found a solution. Does anyone have a clue as to why > this is happening and/or how to deal with it? ...Thanks, Gary > >
