IE6 WinXP Java2 and Basic Auth
This only happens on WinXP (Pro is what I'm using), not WinME, Win2K or Win98/Win98SE.
When I request a page with an embedded Java applet (with applet tags) that is "protected" with Basic Auth over SSL I first enter the Basic Auth credentials (username/password) in the IE6 dialog and then a second dialog appears, a Java one, to enter the same Basic Auth credentials again.
On Win2k/WinME/Win9x only once am I required to enter the BA credentials with the IE6 dialog.
What's up?
I solved the problem of the double Basic Auth sign-ins accessing a HTTPS/SSL page containing <APPLET> tags by disabling JRE 1.4 and reverting to JRE 1.3.1.
IMHO, JRE 1.4 is seriously broken WRT SSL/<APPLET>/Basic Auth.
Similar Messages
-
Hi,
I'm trying to set up a web service that should use basic authentication as security solution. I've used the admin console to define security policies and left the 'Check roles and Policies for' in 'Web applications and EJBs protected in DD' for my default realm.
The security policy is set on the application inherited by the EJB and web service module.
All is well when accessing the web services from a Java client but when I try to access them from a .Net client I get an '401: Unauthorized' response.
If I change the 'Check roles and Policies for' setting to 'All Web applications and EJBs' the .Net client works but the Java client doesn't work anymore (it can't access the WSDL-file that it needs).
I've tried to set up authorization settings in the web.xml for the web service module but it doesn't seem to make any difference.
I use the WebLogic 8.1SP5 Server.What is VB?
I know about J2ME, J2SE, J2EE, JMS, JNDI, JSP, JDBC, JAX-RPC, JAXP, JAXR, JAXM, JMX, JMI, JAF, JPDA and several other acronyms but I've never heard of VB. -
How to prevent basic auth dialog box?
Hi all,
I have a webservice protected with basic authtentication.
From my understanding I thought it would be possible to prompt the
user for a user name and password using a flex form and then do a
setCredentials on the WebService object to provide the server with
the needed info, thus avoiding the broswers dialog box.
However this does not work and I still get the browser dialog
box. Even worse if I log out of the flex application and try and
log in as a new user it seems the old credentials are cached by the
browser so the new user get security errors as the flex usernam and
basic auth username do not match up. This is how the app has been
coded.
Any idea?
thanksI'm sorry you're question is not clear to me. Please explain a bit further.
tanzim
If your query is resolved then please click on “Accept as Solution”
Click on the LIKE on the bottom right if the post deserves credit -
Basic auth with RESTful WEb service and Web Service reference
Hi, All,
We have made much progress on getting an application working wtih RESTful web services but now are trying to figure out how to lock down a RESTful Web service while making it available for a particular application.
We are using one of the sample 'emp' table web services that come with Apex 4.2 and are trying to apply Basic Auth to the WEb Service via Weblogic filter defined in the web.xml file. That works fine. I now get challenged when I try to go to :
https://wlogic.edu/apex/bnr/ace/hr/empinfo/
And when I authenticate to that challenge I am able to get the data. (we are usiing LDAP authentication at the Weblogic level)
However, I am not sure how to get same basic authentication to work with the Web Service reference in my application. I see the error message in the application when I try to call that Web Service:
401--Unauthorized<
And I see:
"The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.46) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials"
How do I provide the credentials in the Web REference or do I provide credentials in the Application?
Web service works fine if I remove the RESTful web service basic auth from the Web.xml file.
Should we NOT use Weblogic basic auth and instead use basic auth from Workspace RESTful web service definition. If so, how do we implement THAT basic auth in the Web Service definition and in the Web SErvice Reference on the application?
Thanks,
PatWhat I mean is diid you try to use the PL/SQL package for APEX webservice. Here is an example I use (modified and shortened, just to show how much better this is than to use it from the application).
CREATE OR REPLACE PACKAGE webservice_pkg
IS
PROCEDURE create_webservice (
p_id IN NUMBER,
p_message OUT VARCHAR2,
p_workspace IN VARCHAR2 DEFAULT 'MY_WORKSPACE',
p_app_id IN NUMBER DEFAULT v ('APP_ID'),
p_app_session IN VARCHAR2 DEFAULT v ('SESSION'),
p_app_user IN VARCHAR2 DEFAULT v ('APP_USER')
END webservice_pkg;
CREATE OR REPLACE PACKAGE BODY webservice_pkg
IS
PROCEDURE set_credentials (
p_workspace IN VARCHAR2,
p_app_id IN NUMBER,
p_app_session IN VARCHAR2,
p_app_user IN VARCHAR2
IS
v_workspace_id NUMBER;
BEGIN
SELECT workspace_id
INTO v_workspace_id
FROM apex_workspaces
WHERE workspace = p_workspace;
apex_util.set_security_group_id (v_workspace_id);
apex_application.g_flow_id := p_app_id;
apex_application.g_instance := p_app_session;
apex_application.g_user := p_app_user;
END set_credentials;
PROCEDURE create_webservice (
p_id IN NUMBER,
p_message OUT VARCHAR2,
p_workspace IN VARCHAR2 DEFAULT 'MY_WORKSPACE',
p_app_id IN NUMBER DEFAULT v ('APP_ID'),
p_app_session IN VARCHAR2 DEFAULT v ('SESSION'),
p_app_user IN VARCHAR2 DEFAULT v ('APP_USER')
IS
v_envelope VARCHAR2 (32000);
v_server VARCHAR2 (400);
v_url VARCHAR2 (4000);
v_result_url VARCHAR2 (1000);
v_collection_name VARCHAR2 (40) := 'PDF_CARD';
v_message VARCHAR2 (4000);
v_xmltype001 XMLTYPE;
BEGIN
v_url := v_server || '.myserver.net/services/VisitCardCreator?wsdl';
FOR c IN (SELECT *
FROM DUAL)
LOOP
v_envelope :=
'<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" '
|| 'xmlns:bran="http://www.myaddress.com">'
|| CHR (10)
|| '<soapenv:Header/><soapenv:Body>'
|| CHR (10)
|| '<parameter:'
|| 'some_value'
|| '>'
|| CHR (10)
|| '<bran:templateID>'
|| p_id
|| '</bran:templateID>'
|| '</soapenv:Body>'
|| CHR (10)
|| '</soapenv:Envelope>';
END LOOP;
set_credentials (p_workspace, p_app_id, p_app_session, p_app_user);
BEGIN
apex_web_service.make_request
(p_url => v_url,
p_collection_name => v_collection_name,
p_envelope => v_envelope
p_message := 'Some message.';
EXCEPTION
WHEN OTHERS
THEN
v_message :=
v_message
|| '</br>'
|| 'Error running Webservice Request. '
|| SQLERRM;
END;
BEGIN
SELECT v_result_url
|| EXTRACTVALUE (VALUE (t),
'/*/' || 'Return',
'xmlns="http://www.myaddress.com"'
xmltype001
INTO v_result_url,
v_xmltype001
FROM wwv_flow_collections c,
TABLE
(XMLSEQUENCE (EXTRACT (c.xmltype001,
'//' || 'Response',
'xmlns="http://www.myaddress.com"'
) t
WHERE c.collection_name = v_collection_name;
EXCEPTION
WHEN OTHERS
THEN
v_message := v_message || '</br>' || 'Error reading Collection.';
END;
EXCEPTION
WHEN OTHERS
THEN
p_message := v_message || '</br>' || SQLERRM;
END create_webservice;
END webservice_pkg;
/If you use it this way, you will find out what the problem is much faster.
Denes Kubicek
http://deneskubicek.blogspot.com/
http://www.apress.com/9781430235125
http://apex.oracle.com/pls/apex/f?p=31517:1
http://www.amazon.de/Oracle-APEX-XE-Praxis/dp/3826655494
------------------------------------------------------------------- -
HTTP Basic Auth and Proxy Auth
Hi,
i have a problem with the authentication against a proxy server and against a content provider. At first I have to authenticate against the proxy to get "free internet". The next step is to authenticate against the content provider to get a html or xml file.
The following source code runs very good in Eclipse, i.e. as JUnitTest. But If I execute the same code within a weblogic server, I will get an error (not authenticated). I believe I get this message from the content provider and not from the proxy because If I test this code within the weblogic server and with no authentication (i.e. google needs no authentication), I will get a valide xml/html file.
StringBuffer sb = new StringBuffer();
SimpleAuthenticator simple = new SimpleAuthenticator("joeuser","a.b.C.D"); //from openbook
Authenticator.setDefault(simple);
String strUrl = "http://www.rahul.net/joeuser/";
URL url = null;
try {
url = new URL(strUrl);
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
URLConnection conn = null;
InetSocketAddress addr = new InetSocketAddress("proxy.domain",8080);
Proxy proxy = new Proxy(Proxy.Type.HTTP, addr);
try {
conn = url.openConnection(proxy);
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
String proxyStr = "username" + ":" + "passwordl";
String encoded = new String(Base64.encodeBase64(proxyStr.getBytes()));
conn.setRequestProperty("Proxy-Authorization", "Basic " + encoded);
// get http status code which is located in header field 0
String status = conn.getHeaderField(0);
if (status.contains("200")) {
BufferedReader in = null;
try {
in = new BufferedReader(new InputStreamReader(conn.getInputStream(),
"ISO-8859-1"));
String inputLine;
while ((inputLine = in.readLine()) != null) {
sb.append(inputLine);
in.close();
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
else {
System.out.println("Error");
System.out.println(sb.toString());
public class SimpleAuthenticator
extends Authenticator
private String username,
password;
public SimpleAuthenticator(String username,String password)
this.username = username;
this.password = password;
protected PasswordAuthentication getPasswordAuthentication()
return new PasswordAuthentication(
username,password.toCharArray());
Does somebody know a solution? I need the authentication against proxy and content provider in "one application".
Thank you very much,
AndréI typically have used Apache Commons HttpClient for anything but trivial URL connections, and especially when combining both basic auth and proxy auth. When you use it, be aware of the "preemptive authentication" flag. One server I worked with didn't send the correct parameters back on particular requests, so I had to turn on this flag to get it to work.
-
HTTP Basic Auth and Username Authentication with Symmetric Key
Hi,
I have a webservice happily running on tomcat 5.5 using "Username Authentication with Symmetric Key" I have certificates setup and everything works fine. I can even connect a .net client and use the service.
Now I have an additional requirement of authorization per operation basis so I'm planning on using the roles. My current setup uses tomcat-users.xml to configure users but I seem unable to identify the role of the user from within my code as wsContext.isUserInRole("briefing") always returns false even when it clearly isn't. Where wsContext = @Resource private WebServiceContext wsContext.
So I figure perhaps I need to add HTTP Basic Auth to tomcat for it to gather this information so I added security-constraints to the web.xml and this seems to do the trick: at least it does for my .net client.
If I do:
Service service = new Service();
Port client = service.getPort();
BindingProvider bp = (BindingProvider)client;
bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "myusername");
bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "mypassword");Then it all works fine. However, I'd like a little less transparency: I don't want to have to do this every time I make a call.
My question(s) is:
1) Am I going about this the right way (perhaps I am somehow getting the incorrect reference to the WebServiceContext)
2) If I am going about this the right way I imagine the whole BindingProvider code needs to be added to as a policy configuration but I'm really not sure where to start especially as I'm using wsimport to generate everything: I'm not even sure where to configure this so it will not get overwritter.
Thanks for any help.Doh! Ok So I've added a SOAP Handler to automatically add the username and password for the HTTP Basic Auth.
All in all does this setup sound right? -
Hi,
I'm using basic auth and used to send username/password with
the URL to authenticate from another webserver (with some other
kind of authentication), but - as you know - Microsoft doesn't
support that any longer and so this works for some other
webclients but not for IE (or only with a patch, that isn't installed
everywhere).
Now I have seen that for Apache there is a module called
mod_auth_cookie to fake that kind of implicit authentification.
My Question: has anybody done this for SJWS or can't that
be done?
TIA
ReinfriedHi,
Please check the below link
Re: Accessing Portal component without login screen
hope is solve your problem.
Raghu -
RemoteObject and http basic auth
Hello,
I am writing an AIR application and I have a RemoteObject
that has an endpoint secured using http basic auth. Whenever I try
to send the RemoteObject request, a username/password window is
displayed to the user. How do I automatically send the
username/password? Using setCredentials or setRemoteCredentials
doesn't seem to affect this - looking at the data sent, the
RemoteObject is not sending a http Authorisation header.
Is this possible?Hello,
Sorry for "waking up" this old message, but I have exactly the same probem and I can't find a solution.
I know how to send Authorization in the HTTP headers with a HTTPService, but not with a RemoteObject.
Do you know that, or have any other solution for the problem ?
Etienne -
Forms based authentication + Basic authentication = no way to use the basic auth!!!!
Hi,
I setup a test sharepoint site, claims mode, with both the forms and basic authentication enabled.
I expect to see the page asking me which authentication method I want to use, but I never see this page!!!
I have to select the windows authentication (NTLM or Kerberos) to see this page!
why using only the Basic authentication did not prompt the user?
and how to be authenticated using the basic authentication rather than the forms auth when both are enable for the same site?
>I do NOT want to extend my site to have 2 zones... my question is ONLY with 1 zone configured.What is the business purpose for using Basic Auth over NTLM/Kerberos?
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Hi Guys,
Maybe someone can help me out?
I just finished setting up a trial "Cisco Virtual Wireless Controller" with nearly the same configuration as our Physical
"Cisco Wireless Controller" with the exception of having 2 ports. Anyhow, I managed to get everything working except for the WEB AUTH on the Guest WLAN. When a client connects, he gets a DHCP address from our ASA but when we try to get to a website, we never reach the WEB AUTH page.
What I tried so far is..
add a DNS Host Name to the virtual interface and assign it to our internal DNS server.dns name was resolving but we were unable to ping 1.1.1.1
changed the virtual ip from 1.1.1.1 to 2.2.2.2 and modified the DNS entrydns name resoved but still could not ping 2.2.2.2(I think this is normal)
changed the virtual IP to a private address of 192.168.102.1 and modified the dns entrysame result
I've attached some screenshots of our configuration.Troubleshooting Web Authentication
After you configure web authentication, if the feature does not work as expected, complete these
troubleshooting steps:
Check if the client gets an IP address. If not, users can uncheck
DHCP Required
on the WLAN and
give the wireless client a static IP address. This assumes association with the access point. Refer to
the
IP addressing issues
section of
Troubleshooting Client Issues in the Cisco Unified Wireless
Network for troubleshooting DHCP related issues
1.
On WLC versions earlier than 3.2.150.10, you must manually enter
https://1.1.1.1/login.html
in
order to navigate to the web authentication window.
The next step in the process is DNS resolution of the URL in the web browser. When a WLAN client
connects to a WLAN configured for web authentication, the client obtains an IP address from the
DHCP server. The user opens a web browser and enters a website address. The client then performs
the DNS resolution to obtain the IP address of the website. Now, when the client tries to reach the
website, the WLC intercepts the HTTP Get session of the client and redirects the user to the web
authentication login page.
2.
Therefore, ensure that the client is able to perform DNS resolution for the redirection to work. On
Windows, choose
Start > Run
, enter
CMD
in order to open a command window, and do a nslookup
www.cisco.com" and see if the IP address comes back.
On Macs/Linux: open a terminal window and do a nslookup www.cisco.com" and see if the IP
address comes back.
If you believe the client is not getting DNS resolution, you can either:
Enter either the IP address of the URL (for example, http://www.cisco.com is
http://198.133.219.25)
♦
Try to directly reach the controller's webauth page with
https:///login.html. Typically this is http://1.1.1.1/login.html.
♦
Does entering this URL bring up the web page? If yes, it is most likely a DNS problem. It might also
be a certificate problem. The controller, by default, uses a self−signed certificate and most web
browsers warn against using them.
3.
For web authentication using customized web page, ensure that the HTML code for the customized
web page is appropriate.
You can download a sample Web Authentication script from Cisco Software Downloads. For
example, for the 4400 controllers, choose
Products > Wireless > Wireless LAN Controller >
Standalone Controllers > Cisco 4400 Series Wireless LAN Controllers > Cisco 4404 Wireless
LAN Controller > Software on Chassis > Wireless Lan Controller Web Authentication
Bundle−1.0.1
and download the
webauth_bundle.zip
file.
These parameters are added to the URL when the user's Internet browser is redirected to the
customized login page:
4.
ap_mac The MAC address of the access point to which the wireless user is associated.
♦
switch_url The URL of the controller to which the user credentials should be posted.
♦
redirect The URL to which the user is redirected after authentication is successful.
♦
statusCode The status code returned from the controller's web authentication server.
♦
wlan The WLAN SSID to which the wireless user is associated.
♦
These are the available status codes:
Status Code 1: "You are already logged in. No further action is required on your part."
♦
Status Code 2: "You are not configured to authenticate against web portal. No further action
is required on your part."
♦
Status Code 3: "The username specified cannot be used at this time. Perhaps the username is
already logged into the system?"
♦
Status Code 4: "You have been excluded."
♦
Status Code 5: "The User Name and Password combination you have entered is invalid.
Please try again."
♦
All the files and pictures that need to appear on the Customized web page should be bundled into a
.tar file before uploading to the WLC. Ensure that one of the files included in the tar bundle is
login.html. You receive this error message if you do not include the login.html file:
Refer to the Guidelines for Customized Web Authentication section of Wireless LAN Controller Web
Authentication Configuration Example for more information on how to create a customized web
authentication window.
Note:
Files that are large and files that have long names will result in an extraction error. It is
recommended that pictures are in .jpg format.
5.
Internet Explorer 6.0 SP1 or later is the browser recommended for the use of web authentication.
Other browsers may or may not work.
6.
Ensure that the
Scripting
option is not blocked on the client browser as the customized web page on
the WLC is basically an HTML script. On IE 6.0, this is disabled by default for security purposes.
7.
Note:
The Pop Up blocker needs to be disabled on the browser if you have configured any Pop Up
messages for the user.
Note:
If you browse to an
https
site, redirection does not work. Refer to Cisco bug ID CSCar04580
(registered customers only) for more information.
If you have a
host name
configured for the
virtual interface
of the WLC, make sure that the DNS
resolution is available for the host name of the virtual interface.
Note:
Navigate to the
Controller > Interfaces
menu from the WLC GUI in order to assign a
DNS
hostname
to the virtual interface.
8.
Sometimes the firewall installed on the client computer blocks the web authentication login page.
Disable the firewall before you try to access the login page. The firewall can be enabled again once
the web authentication is completed.
9.
Topology/solution firewall can be placed between the client and web−auth server, which depends on
the network. As for each network design/solution implemented, the end user should make sure these
ports are allowed on the network firewall.
Protocol
Port
HTTP/HTTPS Traffic
TCP port 80/443
CAPWAP Data/Control Traffic
UDP port 5247/5246
LWAPP Data/Control Traffic
(before rel 5.0)
UDP port 12222/12223
EOIP packets
IP protocol 97
Mobility
UDP port 16666 (non
secured) UDP port 16667
(secured IPSEC tunnel)
10.
For web authentication to occur, the client should first associate to the appropriate WLAN on the
WLC. Navigate to the
Monitor > Clients
menu on the WLC GUI in order to see if the client is
associated to the WLC. Check if the client has a valid IP address.
11.
Disable the Proxy Settings on the client browser until web authentication is completed.
12.
The default web authentication method is PAP. Ensure that PAP authentication is allowed on the
RADIUS server for this to work. In order to check the status of client authentication, check the
debugs and log messages from the RADIUS server. You can use the
debug aaa all
command on the
WLC to view the debugs from the RADIUS server.
13.
Update the hardware driver on the computer to the latest code from manufacturer's website.
14.
Verify settings in the supplicant (program on laptop).
15.
When you use the Windows Zero Config supplicant built into Windows:
Verify user has latest patches installed.
♦
Run debugs on supplicant.
♦
16.
On the client, turn on the EAPOL (WPA+WPA2) and RASTLS logs from a command window, Start
> Run > CMD:
netsh ras set tracing eapol enable
netsh ras set tracing rastls enable
In order to disable the logs, run the same command but replace enable with disable. For XP, all logs
will be located in C:\Windows\tracing.
17.
If you still have no login web page, collect and analyze this output from a single client:
debug client
debug dhcp message enable
18.
debug aaa all enable
debug dot1x aaa enable
debug mobility handoff enable
If the issue is not resolved after you complete these steps, collect these debugs and use the TAC
Service Request Tool (registered customers only) in order to open a Service Request.
debug pm ssh−appgw enable
debug pm ssh−tcp enable
debug pm rules enable
debug emweb server enable
debug pm ssh−engine enable packet -
Web Services with HTTP Basic Auth
Hi,
I am having a problem connecting to web services which
require HTTP Basic Authentication from a Flex application. I have
useProxy set to true and call setRemoteCredentials prior to
attempting the call, but the credentials do not appear to be set on
the request (the request fails with fault.faultString = "HTTP
request error", faultCode = "Server.Error.Request". The messages on
the server indicate that the user name and password were not
specified.
I do have the proxy-config.xml file set up properly (I think
-- I followed the example in the mx.rpc.soap.mxml.WebService class
description, at least).
I can verify that the WSDL (which doesn't require BASIC auth
to access) is being loaded properly, but when I make the request,
it fails. Is this a known problem?
I am using Flex Builder 2.0.1 to build my SWF files.
Thanks,
BrendanThanks for the pointer, I did try it, but it didn't help.
As I said in the original post, the problem is with HTTP
Basic Authentication, so adding a header for WSSE to the service
request didn't help. It needs to be an HTTP Authorization header,
not a SOAP Security header.
Brnedan -
Dynamic proxy invokes basic auth web service
My dynamic proxy client works fine with any web service except the basic auth secured one.
I know how to use stub client to work around this issue. But I haven't found a way to get around when dynamic proxy clients are used.
Any idea is appricated. ThanksPaula-
Given that you can work around this issue with the stub client,
you should be able to work around the issue in the dynamic proxy client
in the same way-
I am interested that you say workaround the issue with the stub client.
Is there a problem that you have noted?
If you can let me know how you worked this issue with the stub,
and what problems you have specifically had with the dynamic proxy client
I will look at the issue to see if it a bug.
Please let me know what environment you are working in, the version of jaxrpc 1.x,
what container, jdk or jre and a sample client program that would help me understand
the problem.
Thanks,
Kathy -
Hello everyone,
we have integrated some JavaFX components within a swing application recently. One of the components that we have decided to add is a WebView component that should access an html page with the account settings of the logged in user.
However, this page has restricted access with HTTP Basic Auth type of authorization and for this reason the WebView gets the 401 HTTP error.
Is it possible to perform the HTTP Basic Auth programmatically (by setting username and password) with the WebView?
Thanks in advance for your help,
LMI have solved by using java.net.Authenticator
-
I've got a J2EE application running under WL6.1 and that uses BASIC Auth. Durring
development I need to test with various users. How do I log a user out so I can
run the app under a different user?
Thanks,
MattThe following should work :
a) use HttpSession.invalidate() to invalidate
the current user session , and
b) use HttpServletResponse.sendRedirect() to
redirect to the main page.
Let me know if it does not work.
jason
"Matt Connors" <[email protected]> wrote:
>
I've got a J2EE application running under WL6.1 and that uses BASIC Auth.
Durring
development I need to test with various users. How do I log a user out
so I can
run the app under a different user?
Thanks,
Matt -
Basic auth interop problem, servlet WS works, EJB WS not (Sun AS 8)
After spending some time I managed to add HTTP basic auth to a simple web service. I have implemented two variants, an JAX-RPC servlet web service and an EJB web service.
A (Sun) JAX-RPC client works pretty well against both web services. I do the required steps with the stub (set user/pwd) and things work. I do get the correct principal in the server side, fine.
When I do NOT set the authentication properties at the stub, the servlet based WS responds something like HTTP error 403 (?) or so, which leads to "authentication required". The EJB based response is not that adequate, it's something like "internal server error, EJBLocalAccessException or so" but from the given message you could get the idea what's wrong.
Anyway, I got the impression that this stuff
return HTTP error to flag "auth required"
is not happening for some reason in my EJB based web service. I found this problem in Sun AS 8 and I think it's the same problem when I test stuff with Oracle's OC4J ...
Some client implementations have obviously problems to get the idea that user authentication is required. In other words, the clients cannot invoke the EJB WS. I tried it with Perl Soap::Lite, MS SOAP Toolkit 3.0 and MS .Net 1.1 stuff. All this clients work well (with authentication) when I consume the servlet based web service. But the EJB based web service is not working at all. I do get there just "not allowed" and the SOAP client runtime is not handing over any user credentials (because it's obviously not correctly asked for it by an appropriate AS response).
Anyone else experienced this problems with EJB WS???
Interesting question: why is the JAX-RPC client working? Is it sending the properties set at the stub in any case? Or do they "handle" the internal error coming from Sun AS explicitly or so? Strange, in a way. :-)
Thanx for any help here!
MertenI guess the reason was that I wrote
<login-config>
<auth-method>Basic</auth-method>
</login-config>
instead of required
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
At deploy time, I got no error message. At usage time, I just got this AccessLocalException. That's not really nice ...
Merten
Maybe you are looking for
-
How can I run a script on suspend/resume?
I'd like to run a script when a machine is about to suspend and another after it resumes. Is this possible?
-
How to Change Library iPod is linked to with iTunes 7
I had linked my iPod to the iTunes library on my computer at work, but need to change this so that it is linked to my home computer. I remember you could do this with iTunes 6 but I can't figure out how to do this with iTunes 7. I have to exchange my
-
Creating Asset from Requisition???
I need to know the detailed steps to create a Fixed Asset from Requisition (iProc)? Please give me detailed steps along with configuration needed?
-
Portal eventing between bsp and VC
Hi everybody I need to use portal eventing to have a bsp and a VC iview communicate. The bsp iview should be displayed within the VC iview as html view, raise a portal event with some sort of parameters inside, and then be dynamically hidden by the m
-
Hide Fields for Applications WD ABAP Travel
Dear Experts. I have the following doubt: Is posible hide the fields enclosed in the box red using configuration of the following image for the application WD ABAP (Change Travel Request): [Image|http://img513.imageshack.us/img513/1859/hidefields.png