Re: Authorization Unauthorized: POST vs. GET

Tue, 25 Feb 2003 01:49:34 -0800 

On Mon, Feb 24, 2003 at 01:14:38PM -0800, Steve Loughran wrote:
> 
> ----- Original Message -----
> From: "Michael Konietzka" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, February 24, 2003 08:41
> Subject: Authorization Unauthorized: POST vs. GET
> 
> 
> > Hi
> > I deployed a webservice und Axis1.1beta with the following configuration:
> >
> > Apache 1.3.x -> via mod_jk->tomcat3.3.x->axis1.1beta
> >
> > The webservice is protected with HTTP Basic Authorization.
> > When using HTTP Post everything works fine. A wrong password results
> > in a "HTTP 401 Unauthorized".
> >
> > Axis offers also HTTP GET to access a webservice with a special
> > query string. This works fine with correct user and password,
> > but a wrong password results in a "HTTP 500 Internal Server Error",
> > when I would expect a "HTTP  401" as by the HTTP POST-Request.
> >
> > The soap-Log says "faultCode:
> {http://xml.apache.org/axis/}Server.Unauthenticated";
> >
> > Is there a reason why the both methods behave differently when using
> > wrong login data?
> 
> yes, the GET routine is waiting for somebody who cares about authentication
> to write and contribute the code :)

Looking at the source code is useful in the troubleshooting sometimes. ;-)

Well, I am not familiar with the current Axis architecture but 
I guess 

AxisServlet.doGet(HttpServletRequest req, HttpServletResponse res)
...
catch (AxisFault fault) {
                    log.error(Messages.getMessage("exception00"), fault);
                    response.setContentType("text/html");
                    response.setStatus(500);
..

should have the same error-handling like 

AxisServlet.doPost(HttpServletRequest req, HttpServletResponse res)

...
if (status == HttpServletResponse.SC_UNAUTHORIZED)
                  res.setHeader("WWW-Authenticate","Basic realm=\"AXIS\"");
                  // TODO: less generic realm choice?
...

 
I have to setup my eclipse for the axis source, so I can fix this 
and contribute the code.

Best regards
 Michael
-- 
Dipl.-Inform. Michael Konietzka  Schlund + Partner AG
- Development UNIX -             Erbprinzenstrasse 4-12
    Webservices                  D-76133 Karlsuhe
http://www.schlund.de/           Germany

Reply via email to