[prev in list] [next in list] [prev in thread] [next in thread] 

List:       rampart-dev
Subject:    Re: [Axis2] Secure Cookie not returned to WebServer
From:       Andreas Veithen <andreas.veithen () gmail ! com>
Date:       2018-11-13 20:44:01
Message-ID: CADx4_uVn-G1Uh-Or8UHraGUsUgMdtmnNbnRbiL7QePwiOzGPfg () mail ! gmail ! com
[Download RAW message or body]

From the history of AXIS2-5608 you can see what happened: the "fix"
went into a release and it was later discovered that it caused a
regression elsewhere. Since the change was submitted without a test,
the only sensible option was to roll it back.

Andreas

On Tue, Nov 13, 2018 at 11:47 AM R. Lapsien <rlapsien@klv.de> wrote:
> 
> Secure Cookie not returned to WebServer
> 
> 
> 
> I'm accessing a WebService on an BEA Server from a Java client using AXIS2 1.7.8
> 
> As can be seen in the SSL trace AXIS2 is not returning the secure cookie (named \
> '_WL_AUTHCOOKIE_JSESSIONID') to the server. Therefore the second request to the \
> server is answered with 401 – Unauthorized. Another cookie ('JSESSIONID') is \
> returned properly. 
> There is no problem when communicating via http / without SSL. The secure cookie is \
> only send when using SSL (see: \
> https://docs.oracle.com/cd/E13222_01/wls/docs103/security/thin_client.html#wp1039551)
>  
> This problem first occured under AXIS2 1.6.3. At that time the actual version was \
> 1.7.0 and 1.7.0 did fix this issue. Now with version 1.7.8 the problem is back. I \
> think the problem could be connected to AXIS2-5608. 
> Will there be a fix?
> 
> Or do I miss something neccessary to return all cookies (configuration, …)?
> 
> Or is there a way to do the handling of this cookie from client code?
> 
> 
> --
> Best regards
> Reinhard Lapsien
> 
> 
> --------------------------------------------------------------------- To \
> unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org For additional commands, \
> e-mail: java-dev-help@axis.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]