I don't know if this is more of a TomCat problem or an Axis problem, but here goes.
I've set up TomCat to do digest authentication for my Axis service, and that is working fine. For example, if I protect all of the axis realm, then I need to supply a userid and password to even see axis/index.html or axis/happyaxis.jsp, and it works fine. Unfortunately, when I try to access my actual service, I get the following response: <h1>RoysSOAPService</h1> <p>Hi there, this is an AXIS service!</p> <i>Perhaps there will be a form for invoking the service here...</i> With authentication disabled, everything is perfect. It's just when I enable authentication that I am prevented from accessing the service. I am calling this from a non-Java client, and am actually building the headers by hand (don't ask-- it's a legacy product), and am thus very aware of everything going on during the transaction. With digest-authentication enabled, I know that I get an initial 401 response from Tomcat, to which I reply with all the proper stuff in the "Authorization:" header line of the subsequent request I send. One thing I notice is that if I use "PUT" as the HTTP method when I am calculating the MD5 hash response, Tomcat refuses to authenticate me. If, however, I use "GET" as my HTTP method when calculating the hash, Tomcat accepts the results. Note that in both cases, I really am doing an HTTP "PUT" in order to call the SOAP service! I suspect that the abovementioned oddity is the source of the problem, since the response get from Axis looks like a default response to a GET request. Anyone have any bright ideas? -Roy "Disclaimer The opinions expressed in this message are strictly personal and do not necessarily reflect those of FiLogix."