Win a copy of The Way of the Web Tester: A Beginner's Guide to Automating Tests this week in the Testing forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Same WS called with 3 user names

Rolf Schuch
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I call a web service to receive data from different sources. For each source, I have a different user name and password. The URLs are always the same: /theirservice/login, /theirservice/getData, /theirservice/logout, always the same host name and port. The web service uses Apache Tomcat 4.1.24 (I can tell from the error pages).

I use HTTP POST requests with Digest authentication to access the web service. That means I start with a call to /theirservice/login, then I receive an HTTP 401 with a session cookie and hashing info (realm, qop="auth", nonce, opaque), which I use in a second call to /theirservice/login. Once I get the HTTP 200 OK, I call /theirservice/getData with the same cookie and authentication. And /theirservice/logout at the end.

My problem: For source1 (the one I've been using for weeks), everything works fine. But for source2 and source3 (whose credentials I was given recently), I only get HTTP 401s. I analyzed the HTTP requests and responses in Wireshark - I can see I use fresh cookies and nonces for every connection. And it does work for source1.

I'm 100% sure the user names and passwords are right, because the /theirservice/login call worked once for each source in Google Chrome. But I need it to work in my Java client and in my Perl script because I need to post search parameters to /theirservice/getData.

I tried with a Java client using org.apache.commons.httpclient.HttpClient, another Java client using (because their service is a RETS service), and a Perl script. HTTP 401 every time I try to log in with user names source2 and source3, no problem with source1. It doesn't seem to matter whether or not I have called /theirservice/logout at the end of a source1 session.

I thought their service may have remembered my IP, so I opened /theirservice/login in a browser window on my smartphone. Same result: source2 and source3 don't work, source1 does.

The only things that are different between source1 and source2/source3 is the user names and passwords. They use the same server, realm, user agent and RETS-Version (that's a special HTTP header for this kind of service).

Any idea what I can do to call the same web service with multiple user names, from the same IP? The calls don't have to be at the same time. I can load the data from source1 first, then source2, then source3.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic