Hello!!
I am using Axis 1.3, tomcat 5.5.12, java 1.5.
I am using client-deploy.wsdd so my axis client can use Http 1.1. I am
also using commonsHTTPclient-3.0-rc4.jar and commonsCodec-1-3.jar.
My web service is using those two handlers for authentication:
<requestFlow name="checks">
<handler
type="java:org.apache.axis.handlers.SimpleAuthenticationHandler"/>
<handler
type="java:org.apache.axis.handlers.SimpleAuthorizationHandler"/>
</requestFlow>.
I also set the userName and password for my Call object. Also set
setMaintainSession(true).
The problem is:
When the client sends the message it is not authorized (HTTP/1.1 401
Unauthorized). But the client sends
automatically the same message again, and now it is authorized.
Running ethereal I saw in the Http Header that in the first message
there is not a "Authorization: Basic + some hexadecimal stuff" entry.
The Http header response has the follow entry: WWW-Authenticate: Basic
realm="AXIS". I did not set this realm at any place (tomcat
configuration file or the axis server side).
At the axis fault string I have: <faultstring>User 'null' not
authenticated (unknown user)</faultstring>.
As I said I set the user name and password (Ah, the user name and
password exists at users.lst). Only one detail. Debugging I saw that
in the messageContext object, at the client side, that the user name
and password were empty. So in my stub I also set userName and
password for the messageContext. See the code below:
_call.getMessageContext().setUsername(userName);
_call.getMessageContext().setPassword(passWord);
The second message, that is the first one sent again, goes with the
Authorization entry at the Http header. The credentials, user name and
password, are correct. So , the message is authorized.
At last, when I use http 1.0 I do not have authentication problem and
duplication of message problem.
With this problem, when I use http 1.1 my web service is slower than
with http 1.0!!
Could anyone help me? What is going on?
Thx,
Fabrizzio Cabral de Lacerda
