[
https://issues.apache.org/jira/browse/CXF-4858?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13588864#comment-13588864
]
Michael Watson commented on CXF-4858:
-------------------------------------
Simple fix for this appears to be to remove the check for authorizationToken ==
null that returns false ahead of setting the cookies.
This may have an impact on the scenario where authentication is genuinly not
possible (ie NTLM is not in play) but I'd expect that to at least be caught by
the checks on the number of re-transmits sent.
I've patched and tested this locally and I can now authenticate successfully
with NTLM where an authentication cookie is required.
Here's the diff of what I changed to test:
### Eclipse Workspace Patch 1.0
#P cxf-rt-transports-http
Index: src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
===================================================================
--- src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
(revision 1450581)
+++ src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
(working copy)
@@ -1448,10 +1448,10 @@
String authorizationToken =
authSupplier.getAuthorization(
effectiveAthPolicy, currentURI, outMessage,
authHeader.getFullHeader());
- if (authorizationToken == null) {
- // authentication not possible => we give up
- return false;
- }
+// if (authorizationToken == null) {
+// // authentication not possible => we give up
+// return false;
+// }
try {
closeInputStream();
Any chance this fix can get in to 2.8.0 (or 2.7.4 if such a version is created)?
> Maintain Session (Cookie) is not honoured when using NTLM
> ---------------------------------------------------------
>
> Key: CXF-4858
> URL: https://issues.apache.org/jira/browse/CXF-4858
> Project: CXF
> Issue Type: Bug
> Components: Transports
> Affects Versions: 2.7.3
> Environment: Windows Server 2008 R2 Standard SP1 (Client & Server).
> JDK6 + 7 both tried (Client).
> IIS 7 (Server)
> Reporter: Michael Watson
>
> When using the AsyncHTTPConduit in an attempt to authenticate against an IIS
> based webservice that requires NTLM & an authentication cookie
> (ASP.NET_SessionId) I see that the NTLM authentication succeeds but because
> the session cookie is missing the endpoint returns another 401.
> I'll attach wireshark output that demonstrates this behaviour.
> I've narrowed it down to:
> HTTPConduit$WrappedOutputStream#authorizationRetransmit()
> where authorizationToken below is always null when using NTLM so it returns
> false and doesn't continue down to the block of code about 6 lines down that
> sets the cookies!
> String authorizationToken =
> authSupplier.getAuthorization(effectiveAthPolicy, currentURI, outMessage,
> authHeader.getFullHeader());
> if (authorizationToken == null) {
> // authentication not possible => we give up
> return false;
> }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
