Hi Aki, Thanks for the reply. In a nutshell, WebClient, IE, and Firefox. During most of development CXF WebClient [.create(baseAddress, USERNAME, PASSWORD, null) for Basic authentication] was being used and the request would come in WITH the Authorization header intact. Client and server were both running inside eclipse. Then I started testing via an external dev web app that uses .Net facilities to call my web service. That's when the request started coming WITHOUT the Authorization header, triggering a 401 response, and causing a 2nd request WITH the Authorization header. At first I thought it was the .Net code leaving off the header, but was able to duplicate it using a browser (both IE & FF) on my machine using the format: http://<user>:<pwsd>@localhost:9080/MyWebService/...
I'm hesitant to ask this group for help because CXF seems to be working as designed, although at first I thought it wasn't. There are entries in the archives appearing to have the same problem. Using WireShark the request is actually coming without the Authorization header. I appreciate any ideas about how to resolve this problem...Thanks, Gary -----Original Message----- From: Aki Yoshida [mailto:[email protected]] Sent: Wednesday, November 02, 2011 8:38 AM To: [email protected] Subject: Re: JAX-RS InInterceptor AuthorizationPolicy is Null Hi, what is your http client? Some clients need to explicitly enable this kind of preemptive authentication mode. regards, Aki 2011/10/28 Gary Johnson <[email protected]>: > Hello All, > > I've been developing a RESTful web service by extending > CXFNonSpringJaxrsServlet and running in Tomcat 7. Configured in web.xml > is a jaxrs.inInterceptors init-param for an authorization class set to > run in the RECEIVE phase. All development so far has been within eclipse > using WebClient for testing and going well. Getting the > AuthorizationPolicy from the Message passed in to handleMessage(...) > in my AuthorizationInterceptor (based on code at > http://chrisdail.com/download/BasicAuthAuthorizationInterceptor.java) > was working perfectly in my local development environment. Then I > started testing from a browser thru a web server configured to route > https requests to my WS. The request always arrives with the > Authorization header missing making the AuthorizationPolicy null. A 401 > is returned by my interceptor and immediately followed by a request > with the Authorization header and everything works fine. > I've seen several entries inquiring about the same or similar situation, > but have not seen or found a solution. Does anyone have a clue as to why > this is happening and/or how to deal with it? ...Thanks, Gary > >
