>Use POST? I *am* using POST when I do the actual transaction.
When I calculate the MD5 hash of the authentication info, I have to pass in "GET" to my hashing function or Tomcat rejects the results. Believe me-- I tried, and I just get back an endless stream of non-helpful 401 replies, each with a new nonce. :-( -Roy > >On Wed, 2003-01-29 at 14:51, Roy Wood wrote: >> I don't know if this is more of a TomCat problem or an Axis problem, but >> here goes. >> >> I've set up TomCat to do digest authentication for my Axis service, and >> that is working fine. For example, if I protect all of the axis realm, >> then I need to supply a userid and password to even see axis/index.html >> or axis/happyaxis.jsp, and it works fine. >> >> Unfortunately, when I try to access my actual service, I get the >> following response: >> >> <h1>RoysSOAPService</h1> >> <p>Hi there, this is an AXIS service!</p> >> <i>Perhaps there will be a form for invoking the service here...</i> >> >> >> With authentication disabled, everything is perfect. It's just when I >> enable authentication that I am prevented from accessing the service. >> >> I am calling this from a non-Java client, and am actually building the >> headers by hand (don't ask-- it's a legacy product), and am thus very >> aware of everything going on during the transaction. With >> digest-authentication enabled, I know that I get an initial 401 response >> from Tomcat, to which I reply with all the proper stuff in the >> "Authorization:" header line of the subsequent request I send. >> >> One thing I notice is that if I use "PUT" as the HTTP method when I am >> calculating the MD5 hash response, Tomcat refuses to authenticate me. >> If, however, I use "GET" as my HTTP method when calculating the hash, >> Tomcat accepts the results. Note that in both cases, I really am doing >> an HTTP "PUT" in order to call the SOAP service! >> >> I suspect that the abovementioned oddity is the source of the problem, >> since the response get from Axis looks like a default response to a GET >> request. >> >> >> Anyone have any bright ideas? >> >> >> -Roy >> >> >> >> >> "Disclaimer The opinions expressed in this message are strictly >> personal and do not necessarily reflect those of FiLogix." >> > > "Disclaimer The opinions expressed in this message are strictly personal and do not necessarily reflect those of FiLogix."