Reputation: 701
Apache CXF soap client using jCIFS SSL + NTLM authentication JDK 5
I am trying to authenticate against a SOAP webservice using NTLM authentication as mentioned at Apache CXF with stack as following -
- jcifs-1.3.17.jar
- cxf-2.7.11
- NTLM + SSL
- JDK 5 (I possibly cannot change this)
Every time I try and connect it refuses with 401 unauthorized access because it uses my underlying NT credentials which are not authorised instead of valid ones that I configured in code. (I had to modify jCIFS as it doesnt support SSL + NTLM to return HTTPs version of NtlmHttpURLConnection). Similar result when used HTTP Async mechanism.
String domainController = "xxx.xxx.xxx";
UniAddress dc = UniAddress.getByName(domainController, true);
jcifs.Config.setProperty("http.auth.ntlm.domain", "xxx.xxx.xxx");
jcifs.Config.setProperty("jcifs.smb.client.domain", "domain");
jcifs.Config.setProperty("jcifs.netbios.wins", dc.getHostAddress());
jcifs.Config.setProperty("jcifs.smb.client.soTimeout", "300000"); // 5 minutes
jcifs.Config.setProperty("jcifs.netbios.cachePolicy", "1200"); // 20 minutes
jcifs.Config.setProperty("jcifs.smb.client.username", USER);
jcifs.Config.setProperty("jcifs.smb.client.password", PWD);
//Register the jcifs URL handler to enable NTLM
jcifs.Config.registerSmbURLHandler();
HelloWorld src = new HelloWorld();
ClientProxyFactoryBean factory = new ClientProxyFactoryBean(new JaxWsClientFactoryBean());
factory.setServiceClass( IHelloWorld.class );
factory.setAddress(SERVICE_URL);
factory.setUsername(USER);
factory.setPassword(PWD);
IHelloWorld service = (IHelloWorld ) factory.create();
Client client = ClientProxy.getClient(service);
HTTPConduit http = (HTTPConduit) client.getConduit();
System.out.println(http.getClass().getName());
//org.apache.cxf.transport.http.URLConnectionHTTPConduit
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnectionTimeout(36000);
httpClientPolicy.setAllowChunking(false);
http.setClient(httpClientPolicy);
http.getAuthorization().setAuthorizationType("NTLM");
http.getAuthorization().setUserName(USER);
http.getAuthorization().setPassword(PWD);
http.getClient().setAllowChunking( false );
http.getClient().setAutoRedirect( true );
TLSClientParameters tcp = new TLSClientParameters();
tcp.setTrustManagers( new TrustManager[]{ new TrustAllX509TrustManager() } );
http.setTlsClientParameters( tcp );
System.out.println("Invoking service...");
String msg= "echo";
try {
String res = service.readMessage(msg);
System.out.println("readMessage.result=" + res);
} catch (Exception e) {
e.printStackTrace();
}
Upong running this code I get following exception trace
: domain\ is unauthorized user at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source) at java.lang.reflect.Constructor.newInstance(Unknown Source) at org.apache.cxf.interceptor.ClientFaultConverter.processFaultDetail(ClientFaultConverter.java:175) at org.apache.cxf.interceptor.ClientFaultConverter.handleMessage(ClientFaultConverter.java:78) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:845) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1624) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1513) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1318) at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:632) at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:570) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:479) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) at org.apache.cxf.frontend.ClientProxy.invoke(ClientProxy.java:81) at com.sun.proxy.$Proxy44.readMessage(Unknown Source)
Upvotes: 1
Views: 1903
Answers (2)
Reputation: 701
After hours of struggle trying to juggle between JDK 5 stack and other SOAP framework like Axis2 and CXF, I finally manged to do with a raw SOAP client that can pretty much do the job I neeed. Following is code that helped get it done even with custom NT logins than underlying ones.
public final class JCIFSEngine implements NTLMEngine {
private static final int TYPE_1_FLAGS = NtlmFlags.NTLMSSP_NEGOTIATE_56
| NtlmFlags.NTLMSSP_NEGOTIATE_128
| NtlmFlags.NTLMSSP_NEGOTIATE_NTLM2
| NtlmFlags.NTLMSSP_NEGOTIATE_ALWAYS_SIGN
| NtlmFlags.NTLMSSP_REQUEST_TARGET;
public String generateType1Msg(final String domain, final String workstation)
throws NTLMEngineException {
final Type1Message type1Message = new Type1Message(TYPE_1_FLAGS,
domain, workstation);
return Base64.encode(type1Message.toByteArray());
}
public String generateType3Msg(final String username,
final String password, final String domain,
final String workstation, final String challenge)
throws NTLMEngineException {
Type2Message type2Message;
try {
type2Message = new Type2Message(Base64.decode(challenge));
} catch (final IOException exception) {
throw new NTLMEngineException("Invalid NTLM type 2 message",
exception);
}
final int type2Flags = type2Message.getFlags();
final int type3Flags = type2Flags
& (0xffffffff ^ (NtlmFlags.NTLMSSP_TARGET_TYPE_DOMAIN | NtlmFlags.NTLMSSP_TARGET_TYPE_SERVER));
final Type3Message type3Message = new Type3Message(type2Message,
password, domain, username, workstation, type3Flags);
return Base64.encode(type3Message.toByteArray());
}
}
public class JCIFSNTLMSchemeFactory implements AuthSchemeProvider {
public AuthScheme create(final HttpContext context) {
return new NTLMScheme(new JCIFSEngine());
}
}
The use HttpClient object to register custom NTLM Engine and Auth scheme registry -
protected Registry<AuthSchemeProvider> getAuthRegistry() {
Registry<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder
.<AuthSchemeProvider> create()
.register(AuthSchemes.NTLM, new JCIFSNTLMSchemeFactory())
.build();
return authSchemeRegistry;
}
protected CredentialsProvider getCredentialsProvider(String user,
String pass, String domain) {
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(new AuthScope(AuthScope.ANY_HOST,
AuthScope.ANY_PORT, AuthScope.ANY_REALM, AuthSchemes.NTLM),
new NTCredentials(user, pass, null, domain));
return credsProvider;
}
HttpClientBuilder httpClientBuilder = HttpClients.custom();
httpClientBuilder.setDefaultAuthSchemeRegistry(getAuthRegistry());
httpClientBuilder
.setDefaultCredentialsProvider(getCredentialsProvider(
config.getUserName(), config.getPassword(),
config.getDomain()));
if (config.isProxy()) {
HttpHost proxy = new HttpHost(config.getProxyHost(),
config.getPort());
httpClientBuilder.setProxy(proxy);
}
httpClientBuilder.build();
Hope this helps someone with similar issue. Cheers
Upvotes: 1
Reputation: 11228
CXF 2.7.x does not support JDK 5. From the CXF FAQ:
Can CXF run with JDK 1.5?
Yes for CXF 2.6.x and older. Keep in mind though that Java 2 SE 5.0 with JDK 1.5 has reached end of life (EOL). CXF 2.7.x no longer supports Java 5. In order to upgrade to 2.7.x, you must be using Java 6 (or newer).
Upvotes: 1
Related Questions
- How to implement client authentication when using java code and Apache CXF as SOAP client?
- CXF SOAP Client with NTLM to SharePoint
- How do you use TLS/SSL Http Authentication with a CXF client to a web service?
- Apache CXF 3.1.6 webservice client - NTLM Authentication
- CXF + wsdl2java + authentication
- SharePoint Webservice from Java Webapp using CXF with Kerberos/NTLM authentication
- Apache cxf java client + ntlm authentication and multi user support
- Invoke a secured CA https SOAP service with a CXF client
- How do I setup a CXF/SOAP client connection over https with username/password (no certificate)
- Java client for SOAP web service with NTLM authentication