Discussion:
[Axis2] Secure Cookie not returned to WebServer
R. Lapsien
2018-11-13 11:47:31 UTC
Permalink
<html>
<head>

<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>
</p>
<p style="margin-bottom: 0cm" align="JUSTIFY"><font
style="font-size: 11pt" size="2">Secure
Cookie not returned to WebServer</font></p>
<br>
<br>
I'm accessing a WebService on an BEA Server from a Java client using
AXIS2 1.7.8<br>
<br>
As can be seen in the SSL trace AXIS2 is not returning the secure
cookie (named '_WL_AUTHCOOKIE_JSESSIONID') to the server. Therefore
the second request to the server is answered with 401 –
Unauthorized. Another cookie ('JSESSIONID') is returned properly.<br>
<br>
There is no problem when communicating via http / without SSL. The
secure cookie is only send when using SSL (see:
<a class="moz-txt-link-freetext" href="https://docs.oracle.com/cd/E13222_01/wls/docs103/security/thin_client.html#wp1039551">https://docs.oracle.com/cd/E13222_01/wls/docs103/security/thin_client.html#wp1039551</a>)<br>
<br>
This problem first occured under AXIS2 1.6.3. At that time the
actual version was 1.7.0 and 1.7.0 did fix this issue. Now with
version 1.7.8 the problem is back. I think the problem could be
connected to AXIS2-5608.<br>
<br>
Will there be a fix?<br>
<br>
Or do I miss something neccessary to return all cookies
(configuration, …)?<br>
<br>
Or is there a way to do the handling of this cookie from client
code?<br>
<br>
<br>
<div class="moz-signature">-- <font size="2"><br>
Best
regards     </font><br>
<div><font size="2">Reinhard Lapsien<br>
</font></div>
<div>
<p><br>
</p>
</div>
</div>
</body>
</html>

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-***@axis.apache.org
For additional commands, e-mail: java-dev-***@axis.apache.org
robertlazarski
2018-11-13 14:43:46 UTC
Permalink
Secure Cookie not returned to WebServer
I'm accessing a WebService on an BEA Server from a Java client using AXIS2
1.7.8
As can be seen in the SSL trace AXIS2 is not returning the secure cookie
(named '_WL_AUTHCOOKIE_JSESSIONID') to the server. Therefore the second
request to the server is answered with 401 – Unauthorized. Another cookie
('JSESSIONID') is returned properly.
There is no problem when communicating via http / without SSL. The secure
https://docs.oracle.com/cd/E13222_01/wls/docs103/security/thin_client.html#wp1039551
)
This problem first occured under AXIS2 1.6.3. At that time the actual
version was 1.7.0 and 1.7.0 did fix this issue. Now with version 1.7.8 the
problem is back. I think the problem could be connected to AXIS2-5608.
Will there be a fix?
Or do I miss something neccessary to return all cookies (configuration, 
)?
Or is there a way to do the handling of this cookie from client code?
--
Best regards
Reinhard Lapsien
--------------------------------------------------------------------- To
Axis2 works fine for me over HTTPS, the only thing to be aware IIRC is you
need this setup like so in your axis2.xml ... the following config will
allow both HTTP and HTTPS. If this doesn't work for you, I suggest you put
axis2 into debug mode and see what is the problem, I could compare with my
logs that are working fine.

<transportReceiver name="http"
class="org.apache.axis2.transport.http.AxisServletListener">
<parameter name="port">8080</parameter>
</transportReceiver>

<transportReceiver name="https"
class="org.apache.axis2.transport.http.AxisServletListener">
<parameter name="port">8443</parameter>
</transportReceiver>

Regards,
Robert
Andreas Veithen
2018-11-13 20:44:01 UTC
Permalink
From the history of AXIS2-5608 you can see what happened: the "fix"
went into a release and it was later discovered that it caused a
regression elsewhere. Since the change was submitted without a test,
the only sensible option was to roll it back.

Andreas
Secure Cookie not returned to WebServer
I'm accessing a WebService on an BEA Server from a Java client using AXIS2 1.7.8
As can be seen in the SSL trace AXIS2 is not returning the secure cookie (named '_WL_AUTHCOOKIE_JSESSIONID') to the server. Therefore the second request to the server is answered with 401 – Unauthorized. Another cookie ('JSESSIONID') is returned properly.
There is no problem when communicating via http / without SSL. The secure cookie is only send when using SSL (see: https://docs.oracle.com/cd/E13222_01/wls/docs103/security/thin_client.html#wp1039551)
This problem first occured under AXIS2 1.6.3. At that time the actual version was 1.7.0 and 1.7.0 did fix this issue. Now with version 1.7.8 the problem is back. I think the problem could be connected to AXIS2-5608.
Will there be a fix?
Or do I miss something neccessary to return all cookies (configuration, …)?
Or is there a way to do the handling of this cookie from client code?
--
Best regards
Reinhard Lapsien
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-***@axis.apache.org
For additional commands, e-mail: java-dev-***@axis.apache.org

Loading...