tracker issue : CF-4203414

select a category, or use search below
(searches all categories and all time range)
Title:

Webservice: duplicated "Authentication" record being injected into the request header in CF2016

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/Fixed

Reporter/Name(from Bugbase): / ()

Created: 10/26/2018

Components: Web Services

Versions: 2016,2018

Failure Type:

Found In Build/Fixed In Build: / CF2016U11,CF2018U4

Priority/Frequency: Normal /

Locale/System: /

Vote Count: 0

 Customer reported issue:  (Fixed by Mayur)

We have a customer who is consuming an external Web service in ColdFusion (under proxy) and its failing because there are two “Authentication” being generated.

The external web service have basic authentication security implemented at the server level, and I believe that the web services themselves use the authentication header to validate subsequent requests made from the WS object that was instantiated.

When capturing the request objects to compare the differences in what is actually being sent to the WS server (after all processing has been completed by CF/Java), the only difference is a duplicated "Authentication" record being injected into the request header in CF2016.

They want to know if CF2016 is injecting the "Authentication" credentials into the header a second time, and how to prevent it from doing that.

 

Exact same code works in CF10 (without duplicated authentication).

 

Unfortunately, we cannot have access to external web service, so this issue cannot be reproduced at our end.

 

Below is WS call and response in CF2016(Not working) and CF10 (Working). They had tried to migrate to CF11 in the past, but it didn’t work in CF11 as well.

 

<cfscript>

    ws = CreateObject("webservice",

                      "[http://xx.xx.xx.xx:8443/OnDemandRecallGoService/RecallGoService/WEB-INF/wsdl/Recall_GO.wsdl]",

                      {refreshWSDL=true,

                       username="xxxx",

                       password="zzz",

                       authtype="basic",

                       wsversion="1",

                       timeout="120",

                       proxyServer="xx.xxx.0.xx",

                       proxyPort="80"});

    writeOutput("<b>Dump of Instantiated WS Object:</b><br/>");

    writeDump(ws);

    retData = ws.processRecallGoListRequest(recallGoListRequestMessage="#arg0Struct#");

    writeDump(retData);

</cfscript>

 

 

############################################################################

### ColdFusion 2016  (DOES NOT WORK!)                                                                                ###

###########################################################################

************************************

*** HTTP REQUEST OBJECT          ***

************************************

POST /OnDemandRecallGoService/RecallGoService HTTP/1.1

Content-Type: text/xml; charset=utf-8

Accept: application/soap+xml, application/dime, multipart/related, text/*

User-Agent: Axis/1.2.1

Host: xxx.xx.xx.xx:8443

Cache-Control: no-cache

Pragma: no-cache

SOAPAction: "urn:interfaces.v1.common.ondemand.cms.chrysler.com.ProcessRecallRequest"

Content-Length: 539

Authorization: Basic YXZuemRvb25kOmF2bnpkb29uZHBhc3N3ZA==

Authorization: Basic YXZuemRvb25kOmF2bnpkb29uZHBhc3N3ZA==

Connection: Keep-Alive

<?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="[http://schemas.xmlsoap.org/soap/envelope/]" xmlns:xsd="[http://www.w3.org/2001/XMLSchema]" xmlns:xsi="[http://www.w3.org/2001/XMLSchema-instance]"><soapenv:Body><recallGoListRequest xmlns="urn:interfaces.v1.common.ondemand.cms.chrysler.com"><recallLaunch xmlns=""><ns1:launchDate xmlns:ns1="urn:v1.common.ondemand.cms.chrysler.com">2000-01-01</ns1:launchDate></recallLaunch><isTakataRecall xmlns="">Y</isTakataRecall></recallGoListRequest></soapenv:Body></soapenv:Envelope>

 

 

 

 

#########################################################################

### ColdFusion 10 (DOES WORK!)                                                                                     ###

#########################################################################

************************************

*** HTTP REQUEST OBJECT          ***

************************************

POST /OnDemandRecallGoService/RecallGoService HTTP/1.1

Content-Type: text/xml; charset=utf-8

Accept: application/soap+xml, application/dime, multipart/related, text/*

User-Agent: Axis/1.2.1

Host: xxx.xxx.xx.xx8443

Cache-Control: no-cache

Pragma: no-cache

SOAPAction: "urn:interfaces.v1.common.ondemand.cms.xxx.com.ProcessRecallRequest"

Content-Length: 539

Authorization: Basic xxxxx==

Connection: Keep-Alive

<?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="[http://schemas.xmlsoap.org/soap/envelope/]" xmlns:xsd="[http://www.w3.org/2001/XMLSchema]" xmlns:xsi="[http://www.w3.org/2001/XMLSchema-instance]"><soapenv:Body><recallGoListRequest xmlns="urn:interfaces.v1.common.ondemand.cms.chrysler.com"><recallLaunch xmlns=""><ns1:launchDate xmlns:ns1="urn:v1.common.ondemand.cms.chrysler.com">2000-01-01</ns1:launchDate></recallLaunch><isTakataRecall xmlns="">Y</isTakataRecall></recallGoListRequest></soapenv:Body></soapenv:Envelope>

Attachments:

Comments: