[Melbourne-pm] Web auth meth

Mathew Robertson mathew.robertson at netratings.com.au
Wed Sep 10 18:28:49 PDT 2008

> You'll get a lot better mileage if you use the last two optional 
> arguments in the XmlHttpRequest open() method to specify username and 
> password. Otherwise you'll find that you can't override Auth headers 
> that the browser decides to set, at least for Basic Auth (I haven't 
> tried it with Digest). I explore some of this issues in my RESTful Web 
> Services 
> <http://extjs.com/learn/Manual:RESTful_Web_Services#HTTP_Authentication> 
> article on the ExtJS wiki.

We use a javascript soap client called "soapclient"... anyway, within 
the code it says:

  // Some WS implementations (i.e. BEA WebLogic Server 10.0 JAX-WS) 
don't support Challenge/Response
  // HTTP BASIC, so we send authorization headers in the first request
  xmlHttp.setRequestHeader("Authorization", "Basic " + 
SOAPClient._toBase64(SOAPClient.userName + ":" + SOAPClient.password));

So I guess this library has found that the two optional arguments dont 
always do the right thing, as the server code doesn't work correctly...

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/melbourne-pm/attachments/20080911/344ea765/attachment.html>

More information about the Melbourne-pm mailing list