dkwakkel
8 years agoVisitor
SoapUI not working with Expect 100-continue header
Following scenario:
- Install on a windows machine tomee plus 1.7.3: http://tomee.apache.org/download/tomee-1.7.3.html
- Copy attached echo.war to <tomee install directory>/webapps and wait till deploy of webapp is finished
- Create a soap ui project with following wsdl (you must provide your NTLM credentials): http://<hostname>/echo/webservices/EchoWebservice?wsdl
- Test the soap method: it is working (see attached working_without_expect_header.xml)
- Enable 'Expect-continue' header in soap ui preferences => http settings
- Test the soap method: it is no longer working (see attached not_working_with_expect_header.xml)
For non working following is happening:
- soap ui sends soap request with expect header and without authentication
- tomee / tomcat responds with 401 because authentication is not present and closes the connection (see also https://bz.apache.org/bugzilla/show_bug.cgi?id=57324):
A server that responds with a final status code before reading the entire message body SHOULD indicate in that response whether it intends to close the connection or continue reading and discarding the request message (see Section 6.6 of [RFC7230]). http://tools.ietf.org/html/rfc7231#section-5.1.1
- Next soap ui sends again the request with an NTLM authentication negotiate with expect header. Tomee respond with 401, ntlm challenge and again closes the connection.
- Next soap ui sends again the request with NTLM authentication with expect header. Tomee respond with 401 because it can not connect the challenge to this authentication information (NTLM is a connection based authentication protocol).
In my opinion:
- Soap UI must not send the expect header when sending the NTLM negotiate.
- Soap UI could choose to not send the POST body when sending the NTLM negotiate.
- Soap UI could wait some time (e.g. as .Net 350 ms) before sending payload. Else 100-continue has no use.
Am I correct 1 is a bug? And what about the other two?
Also when I let the tomee server with a valve return 417 expectation failed header soap ui can not handle it (it should repost without Expect header)