May be I can add a property to support authorization retransmits without
WWW-Authenticate
Sergey
On 25/10/16 12:42, Sergey Beryozkin wrote:
Well, WWW-Authenticate is there to indicate to the client that the
Authorization needs to be completed, this is standard HTTP. 401 alone
can mean anything,
Well, WWW-Authenticate is there to indicate to the client that the
Authorization needs to be completed, this is standard HTTP. 401 alone
can mean anything, for example, the client password or user name may be
wrong, or the server can use 401 for some other reasons related to the
access of some
I do have the issue that WrappedOutputStream.processRetransmit is not even
triggered, so it does not even reach the authorizationRetransmit method. What
might be the issue here?
> On 25 Oct 2016, at 13:12, Konrad Windszus wrote:
>
> This is a 3rd party server I unfortunately cannot influence.
This is a 3rd party server I unfortunately cannot influence.
Any way to to modify the WWW-Authorize handling in CXF?
Where is the piece of code being responsible for triggering the retransmit
evaluating the WWW-Authorize header?
Thanks,
Konrad
> On 25 Oct 2016, at 12:23, Sergey Beryozkin wrote:
Hi
Why can't the server return WWW-Authenticate ?
Cheers, Sergey
On 25/10/16 11:04, Konrad Windszus wrote:
Thanks for that tip. Unfortunately my custom HttpAuthSupplier is only called
once (before the request is triggered). No matter whether I return null or the
empty string in my getAuthoriz
Thanks for that tip. Unfortunately my custom HttpAuthSupplier is only called
once (before the request is triggered). No matter whether I return null or the
empty string in my getAuthorization method my HttpAuthSupplier is not called a
second time. The reason is that the underlying close method o
Hi
AFAIK, CXF HttpConduit will attempt a re-transmit if 401 is returned and
a custom CXF HttpAuthSupplier is registered.
For example, see
https://github.com/apache/cxf/blob/master/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/BearerAuthSupplier.java
I want to call a ReST web service with a JAX-RS client based on CXF. That web
service has a custom authentication based on cookies and challenge/response
authentication. To get authenticated (i.e. whenever a regular call returns a
401) a dedicated GET request must be issued to get the challenge,