Hi
Why can't the server return WWW-Authenticate ?
Cheers, Sergey
On 25/10/16 11:04, Konrad Windszus wrote:
Thanks for that tip. Unfortunately my custom HttpAuthSupplier is only called
once (before the request is triggered). No matter whether I return null or the
empty string in my getAuthorization method my HttpAuthSupplier is not called a
second time. The reason is that the underlying close method on the HTTPConduit
is never called, therefore handleRetransmits on the WrappedOutputStream is
never called.
What am I doing wrong?
In my case there is no WWW-Authorize response header being used but just a
plain 401 status to indicate that authentication should be triggered.
Internally I am using a JAX-RS Client proxy which always fails with
javax.ws.rs.NotAuthorizedException: HTTP 401 Unauthorized
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at
org.apache.cxf.jaxrs.client.AbstractClient.convertToWebApplicationException(AbstractClient.java:504)
at
org.apache.cxf.jaxrs.client.ClientProxyImpl.checkResponse(ClientProxyImpl.java:314)
at
org.apache.cxf.jaxrs.client.ClientProxyImpl.handleResponse(ClientProxyImpl.java:793)
at
org.apache.cxf.jaxrs.client.ClientProxyImpl.doChainedInvocation(ClientProxyImpl.java:755)
at
org.apache.cxf.jaxrs.client.ClientProxyImpl.invoke(ClientProxyImpl.java:228)
...
Thanks for any help,
Konrad
On 19 Oct 2016, at 12:32, Sergey Beryozkin <[email protected]> wrote:
Hi
AFAIK, CXF HttpConduit will attempt a re-transmit if 401 is returned and a
custom CXF HttpAuthSupplier is registered.
For example, see
https://github.com/apache/cxf/blob/master/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/BearerAuthSupplier.java
In your custom supplier you'd override:
public String getAuthorization(AuthorizationPolicy authPolicy,
URI currentURI,
Message message,
String fullHeader) {}
perhaps you'd do the extra calls inside this method before returning the final
Authorization value for the original request to continue
Sergey
On 17/10/16 08:45, Konrad Windszus wrote:
I want to call a ReST web service with a JAX-RS client based on CXF. That web
service has a custom authentication based on cookies and challenge/response
authentication. To get authenticated (i.e. whenever a regular call returns a
401) a dedicated GET request must be issued to get the challenge, and then an
additional POST request to authenticate the user (and get back an
authentication token as cookie). Instead of doing the authentication explicitly
I would rather call that whenever necessary (to also deal with cases where
previous authentication became invalid), i.e. as Interceptor or as Filter. The
question is, how do I retrigger the original request once the user has been
successfully authenticated in a ClientResponseFilter or Interceptor in case a
401?
Has someone ever implemented something like this?
Thanks,
Konrad
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
