I don't know if this is more of a TomCat problem or an Axis problem, but
here goes.
I've set up TomCat to do digest authentication for my Axis service, and
that is working fine. For example, if I protect all of the axis realm,
then I need to supply a userid and password to even see axis/index.html
or axis/happyaxis.jsp, and it works fine.
Unfortunately, when I try to access my actual service, I get the
following response:
<h1>RoysSOAPService</h1>
<p>Hi there, this is an AXIS service!</p>
<i>Perhaps there will be a form for invoking the service here...</i>
With authentication disabled, everything is perfect. It's just when I
enable authentication that I am prevented from accessing the service.
I am calling this from a non-Java client, and am actually building the
headers by hand (don't ask-- it's a legacy product), and am thus very
aware of everything going on during the transaction. With
digest-authentication enabled, I know that I get an initial 401 response
from Tomcat, to which I reply with all the proper stuff in the
"Authorization:" header line of the subsequent request I send.
One thing I notice is that if I use "PUT" as the HTTP method when I am
calculating the MD5 hash response, Tomcat refuses to authenticate me.
If, however, I use "GET" as my HTTP method when calculating the hash,
Tomcat accepts the results. Note that in both cases, I really am doing
an HTTP "PUT" in order to call the SOAP service!
I suspect that the abovementioned oddity is the source of the problem,
since the response get from Axis looks like a default response to a GET
request.
Anyone have any bright ideas?
-Roy
"Disclaimer The opinions expressed in this message are strictly
personal and do not necessarily reflect those of FiLogix."
