[jira] [Commented] (AXIS2-6023) Basic Auth creds missing if target auth not required

Wed, 12 Jan 2022 11:49:04 -0800 


    [ 
https://issues.apache.org/jira/browse/AXIS2-6023?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17474915#comment-17474915
 ] 

Rod commented on AXIS2-6023:
----------------------------

Hi [~robertlazarski], thanks for the prompt reply.

The service replies w/ an ok 200 maybe 202 (no _WWW-Authenticate_ header 
either) since it doesn't require authentication.

In pre-v1.8.0, the credentials (if available) were provided anyway.

It seems in 1.8.0 credentials aren't provided unless (as you point out, the 
service returns 40x and _WWW-Authenticate)._

_This could be by design, but I wonder how one might be able to force the 
transmission of credentials._

> Basic Auth creds missing if target auth not required
> ----------------------------------------------------
>
>                 Key: AXIS2-6023
>                 URL: https://issues.apache.org/jira/browse/AXIS2-6023
>             Project: Axis2
>          Issue Type: Bug
>    Affects Versions: 1.8.0
>            Reporter: Rod
>            Priority: Major
>
> This might be working as designed, but there's a clear change in behavior 
> between Axis2 v1.7.9 and v1.8.0 which is affecting functionality dependent on 
> client provided username:
> WSDL generated client provides basic auth credentials as such:
>   Options opt = thestub._getServiceClient().getOptions();
>   HttpTransportPropertiesImpl.Authenticator basicAuth = new 
> HttpTransportPropertiesImpl.Authenticator();
>   basicAuth.setUsername(user);
>   basicAuth.setPassword(pass);
>   basicAuth.setPreemptiveAuthentication(true);
>   opt.setProperty(HTTPConstants.AUTHENTICATE, basicAuth);
>   opt.setProperty(HttpTransportPropertiesImpl.Authenticator.BASIC, basicAuth);
>         
> opt.setProperty(org.apache.axis2.transport.http.HTTPConstants.CHUNKED, 
> Boolean.FALSE);
>         thestub._getServiceClient().setOptions(opt);
> If targeting Axis2 v1.7.9, the user/pass basicAuth is received by target 
> service, however, in v1.8.0 it is not.
> After looking around deep in org.apache.axis2.transport.http, it appears this 
> might be occurring if the target endpoint doesn't require authentication. 
> Is this by design? Is there a known way to force the transmission of 
> credentials?
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to