[
https://issues.apache.org/jira/browse/CXF-6007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14138961#comment-14138961
]
Dmitriy Fedoriv commented on CXF-6007:
--------------------------------------
Hi Sergey,
Thank you for reply.
>> Can you clarify please which parts of 1) or 2) may be affecting the digest
>> re-try in case of the empty requests ?
Code is responsible for setting the "WWW-Authenticate" header located in method
- authorizationRetransmit(HttpURLConnection connection, Message message,
CacheAndWriteOutputStream cachedStream) line: 1047
If we go up the call stack, we can find that the only one place is it calling
this is the method (1).
So, what I think is wrong that is condition in line: 1448.
if (cachedStream != null || ("GET".equals(connection.getRequestMethod()) &&
getClient().isAutoRedirect())) {
...
connection = processRetransmit(connection, outMessage, cachedStream);
...
}
It allows retransmits (needed for digest authorization) only for HTTP methods
whose body is cached (like POST and PUT) or GET method, provided that the
auto-redirection is enabled.
Code responsible for caching (creating cachedStream) located in the method (2)
line: 1353.
...
if (!"POST".equals(connection.getRequestMethod()) &&
!"PUT".equals(connection.getRequestMethod())) {
return;
}
if (outMessage.get("org.apache.cxf.post.empty") != null) {
return;
}
if (cachingForRetransmission) {
cachedStream = new CacheAndWriteOutputStream(connection.getOutputStream());
wrappedStream = cachedStream;
} else {
wrappedStream = connection.getOutputStream();
}
>>If you had a chance to debug, what is different there when say a POST with
>>body is done, which does make a digest re-try to succeed ?
In this part of code we can see that cachedStream create only for POST and PUT
methods with not empty body. This is the difference.
Thanks and regards,
Dmitriy.
> WebClient does not resend request in Digest authentication for HTTP methods
> GET, HEAD, DELETE, OPTIONS (with no body).
> ----------------------------------------------------------------------------------------------------------------------
>
> Key: CXF-6007
> URL: https://issues.apache.org/jira/browse/CXF-6007
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS, Transports
> Affects Versions: 3.0.0, 3.0.1
> Environment: Windows 7, jdk1.7.0_65, cxf-rt-transports-http: 3.0.x
> Reporter: Dmitriy Fedoriv
>
> Hi guys,
> I try to send DELETE, GET (auto-redirect disabled), HEAD, OPTIONS or any
> other HTTP requests with no body used digest authentication to RESTful
> service. In this case I always get "first" HTTP response with status code 401
> - Unathorized but client does not resend "answer" with "WWW-Authenticate"
> header.
> I had the assumption that the problem arises due to incorrect cache settings
> in methods:
> 1) HTTPConduit.WrappedOutputStream.handleHeadersTrustCaching()
> and
> 2) HTTPConduit.WrappedOutputStream.handleRetransmits()).
> in package org.apache.cxf.transport.http.
> Is there any way to be properly authorized by the service (digest mode) in
> these cases?
> In my application I use, depending on the following versions of products:
> - javax.ws.rs-api: 2.0
> - javax.annotation-api: 1.2
> - cxf-core: 3.0.1
> - cxf-rt-rs-client: 3.0.1
> - cxf-rt-frontend-jaxrs: 3.0.1
> - cxf-rt-transports-http: 3.0.1
> - cxf-rt-transports-http-hc: 3.0.1
> - httpasyncclient: 4.0.1
> - httpclient: 4.3.2
> - httpcore: 4.3.2
> - httpcore-nio:4.3.2
> I look forward to your assistance. Thank you.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
