2011/11/2 Gary Johnson <[email protected]>: > Hi Aki, > > Thanks for the reply. In a nutshell, WebClient, IE, and Firefox. > During most of development CXF WebClient [.create(baseAddress, USERNAME, > PASSWORD, null) for Basic authentication] was being used and the request > would come in WITH the Authorization header intact. Client and server > were both running inside eclipse. Then I started testing via an external > dev web app that uses .Net facilities to call my web service. That's > when the request started coming WITHOUT the Authorization header, > triggering a 401 response, and causing a 2nd request WITH the > Authorization header. At first I thought it was the .Net code leaving > off the header, but was able to duplicate it using a browser (both IE & > FF) on my machine using the format: > http://<user>:<pwsd>@localhost:9080/MyWebService/... > > > I'm hesitant to ask this group for help because CXF seems to be working > as designed, although at first I thought it wasn't. There are entries in > the archives appearing to have the same problem. Using WireShark the > request is actually coming without the Authorization header. I > appreciate any ideas about how to resolve this problem...Thanks, Gary
In this case, you will need to find out how to enforce your .net client to supply the authentication header in the first message. As you already suspected it, I am not sure if you can get much help from this cxf user list. You might want to google using keyword "preemptive authentication" for .net clients or ask this question at the msdn .net user list. I found the following article using google: http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/a29dcd58-131a-4503-988d-60c03afaf5d8/ This might help. If not, you will need to look further. regards, aki > > -----Original Message----- > From: Aki Yoshida [mailto:[email protected]] > Sent: Wednesday, November 02, 2011 8:38 AM > To: [email protected] > Subject: Re: JAX-RS InInterceptor AuthorizationPolicy is Null > > Hi, > what is your http client? Some clients need to explicitly enable this > kind of preemptive authentication mode. > > regards, Aki > > > 2011/10/28 Gary Johnson <[email protected]>: >> Hello All, >> >> I've been developing a RESTful web service by extending >> CXFNonSpringJaxrsServlet and running in Tomcat 7. Configured in > web.xml >> is a jaxrs.inInterceptors init-param for an authorization class set to >> run in the RECEIVE phase. All development so far has been within > eclipse >> using WebClient for testing and going well. Getting the >> AuthorizationPolicy from the Message passed in to handleMessage(...) >> in my AuthorizationInterceptor (based on code at >> http://chrisdail.com/download/BasicAuthAuthorizationInterceptor.java) >> was working perfectly in my local development environment. Then I >> started testing from a browser thru a web server configured to route >> https requests to my WS. The request always arrives with the >> Authorization header missing making the AuthorizationPolicy null. A > 401 >> is returned by my interceptor and immediately followed by a request >> with the Authorization header and everything works fine. >> I've seen several entries inquiring about the same or similar > situation, >> but have not seen or found a solution. Does anyone have a clue as to > why >> this is happening and/or how to deal with it? ...Thanks, Gary >> >> >
