You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by "Talkov, Roger" <Ro...@automic.com> on 2015/07/13 05:30:13 UTC
Read WSDL with Digest authentication
Hi,
I am able to read a WSDL with Basic Authentication, but not Digest.
The code is the same except for the authorizationType.
I create a Bus and setup a ConduitConfigurer which sets the AuthorizationPolicy.
When his didn't work, I added an authSupplier to the conduit so I could set a breakpoint, I can see the authSupplier returning a token which I get from CXFs DigestAuthSupplier. I can successfully use the same AuthorizationPolicy and authSupplier when invoking an operation on the service, but not when the WSDL needs digest authentication. I can see the WSDL in a browser with Digest, but not with my code.
Bus bus = CXFBusFactory.newInstance ().createBus ()
ConduitConfigurer conduitConfig = new ConduitConfigurer(connection)
bus.setExtension(conduitConfig, HTTPConduitConfigurer.class)
JaxWsDynamicClientFactory factory = JaxWsDynamicClientFactory.newInstance (bus)
Client client = factory.createClient (url)
ConduitConfigurer--------
public class ConduitConfigurer implements HTTPConduitConfigurer
{
private Map connection;
public ConduitConfigurer (Map connection)
{
this.connection = connection;
}
/* (non-Javadoc)
* @see org.apache.cxf.transport.http.HTTPConduitConfigurer#configure(java.lang.String, java.lang.String, org.apache.cxf.transport.http.HTTPConduit)
*/
@Override
public void configure(String name, String address, HTTPConduit conduit)
{
AuthorizationPolicy authorizationPolicy = new AuthorizationPolicy();
authorizationPolicy.setUserName(connection.user)
authorizationPolicy.setPassword(connection.password)
authorizationPolicy.setAuthorizationType(connection.authMethod)
conduit.setAuthorization(authorizationPolicy);
conduit.setAuthSupplier (new BasicDigestAuthSupplier (connection.authMethod, false, null, 0, null))
}
Thanks,
Roger
This email (including any attachments) may contain information which is privileged, confidential, or protected. If you are not the intended recipient, note that any disclosure, copying, distribution, or use of the contents of this message and attached files is prohibited. If you have received this email in error, please notify the sender and delete this email and any attached files.
RE: Read WSDL with Digest authentication
Posted by gdelbusto <Ge...@automic.com>.
Hi,
I am a coworker of Rogers. What we found is that there is an issue with
CXF's digest authentication when there are query parameters. I.e.
http://myhost/service?WSDL uses http:/myhost/service as the URL for the
digest token which does not work. I created a bug:
https://issues.apache.org/jira/browse/CXF-6574
<https://issues.apache.org/jira/browse/CXF-6574>
Just wanted to update the post in case someone else is searching on the same
issue.
Thanks
--
View this message in context: http://cxf.547215.n5.nabble.com/Read-WSDL-with-Digest-authentication-tp5759086p5760648.html
Sent from the cxf-user mailing list archive at Nabble.com.
RE: Read WSDL with Digest authentication
Posted by "Talkov, Roger" <Ro...@automic.com>.
Hi Colm,
We are using 3.0.4 and also tried 3.1.1 and got the same error.
Roger
-----Original Message-----
From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
Sent: Wednesday, July 15, 2015 9:03 AM
To: users@cxf.apache.org
Subject: Re: Read WSDL with Digest authentication
Hi Roger,
Thanks for that. I added a testcase to CXF based on your client configuration and it works fine:
https://git1-us-west.apache.org/repos/asf?p=cxf.git;a=commit;h=1d713726
The request is a GET not a HEAD:
Address: http://localhost:46701/SoapContext/SoapPort?wsdl
Http-Method: GET
Content-Type: text/xml
Headers: {Accept=[*/*], Authorization=[Digest response="c4829ca0b368aed132f4a2ff7618670a",
cnonce="3cab7da56e9721642a7b647238722e88", username="ffang", nc="00000001", nonce="6AzJ/Ya4+R7oGMNWcFp2Rv7ZUrmMiFBH", realm="WSRealm", qop="auth", uri="/SoapContext/SoapPort", algorithm="MD5"], Cache-Control=[no-cache], connection=[keep-alive], content-type=[text/xml], Host=[localhost:46701], Pragma=[no-cache], User-Agent=[Apache CXF 3.1.2-SNAPSHOT-d76d6a928a850a05151657caa8b962c00961c1c6]}
What version of CXF are you using? Maybe this is a bug that was fixed in a more recent release?
Colm.
On Wed, Jul 15, 2015 at 12:34 AM, Talkov, Roger <Ro...@automic.com>
wrote:
> Hi Colm,
>
> I saw that only 1 attachment was allowed , so my last email didn't
> include the java code.
> The zip file contains 2 small java classes
>
> Roger
>
> -----Original Message-----
> From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> Sent: Tuesday, July 14, 2015 7:30 AM
> To: users@cxf.apache.org
> Subject: Re: Read WSDL with Digest authentication
>
> It looks like a bug. Could you create a test-case to reproduce the problem?
>
> Colm.
>
> On Mon, Jul 13, 2015 at 4:30 AM, Talkov, Roger
> <Ro...@automic.com>
> wrote:
>
> > Hi,
> >
> > I am able to read a WSDL with Basic Authentication, but not Digest.
> > The code is the same except for the authorizationType.
> > I create a Bus and setup a ConduitConfigurer which sets the
> > AuthorizationPolicy.
> > When his didn't work, I added an authSupplier to the conduit so I
> > could set a breakpoint, I can see the authSupplier returning a token
> > which I get from CXFs DigestAuthSupplier. I can successfully use the
> > same AuthorizationPolicy and authSupplier when invoking an operation
> > on the service, but not when the WSDL needs digest authentication. I
> > can see the WSDL in a browser with Digest, but not with my code.
> >
> > Bus bus = CXFBusFactory.newInstance ().createBus ()
> > ConduitConfigurer conduitConfig = new ConduitConfigurer(connection)
> > bus.setExtension(conduitConfig, HTTPConduitConfigurer.class)
> > JaxWsDynamicClientFactory factory =
> > JaxWsDynamicClientFactory.newInstance (bus)
> > Client client = factory.createClient (url)
> >
> > ConduitConfigurer--------
> >
> > public class ConduitConfigurer implements HTTPConduitConfigurer {
> >
> > private Map connection;
> >
> > public ConduitConfigurer (Map connection)
> > {
> > this.connection = connection;
> > }
> >
> > /* (non-Javadoc)
> > * @see
> > org.apache.cxf.transport.http.HTTPConduitConfigurer#configure(java.l
> > an g.String, java.lang.String,
> > org.apache.cxf.transport.http.HTTPConduit)
> > */
> > @Override
> > public void configure(String name, String address, HTTPConduit conduit)
> > {
> >
> > AuthorizationPolicy authorizationPolicy = new
> AuthorizationPolicy();
> > authorizationPolicy.setUserName(connection.user)
> > authorizationPolicy.setPassword(connection.password)
> >
> > authorizationPolicy.setAuthorizationType(connection.authMethod)
> >
> > conduit.setAuthorization(authorizationPolicy);
> >
> > conduit.setAuthSupplier (new BasicDigestAuthSupplier
> > (connection.authMethod, false, null, 0, null))
> > }
> >
> > Thanks,
> >
> > Roger
> > This email (including any attachments) may contain information which
> > is privileged, confidential, or protected. If you are not the
> > intended recipient, note that any disclosure, copying, distribution,
> > or use of the contents of this message and attached files is
> > prohibited. If you have received this email in error, please notify
> > the sender and delete this email and any attached files.
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
> This email (including any attachments) may contain information which
> is privileged, confidential, or protected. If you are not the intended
> recipient, note that any disclosure, copying, distribution, or use of
> the contents of this message and attached files is prohibited. If you
> have received this email in error, please notify the sender and delete
> this email and any attached files.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
This email (including any attachments) may contain information which is privileged, confidential, or protected. If you are not the intended recipient, note that any disclosure, copying, distribution, or use of the contents of this message and attached files is prohibited. If you have received this email in error, please notify the sender and delete this email and any attached files.
Re: Read WSDL with Digest authentication
Posted by Colm O hEigeartaigh <co...@apache.org>.
Hi Roger,
Thanks for that. I added a testcase to CXF based on your client
configuration and it works fine:
https://git1-us-west.apache.org/repos/asf?p=cxf.git;a=commit;h=1d713726
The request is a GET not a HEAD:
Address: http://localhost:46701/SoapContext/SoapPort?wsdl
Http-Method: GET
Content-Type: text/xml
Headers: {Accept=[*/*], Authorization=[Digest
response="c4829ca0b368aed132f4a2ff7618670a",
cnonce="3cab7da56e9721642a7b647238722e88", username="ffang", nc="00000001",
nonce="6AzJ/Ya4+R7oGMNWcFp2Rv7ZUrmMiFBH", realm="WSRealm", qop="auth",
uri="/SoapContext/SoapPort", algorithm="MD5"], Cache-Control=[no-cache],
connection=[keep-alive], content-type=[text/xml], Host=[localhost:46701],
Pragma=[no-cache], User-Agent=[Apache CXF
3.1.2-SNAPSHOT-d76d6a928a850a05151657caa8b962c00961c1c6]}
What version of CXF are you using? Maybe this is a bug that was fixed in a
more recent release?
Colm.
On Wed, Jul 15, 2015 at 12:34 AM, Talkov, Roger <Ro...@automic.com>
wrote:
> Hi Colm,
>
> I saw that only 1 attachment was allowed , so my last email didn't include
> the java code.
> The zip file contains 2 small java classes
>
> Roger
>
> -----Original Message-----
> From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> Sent: Tuesday, July 14, 2015 7:30 AM
> To: users@cxf.apache.org
> Subject: Re: Read WSDL with Digest authentication
>
> It looks like a bug. Could you create a test-case to reproduce the problem?
>
> Colm.
>
> On Mon, Jul 13, 2015 at 4:30 AM, Talkov, Roger <Ro...@automic.com>
> wrote:
>
> > Hi,
> >
> > I am able to read a WSDL with Basic Authentication, but not Digest.
> > The code is the same except for the authorizationType.
> > I create a Bus and setup a ConduitConfigurer which sets the
> > AuthorizationPolicy.
> > When his didn't work, I added an authSupplier to the conduit so I
> > could set a breakpoint, I can see the authSupplier returning a token
> > which I get from CXFs DigestAuthSupplier. I can successfully use the
> > same AuthorizationPolicy and authSupplier when invoking an operation
> > on the service, but not when the WSDL needs digest authentication. I
> > can see the WSDL in a browser with Digest, but not with my code.
> >
> > Bus bus = CXFBusFactory.newInstance ().createBus ()
> > ConduitConfigurer conduitConfig = new ConduitConfigurer(connection)
> > bus.setExtension(conduitConfig, HTTPConduitConfigurer.class)
> > JaxWsDynamicClientFactory factory =
> > JaxWsDynamicClientFactory.newInstance (bus)
> > Client client = factory.createClient (url)
> >
> > ConduitConfigurer--------
> >
> > public class ConduitConfigurer implements HTTPConduitConfigurer {
> >
> > private Map connection;
> >
> > public ConduitConfigurer (Map connection)
> > {
> > this.connection = connection;
> > }
> >
> > /* (non-Javadoc)
> > * @see
> > org.apache.cxf.transport.http.HTTPConduitConfigurer#configure(java.lan
> > g.String, java.lang.String, org.apache.cxf.transport.http.HTTPConduit)
> > */
> > @Override
> > public void configure(String name, String address, HTTPConduit conduit)
> > {
> >
> > AuthorizationPolicy authorizationPolicy = new
> AuthorizationPolicy();
> > authorizationPolicy.setUserName(connection.user)
> > authorizationPolicy.setPassword(connection.password)
> > authorizationPolicy.setAuthorizationType(connection.authMethod)
> >
> > conduit.setAuthorization(authorizationPolicy);
> >
> > conduit.setAuthSupplier (new BasicDigestAuthSupplier
> > (connection.authMethod, false, null, 0, null))
> > }
> >
> > Thanks,
> >
> > Roger
> > This email (including any attachments) may contain information which
> > is privileged, confidential, or protected. If you are not the intended
> > recipient, note that any disclosure, copying, distribution, or use of
> > the contents of this message and attached files is prohibited. If you
> > have received this email in error, please notify the sender and delete
> > this email and any attached files.
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
> This email (including any attachments) may contain information which is
> privileged, confidential, or protected. If you are not the intended
> recipient, note that any disclosure, copying, distribution, or use of the
> contents of this message and attached files is prohibited. If you have
> received this email in error, please notify the sender and delete this
> email and any attached files.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
RE: Read WSDL with Digest authentication
Posted by "Talkov, Roger" <Ro...@automic.com>.
Hi Colm,
I saw that only 1 attachment was allowed , so my last email didn't include the java code.
The zip file contains 2 small java classes
Roger
-----Original Message-----
From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
Sent: Tuesday, July 14, 2015 7:30 AM
To: users@cxf.apache.org
Subject: Re: Read WSDL with Digest authentication
It looks like a bug. Could you create a test-case to reproduce the problem?
Colm.
On Mon, Jul 13, 2015 at 4:30 AM, Talkov, Roger <Ro...@automic.com>
wrote:
> Hi,
>
> I am able to read a WSDL with Basic Authentication, but not Digest.
> The code is the same except for the authorizationType.
> I create a Bus and setup a ConduitConfigurer which sets the
> AuthorizationPolicy.
> When his didn't work, I added an authSupplier to the conduit so I
> could set a breakpoint, I can see the authSupplier returning a token
> which I get from CXFs DigestAuthSupplier. I can successfully use the
> same AuthorizationPolicy and authSupplier when invoking an operation
> on the service, but not when the WSDL needs digest authentication. I
> can see the WSDL in a browser with Digest, but not with my code.
>
> Bus bus = CXFBusFactory.newInstance ().createBus ()
> ConduitConfigurer conduitConfig = new ConduitConfigurer(connection)
> bus.setExtension(conduitConfig, HTTPConduitConfigurer.class)
> JaxWsDynamicClientFactory factory =
> JaxWsDynamicClientFactory.newInstance (bus)
> Client client = factory.createClient (url)
>
> ConduitConfigurer--------
>
> public class ConduitConfigurer implements HTTPConduitConfigurer {
>
> private Map connection;
>
> public ConduitConfigurer (Map connection)
> {
> this.connection = connection;
> }
>
> /* (non-Javadoc)
> * @see
> org.apache.cxf.transport.http.HTTPConduitConfigurer#configure(java.lan
> g.String, java.lang.String, org.apache.cxf.transport.http.HTTPConduit)
> */
> @Override
> public void configure(String name, String address, HTTPConduit conduit)
> {
>
> AuthorizationPolicy authorizationPolicy = new AuthorizationPolicy();
> authorizationPolicy.setUserName(connection.user)
> authorizationPolicy.setPassword(connection.password)
> authorizationPolicy.setAuthorizationType(connection.authMethod)
>
> conduit.setAuthorization(authorizationPolicy);
>
> conduit.setAuthSupplier (new BasicDigestAuthSupplier
> (connection.authMethod, false, null, 0, null))
> }
>
> Thanks,
>
> Roger
> This email (including any attachments) may contain information which
> is privileged, confidential, or protected. If you are not the intended
> recipient, note that any disclosure, copying, distribution, or use of
> the contents of this message and attached files is prohibited. If you
> have received this email in error, please notify the sender and delete
> this email and any attached files.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
This email (including any attachments) may contain information which is privileged, confidential, or protected. If you are not the intended recipient, note that any disclosure, copying, distribution, or use of the contents of this message and attached files is prohibited. If you have received this email in error, please notify the sender and delete this email and any attached files.
RE: Read WSDL with Digest authentication
Posted by "Talkov, Roger" <Ro...@automic.com>.
Hi Colm,
We are running a simple HelloWorld service, with the attached web.xml, under Tomcat and set Digest authentication for GET.
After some further investigation we saw that a HEAD request was sent rather than a GET with Digest.
With Basic authentication a GET is sent. The following error appeared in the tomcat log:
Jul 14, 2015 3:55:42 PM org.apache.cxf.services.IHelloWorldService.IHelloWorldPort.IHelloWorld
INFO: Inbound Message
----------------------------
ID: 1
Address: http://localhost:8080/WSServer/services/IHelloWorldPort?wsdl
Http-Method: HEAD
Content-Type:
Headers: {Accept=[text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2], cache-control=[no-cache], connection=[keep-alive], Content-Type=[null], host=[localhost:8080], pragma=[no-cache], user-agent=[Java/1.7.0_45]}
--------------------------------------
Jul 14, 2015 3:55:42 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
WARNING: Interceptor for {http://unknown.namespace/}IHelloWorldService has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: HTTP verb was not GET or POST
at org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:148)
at org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:66)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doHead(AbstractHTTPServlet.java:232)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:645)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265)
Roger
-----Original Message-----
From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
Sent: Tuesday, July 14, 2015 7:30 AM
To: users@cxf.apache.org
Subject: Re: Read WSDL with Digest authentication
It looks like a bug. Could you create a test-case to reproduce the problem?
Colm.
On Mon, Jul 13, 2015 at 4:30 AM, Talkov, Roger <Ro...@automic.com>
wrote:
> Hi,
>
> I am able to read a WSDL with Basic Authentication, but not Digest.
> The code is the same except for the authorizationType.
> I create a Bus and setup a ConduitConfigurer which sets the
> AuthorizationPolicy.
> When his didn't work, I added an authSupplier to the conduit so I
> could set a breakpoint, I can see the authSupplier returning a token
> which I get from CXFs DigestAuthSupplier. I can successfully use the
> same AuthorizationPolicy and authSupplier when invoking an operation
> on the service, but not when the WSDL needs digest authentication. I
> can see the WSDL in a browser with Digest, but not with my code.
>
> Bus bus = CXFBusFactory.newInstance ().createBus ()
> ConduitConfigurer conduitConfig = new ConduitConfigurer(connection)
> bus.setExtension(conduitConfig, HTTPConduitConfigurer.class)
> JaxWsDynamicClientFactory factory =
> JaxWsDynamicClientFactory.newInstance (bus)
> Client client = factory.createClient (url)
>
> ConduitConfigurer--------
>
> public class ConduitConfigurer implements HTTPConduitConfigurer {
>
> private Map connection;
>
> public ConduitConfigurer (Map connection)
> {
> this.connection = connection;
> }
>
> /* (non-Javadoc)
> * @see
> org.apache.cxf.transport.http.HTTPConduitConfigurer#configure(java.lan
> g.String, java.lang.String, org.apache.cxf.transport.http.HTTPConduit)
> */
> @Override
> public void configure(String name, String address, HTTPConduit conduit)
> {
>
> AuthorizationPolicy authorizationPolicy = new AuthorizationPolicy();
> authorizationPolicy.setUserName(connection.user)
> authorizationPolicy.setPassword(connection.password)
> authorizationPolicy.setAuthorizationType(connection.authMethod)
>
> conduit.setAuthorization(authorizationPolicy);
>
> conduit.setAuthSupplier (new BasicDigestAuthSupplier
> (connection.authMethod, false, null, 0, null))
> }
>
> Thanks,
>
> Roger
> This email (including any attachments) may contain information which
> is privileged, confidential, or protected. If you are not the intended
> recipient, note that any disclosure, copying, distribution, or use of
> the contents of this message and attached files is prohibited. If you
> have received this email in error, please notify the sender and delete
> this email and any attached files.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
This email (including any attachments) may contain information which is privileged, confidential, or protected. If you are not the intended recipient, note that any disclosure, copying, distribution, or use of the contents of this message and attached files is prohibited. If you have received this email in error, please notify the sender and delete this email and any attached files.
Re: Read WSDL with Digest authentication
Posted by Colm O hEigeartaigh <co...@apache.org>.
It looks like a bug. Could you create a test-case to reproduce the problem?
Colm.
On Mon, Jul 13, 2015 at 4:30 AM, Talkov, Roger <Ro...@automic.com>
wrote:
> Hi,
>
> I am able to read a WSDL with Basic Authentication, but not Digest.
> The code is the same except for the authorizationType.
> I create a Bus and setup a ConduitConfigurer which sets the
> AuthorizationPolicy.
> When his didn't work, I added an authSupplier to the conduit so I could
> set a breakpoint, I can see the authSupplier returning a token which I get
> from CXFs DigestAuthSupplier. I can successfully use the same
> AuthorizationPolicy and authSupplier when invoking an operation on the
> service, but not when the WSDL needs digest authentication. I can see the
> WSDL in a browser with Digest, but not with my code.
>
> Bus bus = CXFBusFactory.newInstance ().createBus ()
> ConduitConfigurer conduitConfig = new ConduitConfigurer(connection)
> bus.setExtension(conduitConfig, HTTPConduitConfigurer.class)
> JaxWsDynamicClientFactory factory =
> JaxWsDynamicClientFactory.newInstance (bus)
> Client client = factory.createClient (url)
>
> ConduitConfigurer--------
>
> public class ConduitConfigurer implements HTTPConduitConfigurer
> {
>
> private Map connection;
>
> public ConduitConfigurer (Map connection)
> {
> this.connection = connection;
> }
>
> /* (non-Javadoc)
> * @see
> org.apache.cxf.transport.http.HTTPConduitConfigurer#configure(java.lang.String,
> java.lang.String, org.apache.cxf.transport.http.HTTPConduit)
> */
> @Override
> public void configure(String name, String address, HTTPConduit conduit)
> {
>
> AuthorizationPolicy authorizationPolicy = new AuthorizationPolicy();
> authorizationPolicy.setUserName(connection.user)
> authorizationPolicy.setPassword(connection.password)
> authorizationPolicy.setAuthorizationType(connection.authMethod)
>
> conduit.setAuthorization(authorizationPolicy);
>
> conduit.setAuthSupplier (new BasicDigestAuthSupplier
> (connection.authMethod, false, null, 0, null))
> }
>
> Thanks,
>
> Roger
> This email (including any attachments) may contain information which is
> privileged, confidential, or protected. If you are not the intended
> recipient, note that any disclosure, copying, distribution, or use of the
> contents of this message and attached files is prohibited. If you have
> received this email in error, please notify the sender and delete this
> email and any attached files.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com