[
https://issues.apache.org/jira/browse/CXF-4858?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13598445#comment-13598445
]
Michael Watson commented on CXF-4858:
-------------------------------------
Hi Daniel,
Just confirming that 2.7.4-SNAPSHOT from the 8th March appears to have resolved
this issue.
Thanks again for your help.
Regards,
Mike
> Maintain Session (Cookie) is not honoured when using NTLM
> ---------------------------------------------------------
>
> Key: CXF-4858
> URL: https://issues.apache.org/jira/browse/CXF-4858
> Project: CXF
> Issue Type: Bug
> Components: Transports
> Affects Versions: 2.7.3
> Environment: Windows Server 2008 R2 Standard SP1 (Client & Server).
> JDK6 + 7 both tried (Client).
> IIS 7 (Server)
> Reporter: Michael Watson
> Assignee: Daniel Kulp
> Fix For: 2.7.4
>
> Attachments: HTTPConduit.diff
>
>
> When using the AsyncHTTPConduit in an attempt to authenticate against an IIS
> based webservice that requires NTLM & an authentication cookie
> (ASP.NET_SessionId) I see that the NTLM authentication succeeds but because
> the session cookie is missing the endpoint returns another 401.
> I'll attach wireshark output that demonstrates this behaviour.
> I've narrowed it down to:
> HTTPConduit$WrappedOutputStream#authorizationRetransmit()
> where authorizationToken below is always null when using NTLM so it returns
> false and doesn't continue down to the block of code about 6 lines down that
> sets the cookies!
> String authorizationToken =
> authSupplier.getAuthorization(effectiveAthPolicy, currentURI, outMessage,
> authHeader.getFullHeader());
> if (authorizationToken == null) {
> // authentication not possible => we give up
> return false;
> }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
