You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Bruno Melloni <Br...@chickasaw.net> on 2010/03/11 15:20:20 UTC
Service authentication credentials
I am trying to access a Microsoft-developed service that requires authentication. Being Microsoft, they do not document anything at the web service level since they want you to use Visual Studio which creates a .NET proxy that is capable of using NTLM to supply the username/password to the underlying web service. I *think* that they are following web services standards for the underlying web service.
Of course, I am trying to use a CXF client to access the underlying web service from Java. I used wsdl2java to generate the java classes, but I see no credentials-related information (which you do see in the .NET proxy). That makes me suspect that they must be in the stored in the SOAP headers and that in CXF we access them in a different way.
I could use any clues on how to:
a) Figure out how authentication is being done for this web service.
b) Figure out how to provide the credentials to the web service when called. I am using the Spring approach to get the CXF client proxy and my current configuration looks like:
<jaxws:client id="gpClient" address="http://myServer.myDomain/DynamicsGPWebServices/DynamicsGPService.asmx"
serviceClass="com.microsoft.schemas.dynamics.gp._2006._01.DynamicsX0020GPSoap" />
Needless to say, my experience with CXF is not too deep (created and called a few services via the Spring method - the simplest), and my knowledge of web services authentication is zero. Unfortunately CXF's documentation isn't very helpful for someone at my stage of learning CXF. I'll appreciate any help I can get.
I tried to attach a copy of the WSDL for the service that I'm trying to access, but it exceeds the size limits for this mailing list.
RE: Service authentication credentials
Posted by Bruno Melloni <Br...@chickasaw.net>.
I think I did what you said and I made some progress, it loads the bean fine, but now cxf blows up with little information about why.
My updated cxf configuration and the stacktrace are:
<jaxws:client id="gpClient" address="http://myServer/DynamicsGPWebServices/DynamicsGPService.asmx"
serviceClass="com.microsoft.schemas.dynamics.gp._2006._01.DynamicsX0020GPSoap" />
<http-conf:conduit name="*.http-conduit">
<http-conf:authorization>
<cxf-sec:UserName>myUsername</cxf-sec:UserName>
<cxf-sec:Password>myPassword</cxf-sec:Password>
</http-conf:authorization>
<http-conf:client AllowChunking="false" ConnectionTimeout="60000"/>
</http-conf:conduit>
Loading client proxy from context.
Loaded client proxy from context.
Calling ws method getVendorList().
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: The application encountered an unhandled system exception. Contact your system administrator for details.
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:146)
at $Proxy61.getVendorList(Unknown Source)
at wstest.Test.main(Test.java:57)
Caused by: org.apache.cxf.binding.soap.SoapFault: The application encountered an unhandled system exception. Contact your system administrator for details.
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75)
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46)
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:99)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:672)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2254)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2134)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1988)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:639)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:484)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:310)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:262)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
... 2 more
-----Original Message-----
From: Daniel Kulp [mailto:dkulp@apache.org]
Sent: Thursday, April 08, 2010 9:01 PM
To: users@cxf.apache.org
Cc: Bruno Melloni; Nate Woody
Subject: Re: Service authentication credentials
On Thursday 08 April 2010 6:04:35 pm Bruno Melloni wrote:
> As you suggested, I am now using Java 6 and CXF 2.2.7. It sounds like
> doing NTLM authentication should be trivial. But I can't seem to find the
> right documentation for doing this in Spring, or even something that
> explains what goes which tag.
>
> The following snippet is probably close to what I need, but I know it is
> still wrong. I highlighted the parts that are obviously wrong. I suspect
> that there are more. Can you help me make it right?
>
>
> <http-conf:conduit name="*.http-conduit">
> <http-conf:authorization>
> <Authorization>NTLM?</Authorization>
> <AuthorizationType>NTLM?</AuthorizationType>
I think just don't specify them and let the JVM negotiate them.
> <UserName>myUsername</UserName>
> <Password>myPassword</Password>
> </http-conf:authorization>
> <http-conf:client AllowChunking="false" ConnectionTimeout="60000"/>
> </http-conf:conduit>
One thing to check is the namespace on the UserName and password elements.
They should be in the security config namespace of:
http://cxf.apache.org/configuration/security
Unqualified elements won't work here.
Dan
>
>
> Thanks,
>
>
>
> Bruno
>
>
>
> -----Original Message-----
> From: Daniel Kulp [mailto:dkulp@apache.org]
> Sent: Tuesday, March 16, 2010 10:43 PM
> To: users@cxf.apache.org
> Cc: Bruno Melloni; Nate Woody
> Subject: Re: Service authentication credentials
>
>
>
>
>
> There is a small section on NTLM stuff at the bottom of:
>
> http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
>
>
>
> The main suggestion is to use Java6 and CXF 2.2.6 (or preferrably 2.2.7
> when I
>
> build that in the next couple days which fixes a potential bug in this
> area).
>
> With NTLM built into the JDK, it becomes much easier. Just set the
> username
>
> and password like normal basic auth and it pretty much will just work.
>
>
>
> Dan
>
> On Monday 15 March 2010 9:42:54 am Bruno Melloni wrote:
> > Ron, I've had no problems writing clients for 'normal' web services
> > written
> >
> > in .NET.
> >
> >
> >
> >
> >
> >
> >
> > Nate, yes, it is Great Plains, written by Microsoft. It seems to not be
> >
> > WS-S, but rather NTLM authentication in the headers (captured and
> > included
> >
> > below). I found the following article discussing HTTP client stacks that
> >
> > can deal with NTLM authentication:
> >
> > http://oaklandsoftware.com/papers/ntlm.html. I also found the following
> >
> > the following thread from 2008 on how somebody managed to make it work
> >
> > with CXF in a programmatic way:
> >
> > http://old.nabble.com/NTLM-Support--td16447079.html. It mentions a link
> >
> > to the CXF wiki, but it has since gone dead. In case it is relevant, I
> > am
> >
> > using CXF 2.2.2.
> >
> >
> >
> >
> >
> >
> >
> > The questions that remain are:
> >
> >
> >
> >
> >
> >
> >
> > - Has CXF evolved since 2008 so that there is a cleaner way to use
> > NTLM
> >
> > authentication?
> >
> >
> >
> > - How to translate the programmatic solution to something that can be
> >
> > put in the Spring context file, perhaps as properties under the
> >
> > <jaxws:client> tag?
> >
> >
> >
> >
> >
> >
> >
> > If the answer to my questions is obvious I apologize for my ignorance. I
> >
> > am quite comfortable with the Spring-based approach to CXF but I am still
> >
> > not very familiar with doing CXF without it.
> >
> >
> >
> >
> >
> >
> >
> > Thanks.
> >
> >
> >
> >
> >
> >
> >
> > -----
> >
> >
> >
> > HEADERS:
> >
> >
> >
> >
> >
> >
> >
> > POST http://ddusek1108:88/DynamicsGPWebServices/DynamicsGPService.asmx
> >
> > HTTP/1.1
> >
> >
> >
> > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client
> >
> > Protocol 2.0.50727.832)
> >
> >
> >
> > VsDebuggerCausalityData:
> >
> > uIDPo5dDV8l0LwpLmWT/FsojNsYAAAAAHmXIxE8tmEaZBSfNmWFGWEGujufiJq5JoaaQyRTzT
> > 2
> >
> > gACAAA
> >
> >
> >
> > Content-Type: text/xml; charset=utf-8
> >
> >
> >
> > SOAPAction:
> >
> > "http://schemas.microsoft.com/dynamics/gp/2006/01/GetCustomerList"
> >
> >
> >
> > Authorization: NTLM
> >
> > TlRMTVNTUAADAAAAGAAYAHwAAAAYABgAlAAAABgAGABIAAAACAAIAGAAAAAUABQAaAAAABAAE
> > A
> >
> > CsAAAANYKI4gUCzg4AAAAPbgBvAHIAdABoAGEAbQBlAHIAaQBjAGEAcAByAG8AdABEAEQAVQB
> > TA
> >
> > EUASwAxADEAMAA4AAKY0Sa9Kp9OAAAAAAAAAAAAAAAAAAAAAKvDCPBVwuwaRtfaI/6mTH6Pms
> > +c
> >
> > gk2JNgmzIC1jRA2cWXofHirtcb0=
> >
> >
> >
> > Host: ddusek1108:88
> >
> >
> >
> > Content-Length: 626
> >
> >
> >
> > Expect: 100-continue
> >
> >
> >
> >
> >
> >
> >
> > <?xml version="1.0" encoding="utf-8"?><soap:Envelope
> >
> > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> >
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> >
> > xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><GetCustomerList
> >
> > xmlns="http://schemas.microsoft.com/dynamics/gp/2006/01"><criteria><Name>
> > <
> >
> > Like>%</Like></Name><Scope>Return All</Scope></criteria><Context
> >
> > xmlns="http://schemas.microsoft.com/dynamics/2006/01"><OrganizationKey
> >
> > xsi:type="CompanyKey"><Id>-1</Id></OrganizationKey><CultureName>en-US</Cu
> > l
> >
> > tureName><CurrencyType>Transactional</CurrencyType></Context></GetCustome
> > rL
> >
> > ist></soap:Body></soap:Envelope>
> >
> >
> >
> >
> >
> >
> >
> > -----
> >
> >
> >
> >
> >
> >
> >
> > -----Original Message-----
> >
> > From: Nate Woody [mailto:naw47@cac.cornell.edu]
> >
> > Sent: Thursday, March 11, 2010 8:40 AM
> >
> > To: users@cxf.apache.org
> >
> > Subject: RE: Service authentication credentials
> >
> >
> >
> >
> >
> >
> >
> > I've been forced to write quite a few CXF clients to Microsoft services,
> >
> >
> >
> > I think the mailing list is littered with my questions about that. Is
> >
> >
> >
> > this a service someone developed using Microsoft tools, or a service
> >
> >
> >
> > produced by Microsoft? That's a Great Plains reference? I've often had
> >
> >
> >
> > trouble with figuring the security mechanism from a MS wsdl, so I tend
> >
> >
> >
> > to go pragmatic and start here:
> >
> >
> >
> >
> >
> >
> >
> > 1) What does the service reply with when you call it from CXF? If it's
> >
> >
> >
> > something as simple as WS-S, you ought to get a complaint about missing
> >
> >
> >
> > security headers.
> >
> >
> >
> >
> >
> >
> >
> > 2) It sounds like you have a functional .NET implementation. Log the
> >
> >
> >
> > packets from that implementation and take a look at what's going in.
> >
> >
> >
> >
> >
> >
> >
> > Best,
> >
> >
> >
> > Nate
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > -----Original Message-----
> >
> >
> >
> > From: Bruno Melloni [mailto:Bruno.Melloni@chickasaw.net]
> >
> >
> >
> > Sent: Thursday, March 11, 2010 9:20 AM
> >
> >
> >
> > To: 'users@cxf.apache.org'
> >
> >
> >
> > Subject: Service authentication credentials
> >
> >
> >
> >
> >
> >
> >
> > I am trying to access a Microsoft-developed service that requires
> >
> >
> >
> > authentication. Being Microsoft, they do not document anything at the
> >
> >
> >
> > web service level since they want you to use Visual Studio which creates
> >
> >
> >
> > a .NET proxy that is capable of using NTLM to supply the
> >
> >
> >
> > username/password to the underlying web service. I *think* that they
> >
> >
> >
> > are following web services standards for the underlying web service.
> >
> >
> >
> >
> >
> >
> >
> > Of course, I am trying to use a CXF client to access the underlying web
> >
> >
> >
> > service from Java. I used wsdl2java to generate the java classes, but I
> >
> >
> >
> > see no credentials-related information (which you do see in the .NET
> >
> >
> >
> > proxy). That makes me suspect that they must be in the stored in the
> >
> >
> >
> > SOAP headers and that in CXF we access them in a different way.
> >
> >
> >
> >
> >
> >
> >
> > I could use any clues on how to:
> >
> >
> >
> >
> >
> >
> >
> > a) Figure out how authentication is being done for this web service.
> >
> >
> >
> >
> >
> >
> >
> > b) Figure out how to provide the credentials to the web service when
> >
> >
> >
> > called. I am using the Spring approach to get the CXF client proxy and
> >
> > my current configuration looks like:
> > <jaxws:client id="gpClient"
> >
> > address="http://myServer.myDomain/DynamicsGPWebServices/DynamicsGPServic
> >
> >
> >
> > e.asmx"
> >
> >
> >
> >
> >
> >
> >
> > serviceClass="com.microsoft.schemas.dynamics.gp._2006._01.DynamicsX0020G
> >
> >
> >
> > PSoap" />
> >
> >
> >
> >
> >
> >
> >
> > Needless to say, my experience with CXF is not too deep (created and
> >
> >
> >
> > called a few services via the Spring method - the simplest), and my
> >
> >
> >
> > knowledge of web services authentication is zero. Unfortunately CXF's
> >
> >
> >
> > documentation isn't very helpful for someone at my stage of learning
> >
> >
> >
> > CXF. I'll appreciate any help I can get.
> >
> >
> >
> >
> >
> >
> >
> > I tried to attach a copy of the WSDL for the service that I'm trying to
> >
> >
> >
> > access, but it exceeds the size limits for this mailing list.
>
> --
>
> Daniel Kulp
>
> dkulp@apache.org
>
> http://dankulp.com/blog
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
Re: Service authentication credentials
Posted by Daniel Kulp <dk...@apache.org>.
Very cool. I'm glad it's now working for you.
Dan
On Monday 12 April 2010 11:13:30 am Bruno Melloni wrote:
> Ignore this error. The configuration below seems to work fine for NTLM
> authentication.
>
> I found out that the call was succeeding, but that I was passing a value
> that the server didn't like, and the Microsoft GP Web Services server is
> not very graceful about notifying the client of 'what went wrong'. I
> changed the value and no more exception. I still have some issues, but at
> this point they don't look related to CXF.
>
> Thank you very much Daniel. Not even Microsoft support (the authors of the
> service) could figure out how to do this, but you did.
>
> bruno
>
>
> -----Original Message-----
> From: Bruno Melloni
> Sent: Monday, April 12, 2010 8:52 AM
> To: 'Daniel Kulp'; users@cxf.apache.org
> Cc: Nate Woody
> Subject: RE: Service authentication credentials
>
> I think I did what you said and I made some progress, it loads the bean
> fine, but now cxf blows up with little information about why.
>
> My updated cxf configuration and the stacktrace are:
>
> <jaxws:client id="gpClient"
> address="http://myServer/DynamicsGPWebServices/DynamicsGPService.asmx"
> serviceClass="com.microsoft.schemas.dynamics.gp._2006._01.DynamicsX0020GPS
> oap" />
>
> <http-conf:conduit name="*.http-conduit">
> <http-conf:authorization>
> <cxf-sec:UserName>myUsername</cxf-sec:UserName>
> <cxf-sec:Password>myPassword</cxf-sec:Password>
> </http-conf:authorization>
> <http-conf:client AllowChunking="false" ConnectionTimeout="60000"/>
> </http-conf:conduit>
>
> Loading client proxy from context.
> Loaded client proxy from context.
> Calling ws method getVendorList().
> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: The
> application encountered an unhandled system exception. Contact your
> system administrator for details. at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:146) at
> $Proxy61.getVendorList(Unknown Source)
> at wstest.Test.main(Test.java:57)
> Caused by: org.apache.cxf.binding.soap.SoapFault: The application
> encountered an unhandled system exception. Contact your system
> administrator for details. at
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshal
> Fault(Soap11FaultInInterceptor.java:75) at
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMes
> sage(Soap11FaultInInterceptor.java:46) at
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMes
> sage(Soap11FaultInInterceptor.java:35) at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorCha
> in.java:243) at
> org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(A
> bstractFaultChainInitiatorObserver.java:99) at
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessag
> e(CheckFaultInterceptor.java:69) at
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessag
> e(CheckFaultInterceptor.java:34) at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorCha
> in.java:243) at
> org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:672) at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespon
> seInternal(HTTPConduit.java:2254) at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespon
> se(HTTPConduit.java:2134) at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPCo
> nduit.java:1988) at
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66) at
> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:639) at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInt
> erceptor.handleMessage(MessageSenderInterceptor.java:62) at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorCha
> in.java:243) at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:484) at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:310) at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:262) at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> ... 2 more
>
>
>
> -----Original Message-----
> From: Daniel Kulp [mailto:dkulp@apache.org]
> Sent: Thursday, April 08, 2010 9:01 PM
> To: users@cxf.apache.org
> Cc: Bruno Melloni; Nate Woody
> Subject: Re: Service authentication credentials
>
> On Thursday 08 April 2010 6:04:35 pm Bruno Melloni wrote:
> > As you suggested, I am now using Java 6 and CXF 2.2.7. It sounds like
> > doing NTLM authentication should be trivial. But I can't seem to find
> > the right documentation for doing this in Spring, or even something that
> > explains what goes which tag.
> >
> > The following snippet is probably close to what I need, but I know it is
> > still wrong. I highlighted the parts that are obviously wrong. I
> > suspect that there are more. Can you help me make it right?
> >
> > <http-conf:conduit name="*.http-conduit">
> >
> > <http-conf:authorization>
> >
> > <Authorization>NTLM?</Authorization>
> > <AuthorizationType>NTLM?</AuthorizationType>
>
> I think just don't specify them and let the JVM negotiate them.
>
> > <UserName>myUsername</UserName>
> > <Password>myPassword</Password>
> >
> > </http-conf:authorization>
> > <http-conf:client AllowChunking="false" ConnectionTimeout="60000"/>
> >
> > </http-conf:conduit>
>
> One thing to check is the namespace on the UserName and password elements.
> They should be in the security config namespace of:
> http://cxf.apache.org/configuration/security
> Unqualified elements won't work here.
>
> Dan
>
> > Thanks,
> >
> >
> >
> > Bruno
> >
> >
> >
> > -----Original Message-----
> > From: Daniel Kulp [mailto:dkulp@apache.org]
> > Sent: Tuesday, March 16, 2010 10:43 PM
> > To: users@cxf.apache.org
> > Cc: Bruno Melloni; Nate Woody
> > Subject: Re: Service authentication credentials
> >
> >
> >
> >
> >
> > There is a small section on NTLM stuff at the bottom of:
> >
> > http://cxf.apache.org/docs/client-http-transport-including-ssl-support.ht
> > ml
> >
> >
> >
> > The main suggestion is to use Java6 and CXF 2.2.6 (or preferrably 2.2.7
> > when I
> >
> > build that in the next couple days which fixes a potential bug in this
> > area).
> >
> > With NTLM built into the JDK, it becomes much easier. Just set the
> > username
> >
> > and password like normal basic auth and it pretty much will just work.
> >
> >
> >
> > Dan
> >
> > On Monday 15 March 2010 9:42:54 am Bruno Melloni wrote:
> > > Ron, I've had no problems writing clients for 'normal' web services
> > > written
> > >
> > > in .NET.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Nate, yes, it is Great Plains, written by Microsoft. It seems to not
> > > be
> > >
> > > WS-S, but rather NTLM authentication in the headers (captured and
> > > included
> > >
> > > below). I found the following article discussing HTTP client stacks
> > > that
> > >
> > > can deal with NTLM authentication:
> > >
> > > http://oaklandsoftware.com/papers/ntlm.html. I also found the
> > > following
> > >
> > > the following thread from 2008 on how somebody managed to make it work
> > >
> > > with CXF in a programmatic way:
> > >
> > > http://old.nabble.com/NTLM-Support--td16447079.html. It mentions a
> > > link
> > >
> > > to the CXF wiki, but it has since gone dead. In case it is relevant, I
> > > am
> > >
> > > using CXF 2.2.2.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > The questions that remain are:
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > - Has CXF evolved since 2008 so that there is a cleaner way to use
> > > NTLM
> > >
> > > authentication?
> > >
> > >
> > >
> > > - How to translate the programmatic solution to something that can
> > > be
> > >
> > > put in the Spring context file, perhaps as properties under the
> > >
> > > <jaxws:client> tag?
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > If the answer to my questions is obvious I apologize for my ignorance.
> > > I
> > >
> > > am quite comfortable with the Spring-based approach to CXF but I am
> > > still
> > >
> > > not very familiar with doing CXF without it.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Thanks.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > -----
> > >
> > >
> > >
> > > HEADERS:
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > POST http://ddusek1108:88/DynamicsGPWebServices/DynamicsGPService.asmx
> > >
> > > HTTP/1.1
> > >
> > >
> > >
> > > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client
> > >
> > > Protocol 2.0.50727.832)
> > >
> > >
> > >
> > > VsDebuggerCausalityData:
> > >
> > > uIDPo5dDV8l0LwpLmWT/FsojNsYAAAAAHmXIxE8tmEaZBSfNmWFGWEGujufiJq5JoaaQyRT
> > > zT 2
> > >
> > > gACAAA
> > >
> > >
> > >
> > > Content-Type: text/xml; charset=utf-8
> > >
> > >
> > >
> > > SOAPAction:
> > >
> > > "http://schemas.microsoft.com/dynamics/gp/2006/01/GetCustomerList"
> > >
> > >
> > >
> > > Authorization: NTLM
> > >
> > > TlRMTVNTUAADAAAAGAAYAHwAAAAYABgAlAAAABgAGABIAAAACAAIAGAAAAAUABQAaAAAABA
> > > AE A
> > >
> > > CsAAAANYKI4gUCzg4AAAAPbgBvAHIAdABoAGEAbQBlAHIAaQBjAGEAcAByAG8AdABEAEQAV
> > > QB TA
> > >
> > > EUASwAxADEAMAA4AAKY0Sa9Kp9OAAAAAAAAAAAAAAAAAAAAAKvDCPBVwuwaRtfaI/6mTH6P
> > > ms +c
> > >
> > > gk2JNgmzIC1jRA2cWXofHirtcb0=
> > >
> > >
> > >
> > > Host: ddusek1108:88
> > >
> > >
> > >
> > > Content-Length: 626
> > >
> > >
> > >
> > > Expect: 100-continue
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > <?xml version="1.0" encoding="utf-8"?><soap:Envelope
> > >
> > > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> > >
> > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > >
> > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><GetCustomerLis
> > > t
> > >
> > > xmlns="http://schemas.microsoft.com/dynamics/gp/2006/01"><criteria><Nam
> > > e> <
> > >
> > > Like>%</Like></Name><Scope>Return All</Scope></criteria><Context
> > >
> > > xmlns="http://schemas.microsoft.com/dynamics/2006/01"><OrganizationKey
> > >
> > > xsi:type="CompanyKey"><Id>-1</Id></OrganizationKey><CultureName>en-US</
> > > Cu l
> > >
> > > tureName><CurrencyType>Transactional</CurrencyType></Context></GetCusto
> > > me rL
> > >
> > > ist></soap:Body></soap:Envelope>
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > -----
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > -----Original Message-----
> > >
> > > From: Nate Woody [mailto:naw47@cac.cornell.edu]
> > >
> > > Sent: Thursday, March 11, 2010 8:40 AM
> > >
> > > To: users@cxf.apache.org
> > >
> > > Subject: RE: Service authentication credentials
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > I've been forced to write quite a few CXF clients to Microsoft
> > > services,
> > >
> > >
> > >
> > > I think the mailing list is littered with my questions about that. Is
> > >
> > >
> > >
> > > this a service someone developed using Microsoft tools, or a service
> > >
> > >
> > >
> > > produced by Microsoft? That's a Great Plains reference? I've often had
> > >
> > >
> > >
> > > trouble with figuring the security mechanism from a MS wsdl, so I tend
> > >
> > >
> > >
> > > to go pragmatic and start here:
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > 1) What does the service reply with when you call it from CXF? If it's
> > >
> > >
> > >
> > > something as simple as WS-S, you ought to get a complaint about missing
> > >
> > >
> > >
> > > security headers.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > 2) It sounds like you have a functional .NET implementation. Log the
> > >
> > >
> > >
> > > packets from that implementation and take a look at what's going in.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Best,
> > >
> > >
> > >
> > > Nate
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > -----Original Message-----
> > >
> > >
> > >
> > > From: Bruno Melloni [mailto:Bruno.Melloni@chickasaw.net]
> > >
> > >
> > >
> > > Sent: Thursday, March 11, 2010 9:20 AM
> > >
> > >
> > >
> > > To: 'users@cxf.apache.org'
> > >
> > >
> > >
> > > Subject: Service authentication credentials
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > I am trying to access a Microsoft-developed service that requires
> > >
> > >
> > >
> > > authentication. Being Microsoft, they do not document anything at the
> > >
> > >
> > >
> > > web service level since they want you to use Visual Studio which
> > > creates
> > >
> > >
> > >
> > > a .NET proxy that is capable of using NTLM to supply the
> > >
> > >
> > >
> > > username/password to the underlying web service. I *think* that they
> > >
> > >
> > >
> > > are following web services standards for the underlying web service.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Of course, I am trying to use a CXF client to access the underlying web
> > >
> > >
> > >
> > > service from Java. I used wsdl2java to generate the java classes, but
> > > I
> > >
> > >
> > >
> > > see no credentials-related information (which you do see in the .NET
> > >
> > >
> > >
> > > proxy). That makes me suspect that they must be in the stored in the
> > >
> > >
> > >
> > > SOAP headers and that in CXF we access them in a different way.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > I could use any clues on how to:
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > a) Figure out how authentication is being done for this web service.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > b) Figure out how to provide the credentials to the web service when
> > >
> > >
> > >
> > > called. I am using the Spring approach to get the CXF client proxy and
> > >
> > > my current configuration looks like:
> > > <jaxws:client id="gpClient"
> > >
> > > address="http://myServer.myDomain/DynamicsGPWebServices/DynamicsGPServi
> > > c
> > >
> > >
> > >
> > > e.asmx"
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > serviceClass="com.microsoft.schemas.dynamics.gp._2006._01.DynamicsX0020
> > > G
> > >
> > >
> > >
> > > PSoap" />
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Needless to say, my experience with CXF is not too deep (created and
> > >
> > >
> > >
> > > called a few services via the Spring method - the simplest), and my
> > >
> > >
> > >
> > > knowledge of web services authentication is zero. Unfortunately CXF's
> > >
> > >
> > >
> > > documentation isn't very helpful for someone at my stage of learning
> > >
> > >
> > >
> > > CXF. I'll appreciate any help I can get.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > I tried to attach a copy of the WSDL for the service that I'm trying to
> > >
> > >
> > >
> > > access, but it exceeds the size limits for this mailing list.
> >
> > --
> >
> > Daniel Kulp
> >
> > dkulp@apache.org
> >
> > http://dankulp.com/blog
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
RE: Service authentication credentials
Posted by Bruno Melloni <Br...@chickasaw.net>.
Ignore this error. The configuration below seems to work fine for NTLM authentication.
I found out that the call was succeeding, but that I was passing a value that the server didn't like, and the Microsoft GP Web Services server is not very graceful about notifying the client of 'what went wrong'. I changed the value and no more exception. I still have some issues, but at this point they don't look related to CXF.
Thank you very much Daniel. Not even Microsoft support (the authors of the service) could figure out how to do this, but you did.
bruno
-----Original Message-----
From: Bruno Melloni
Sent: Monday, April 12, 2010 8:52 AM
To: 'Daniel Kulp'; users@cxf.apache.org
Cc: Nate Woody
Subject: RE: Service authentication credentials
I think I did what you said and I made some progress, it loads the bean fine, but now cxf blows up with little information about why.
My updated cxf configuration and the stacktrace are:
<jaxws:client id="gpClient" address="http://myServer/DynamicsGPWebServices/DynamicsGPService.asmx"
serviceClass="com.microsoft.schemas.dynamics.gp._2006._01.DynamicsX0020GPSoap" />
<http-conf:conduit name="*.http-conduit">
<http-conf:authorization>
<cxf-sec:UserName>myUsername</cxf-sec:UserName>
<cxf-sec:Password>myPassword</cxf-sec:Password>
</http-conf:authorization>
<http-conf:client AllowChunking="false" ConnectionTimeout="60000"/>
</http-conf:conduit>
Loading client proxy from context.
Loaded client proxy from context.
Calling ws method getVendorList().
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: The application encountered an unhandled system exception. Contact your system administrator for details.
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:146)
at $Proxy61.getVendorList(Unknown Source)
at wstest.Test.main(Test.java:57)
Caused by: org.apache.cxf.binding.soap.SoapFault: The application encountered an unhandled system exception. Contact your system administrator for details.
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75)
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46)
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:99)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:672)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2254)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2134)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1988)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:639)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:484)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:310)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:262)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
... 2 more
-----Original Message-----
From: Daniel Kulp [mailto:dkulp@apache.org]
Sent: Thursday, April 08, 2010 9:01 PM
To: users@cxf.apache.org
Cc: Bruno Melloni; Nate Woody
Subject: Re: Service authentication credentials
On Thursday 08 April 2010 6:04:35 pm Bruno Melloni wrote:
> As you suggested, I am now using Java 6 and CXF 2.2.7. It sounds like
> doing NTLM authentication should be trivial. But I can't seem to find the
> right documentation for doing this in Spring, or even something that
> explains what goes which tag.
>
> The following snippet is probably close to what I need, but I know it is
> still wrong. I highlighted the parts that are obviously wrong. I suspect
> that there are more. Can you help me make it right?
>
>
> <http-conf:conduit name="*.http-conduit">
> <http-conf:authorization>
> <Authorization>NTLM?</Authorization>
> <AuthorizationType>NTLM?</AuthorizationType>
I think just don't specify them and let the JVM negotiate them.
> <UserName>myUsername</UserName>
> <Password>myPassword</Password>
> </http-conf:authorization>
> <http-conf:client AllowChunking="false" ConnectionTimeout="60000"/>
> </http-conf:conduit>
One thing to check is the namespace on the UserName and password elements.
They should be in the security config namespace of:
http://cxf.apache.org/configuration/security
Unqualified elements won't work here.
Dan
>
>
> Thanks,
>
>
>
> Bruno
>
>
>
> -----Original Message-----
> From: Daniel Kulp [mailto:dkulp@apache.org]
> Sent: Tuesday, March 16, 2010 10:43 PM
> To: users@cxf.apache.org
> Cc: Bruno Melloni; Nate Woody
> Subject: Re: Service authentication credentials
>
>
>
>
>
> There is a small section on NTLM stuff at the bottom of:
>
> http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
>
>
>
> The main suggestion is to use Java6 and CXF 2.2.6 (or preferrably 2.2.7
> when I
>
> build that in the next couple days which fixes a potential bug in this
> area).
>
> With NTLM built into the JDK, it becomes much easier. Just set the
> username
>
> and password like normal basic auth and it pretty much will just work.
>
>
>
> Dan
>
> On Monday 15 March 2010 9:42:54 am Bruno Melloni wrote:
> > Ron, I've had no problems writing clients for 'normal' web services
> > written
> >
> > in .NET.
> >
> >
> >
> >
> >
> >
> >
> > Nate, yes, it is Great Plains, written by Microsoft. It seems to not be
> >
> > WS-S, but rather NTLM authentication in the headers (captured and
> > included
> >
> > below). I found the following article discussing HTTP client stacks that
> >
> > can deal with NTLM authentication:
> >
> > http://oaklandsoftware.com/papers/ntlm.html. I also found the following
> >
> > the following thread from 2008 on how somebody managed to make it work
> >
> > with CXF in a programmatic way:
> >
> > http://old.nabble.com/NTLM-Support--td16447079.html. It mentions a link
> >
> > to the CXF wiki, but it has since gone dead. In case it is relevant, I
> > am
> >
> > using CXF 2.2.2.
> >
> >
> >
> >
> >
> >
> >
> > The questions that remain are:
> >
> >
> >
> >
> >
> >
> >
> > - Has CXF evolved since 2008 so that there is a cleaner way to use
> > NTLM
> >
> > authentication?
> >
> >
> >
> > - How to translate the programmatic solution to something that can be
> >
> > put in the Spring context file, perhaps as properties under the
> >
> > <jaxws:client> tag?
> >
> >
> >
> >
> >
> >
> >
> > If the answer to my questions is obvious I apologize for my ignorance. I
> >
> > am quite comfortable with the Spring-based approach to CXF but I am still
> >
> > not very familiar with doing CXF without it.
> >
> >
> >
> >
> >
> >
> >
> > Thanks.
> >
> >
> >
> >
> >
> >
> >
> > -----
> >
> >
> >
> > HEADERS:
> >
> >
> >
> >
> >
> >
> >
> > POST http://ddusek1108:88/DynamicsGPWebServices/DynamicsGPService.asmx
> >
> > HTTP/1.1
> >
> >
> >
> > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client
> >
> > Protocol 2.0.50727.832)
> >
> >
> >
> > VsDebuggerCausalityData:
> >
> > uIDPo5dDV8l0LwpLmWT/FsojNsYAAAAAHmXIxE8tmEaZBSfNmWFGWEGujufiJq5JoaaQyRTzT
> > 2
> >
> > gACAAA
> >
> >
> >
> > Content-Type: text/xml; charset=utf-8
> >
> >
> >
> > SOAPAction:
> >
> > "http://schemas.microsoft.com/dynamics/gp/2006/01/GetCustomerList"
> >
> >
> >
> > Authorization: NTLM
> >
> > TlRMTVNTUAADAAAAGAAYAHwAAAAYABgAlAAAABgAGABIAAAACAAIAGAAAAAUABQAaAAAABAAE
> > A
> >
> > CsAAAANYKI4gUCzg4AAAAPbgBvAHIAdABoAGEAbQBlAHIAaQBjAGEAcAByAG8AdABEAEQAVQB
> > TA
> >
> > EUASwAxADEAMAA4AAKY0Sa9Kp9OAAAAAAAAAAAAAAAAAAAAAKvDCPBVwuwaRtfaI/6mTH6Pms
> > +c
> >
> > gk2JNgmzIC1jRA2cWXofHirtcb0=
> >
> >
> >
> > Host: ddusek1108:88
> >
> >
> >
> > Content-Length: 626
> >
> >
> >
> > Expect: 100-continue
> >
> >
> >
> >
> >
> >
> >
> > <?xml version="1.0" encoding="utf-8"?><soap:Envelope
> >
> > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> >
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> >
> > xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><GetCustomerList
> >
> > xmlns="http://schemas.microsoft.com/dynamics/gp/2006/01"><criteria><Name>
> > <
> >
> > Like>%</Like></Name><Scope>Return All</Scope></criteria><Context
> >
> > xmlns="http://schemas.microsoft.com/dynamics/2006/01"><OrganizationKey
> >
> > xsi:type="CompanyKey"><Id>-1</Id></OrganizationKey><CultureName>en-US</Cu
> > l
> >
> > tureName><CurrencyType>Transactional</CurrencyType></Context></GetCustome
> > rL
> >
> > ist></soap:Body></soap:Envelope>
> >
> >
> >
> >
> >
> >
> >
> > -----
> >
> >
> >
> >
> >
> >
> >
> > -----Original Message-----
> >
> > From: Nate Woody [mailto:naw47@cac.cornell.edu]
> >
> > Sent: Thursday, March 11, 2010 8:40 AM
> >
> > To: users@cxf.apache.org
> >
> > Subject: RE: Service authentication credentials
> >
> >
> >
> >
> >
> >
> >
> > I've been forced to write quite a few CXF clients to Microsoft services,
> >
> >
> >
> > I think the mailing list is littered with my questions about that. Is
> >
> >
> >
> > this a service someone developed using Microsoft tools, or a service
> >
> >
> >
> > produced by Microsoft? That's a Great Plains reference? I've often had
> >
> >
> >
> > trouble with figuring the security mechanism from a MS wsdl, so I tend
> >
> >
> >
> > to go pragmatic and start here:
> >
> >
> >
> >
> >
> >
> >
> > 1) What does the service reply with when you call it from CXF? If it's
> >
> >
> >
> > something as simple as WS-S, you ought to get a complaint about missing
> >
> >
> >
> > security headers.
> >
> >
> >
> >
> >
> >
> >
> > 2) It sounds like you have a functional .NET implementation. Log the
> >
> >
> >
> > packets from that implementation and take a look at what's going in.
> >
> >
> >
> >
> >
> >
> >
> > Best,
> >
> >
> >
> > Nate
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > -----Original Message-----
> >
> >
> >
> > From: Bruno Melloni [mailto:Bruno.Melloni@chickasaw.net]
> >
> >
> >
> > Sent: Thursday, March 11, 2010 9:20 AM
> >
> >
> >
> > To: 'users@cxf.apache.org'
> >
> >
> >
> > Subject: Service authentication credentials
> >
> >
> >
> >
> >
> >
> >
> > I am trying to access a Microsoft-developed service that requires
> >
> >
> >
> > authentication. Being Microsoft, they do not document anything at the
> >
> >
> >
> > web service level since they want you to use Visual Studio which creates
> >
> >
> >
> > a .NET proxy that is capable of using NTLM to supply the
> >
> >
> >
> > username/password to the underlying web service. I *think* that they
> >
> >
> >
> > are following web services standards for the underlying web service.
> >
> >
> >
> >
> >
> >
> >
> > Of course, I am trying to use a CXF client to access the underlying web
> >
> >
> >
> > service from Java. I used wsdl2java to generate the java classes, but I
> >
> >
> >
> > see no credentials-related information (which you do see in the .NET
> >
> >
> >
> > proxy). That makes me suspect that they must be in the stored in the
> >
> >
> >
> > SOAP headers and that in CXF we access them in a different way.
> >
> >
> >
> >
> >
> >
> >
> > I could use any clues on how to:
> >
> >
> >
> >
> >
> >
> >
> > a) Figure out how authentication is being done for this web service.
> >
> >
> >
> >
> >
> >
> >
> > b) Figure out how to provide the credentials to the web service when
> >
> >
> >
> > called. I am using the Spring approach to get the CXF client proxy and
> >
> > my current configuration looks like:
> > <jaxws:client id="gpClient"
> >
> > address="http://myServer.myDomain/DynamicsGPWebServices/DynamicsGPServic
> >
> >
> >
> > e.asmx"
> >
> >
> >
> >
> >
> >
> >
> > serviceClass="com.microsoft.schemas.dynamics.gp._2006._01.DynamicsX0020G
> >
> >
> >
> > PSoap" />
> >
> >
> >
> >
> >
> >
> >
> > Needless to say, my experience with CXF is not too deep (created and
> >
> >
> >
> > called a few services via the Spring method - the simplest), and my
> >
> >
> >
> > knowledge of web services authentication is zero. Unfortunately CXF's
> >
> >
> >
> > documentation isn't very helpful for someone at my stage of learning
> >
> >
> >
> > CXF. I'll appreciate any help I can get.
> >
> >
> >
> >
> >
> >
> >
> > I tried to attach a copy of the WSDL for the service that I'm trying to
> >
> >
> >
> > access, but it exceeds the size limits for this mailing list.
>
> --
>
> Daniel Kulp
>
> dkulp@apache.org
>
> http://dankulp.com/blog
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
Re: Service authentication credentials
Posted by Daniel Kulp <dk...@apache.org>.
On Thursday 08 April 2010 6:04:35 pm Bruno Melloni wrote:
> As you suggested, I am now using Java 6 and CXF 2.2.7. It sounds like
> doing NTLM authentication should be trivial. But I can't seem to find the
> right documentation for doing this in Spring, or even something that
> explains what goes which tag.
>
> The following snippet is probably close to what I need, but I know it is
> still wrong. I highlighted the parts that are obviously wrong. I suspect
> that there are more. Can you help me make it right?
>
>
> <http-conf:conduit name="*.http-conduit">
> <http-conf:authorization>
> <Authorization>NTLM?</Authorization>
> <AuthorizationType>NTLM?</AuthorizationType>
I think just don't specify them and let the JVM negotiate them.
> <UserName>myUsername</UserName>
> <Password>myPassword</Password>
> </http-conf:authorization>
> <http-conf:client AllowChunking="false" ConnectionTimeout="60000"/>
> </http-conf:conduit>
One thing to check is the namespace on the UserName and password elements.
They should be in the security config namespace of:
http://cxf.apache.org/configuration/security
Unqualified elements won't work here.
Dan
>
>
> Thanks,
>
>
>
> Bruno
>
>
>
> -----Original Message-----
> From: Daniel Kulp [mailto:dkulp@apache.org]
> Sent: Tuesday, March 16, 2010 10:43 PM
> To: users@cxf.apache.org
> Cc: Bruno Melloni; Nate Woody
> Subject: Re: Service authentication credentials
>
>
>
>
>
> There is a small section on NTLM stuff at the bottom of:
>
> http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
>
>
>
> The main suggestion is to use Java6 and CXF 2.2.6 (or preferrably 2.2.7
> when I
>
> build that in the next couple days which fixes a potential bug in this
> area).
>
> With NTLM built into the JDK, it becomes much easier. Just set the
> username
>
> and password like normal basic auth and it pretty much will just work.
>
>
>
> Dan
>
> On Monday 15 March 2010 9:42:54 am Bruno Melloni wrote:
> > Ron, I've had no problems writing clients for 'normal' web services
> > written
> >
> > in .NET.
> >
> >
> >
> >
> >
> >
> >
> > Nate, yes, it is Great Plains, written by Microsoft. It seems to not be
> >
> > WS-S, but rather NTLM authentication in the headers (captured and
> > included
> >
> > below). I found the following article discussing HTTP client stacks that
> >
> > can deal with NTLM authentication:
> >
> > http://oaklandsoftware.com/papers/ntlm.html. I also found the following
> >
> > the following thread from 2008 on how somebody managed to make it work
> >
> > with CXF in a programmatic way:
> >
> > http://old.nabble.com/NTLM-Support--td16447079.html. It mentions a link
> >
> > to the CXF wiki, but it has since gone dead. In case it is relevant, I
> > am
> >
> > using CXF 2.2.2.
> >
> >
> >
> >
> >
> >
> >
> > The questions that remain are:
> >
> >
> >
> >
> >
> >
> >
> > - Has CXF evolved since 2008 so that there is a cleaner way to use
> > NTLM
> >
> > authentication?
> >
> >
> >
> > - How to translate the programmatic solution to something that can be
> >
> > put in the Spring context file, perhaps as properties under the
> >
> > <jaxws:client> tag?
> >
> >
> >
> >
> >
> >
> >
> > If the answer to my questions is obvious I apologize for my ignorance. I
> >
> > am quite comfortable with the Spring-based approach to CXF but I am still
> >
> > not very familiar with doing CXF without it.
> >
> >
> >
> >
> >
> >
> >
> > Thanks.
> >
> >
> >
> >
> >
> >
> >
> > -----
> >
> >
> >
> > HEADERS:
> >
> >
> >
> >
> >
> >
> >
> > POST http://ddusek1108:88/DynamicsGPWebServices/DynamicsGPService.asmx
> >
> > HTTP/1.1
> >
> >
> >
> > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client
> >
> > Protocol 2.0.50727.832)
> >
> >
> >
> > VsDebuggerCausalityData:
> >
> > uIDPo5dDV8l0LwpLmWT/FsojNsYAAAAAHmXIxE8tmEaZBSfNmWFGWEGujufiJq5JoaaQyRTzT
> > 2
> >
> > gACAAA
> >
> >
> >
> > Content-Type: text/xml; charset=utf-8
> >
> >
> >
> > SOAPAction:
> >
> > "http://schemas.microsoft.com/dynamics/gp/2006/01/GetCustomerList"
> >
> >
> >
> > Authorization: NTLM
> >
> > TlRMTVNTUAADAAAAGAAYAHwAAAAYABgAlAAAABgAGABIAAAACAAIAGAAAAAUABQAaAAAABAAE
> > A
> >
> > CsAAAANYKI4gUCzg4AAAAPbgBvAHIAdABoAGEAbQBlAHIAaQBjAGEAcAByAG8AdABEAEQAVQB
> > TA
> >
> > EUASwAxADEAMAA4AAKY0Sa9Kp9OAAAAAAAAAAAAAAAAAAAAAKvDCPBVwuwaRtfaI/6mTH6Pms
> > +c
> >
> > gk2JNgmzIC1jRA2cWXofHirtcb0=
> >
> >
> >
> > Host: ddusek1108:88
> >
> >
> >
> > Content-Length: 626
> >
> >
> >
> > Expect: 100-continue
> >
> >
> >
> >
> >
> >
> >
> > <?xml version="1.0" encoding="utf-8"?><soap:Envelope
> >
> > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> >
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> >
> > xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><GetCustomerList
> >
> > xmlns="http://schemas.microsoft.com/dynamics/gp/2006/01"><criteria><Name>
> > <
> >
> > Like>%</Like></Name><Scope>Return All</Scope></criteria><Context
> >
> > xmlns="http://schemas.microsoft.com/dynamics/2006/01"><OrganizationKey
> >
> > xsi:type="CompanyKey"><Id>-1</Id></OrganizationKey><CultureName>en-US</Cu
> > l
> >
> > tureName><CurrencyType>Transactional</CurrencyType></Context></GetCustome
> > rL
> >
> > ist></soap:Body></soap:Envelope>
> >
> >
> >
> >
> >
> >
> >
> > -----
> >
> >
> >
> >
> >
> >
> >
> > -----Original Message-----
> >
> > From: Nate Woody [mailto:naw47@cac.cornell.edu]
> >
> > Sent: Thursday, March 11, 2010 8:40 AM
> >
> > To: users@cxf.apache.org
> >
> > Subject: RE: Service authentication credentials
> >
> >
> >
> >
> >
> >
> >
> > I've been forced to write quite a few CXF clients to Microsoft services,
> >
> >
> >
> > I think the mailing list is littered with my questions about that. Is
> >
> >
> >
> > this a service someone developed using Microsoft tools, or a service
> >
> >
> >
> > produced by Microsoft? That's a Great Plains reference? I've often had
> >
> >
> >
> > trouble with figuring the security mechanism from a MS wsdl, so I tend
> >
> >
> >
> > to go pragmatic and start here:
> >
> >
> >
> >
> >
> >
> >
> > 1) What does the service reply with when you call it from CXF? If it's
> >
> >
> >
> > something as simple as WS-S, you ought to get a complaint about missing
> >
> >
> >
> > security headers.
> >
> >
> >
> >
> >
> >
> >
> > 2) It sounds like you have a functional .NET implementation. Log the
> >
> >
> >
> > packets from that implementation and take a look at what's going in.
> >
> >
> >
> >
> >
> >
> >
> > Best,
> >
> >
> >
> > Nate
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > -----Original Message-----
> >
> >
> >
> > From: Bruno Melloni [mailto:Bruno.Melloni@chickasaw.net]
> >
> >
> >
> > Sent: Thursday, March 11, 2010 9:20 AM
> >
> >
> >
> > To: 'users@cxf.apache.org'
> >
> >
> >
> > Subject: Service authentication credentials
> >
> >
> >
> >
> >
> >
> >
> > I am trying to access a Microsoft-developed service that requires
> >
> >
> >
> > authentication. Being Microsoft, they do not document anything at the
> >
> >
> >
> > web service level since they want you to use Visual Studio which creates
> >
> >
> >
> > a .NET proxy that is capable of using NTLM to supply the
> >
> >
> >
> > username/password to the underlying web service. I *think* that they
> >
> >
> >
> > are following web services standards for the underlying web service.
> >
> >
> >
> >
> >
> >
> >
> > Of course, I am trying to use a CXF client to access the underlying web
> >
> >
> >
> > service from Java. I used wsdl2java to generate the java classes, but I
> >
> >
> >
> > see no credentials-related information (which you do see in the .NET
> >
> >
> >
> > proxy). That makes me suspect that they must be in the stored in the
> >
> >
> >
> > SOAP headers and that in CXF we access them in a different way.
> >
> >
> >
> >
> >
> >
> >
> > I could use any clues on how to:
> >
> >
> >
> >
> >
> >
> >
> > a) Figure out how authentication is being done for this web service.
> >
> >
> >
> >
> >
> >
> >
> > b) Figure out how to provide the credentials to the web service when
> >
> >
> >
> > called. I am using the Spring approach to get the CXF client proxy and
> >
> > my current configuration looks like:
> > <jaxws:client id="gpClient"
> >
> > address="http://myServer.myDomain/DynamicsGPWebServices/DynamicsGPServic
> >
> >
> >
> > e.asmx"
> >
> >
> >
> >
> >
> >
> >
> > serviceClass="com.microsoft.schemas.dynamics.gp._2006._01.DynamicsX0020G
> >
> >
> >
> > PSoap" />
> >
> >
> >
> >
> >
> >
> >
> > Needless to say, my experience with CXF is not too deep (created and
> >
> >
> >
> > called a few services via the Spring method - the simplest), and my
> >
> >
> >
> > knowledge of web services authentication is zero. Unfortunately CXF's
> >
> >
> >
> > documentation isn't very helpful for someone at my stage of learning
> >
> >
> >
> > CXF. I'll appreciate any help I can get.
> >
> >
> >
> >
> >
> >
> >
> > I tried to attach a copy of the WSDL for the service that I'm trying to
> >
> >
> >
> > access, but it exceeds the size limits for this mailing list.
>
> --
>
> Daniel Kulp
>
> dkulp@apache.org
>
> http://dankulp.com/blog
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
RE: Service authentication credentials
Posted by Bruno Melloni <Br...@chickasaw.net>.
As you suggested, I am now using Java 6 and CXF 2.2.7. It sounds like doing NTLM authentication should be trivial. But I can't seem to find the right documentation for doing this in Spring, or even something that explains what goes which tag.
The following snippet is probably close to what I need, but I know it is still wrong. I highlighted the parts that are obviously wrong. I suspect that there are more. Can you help me make it right?
<http-conf:conduit name="*.http-conduit">
<http-conf:authorization>
<Authorization>NTLM?</Authorization>
<AuthorizationType>NTLM?</AuthorizationType>
<UserName>myUsername</UserName>
<Password>myPassword</Password>
</http-conf:authorization>
<http-conf:client AllowChunking="false" ConnectionTimeout="60000"/>
</http-conf:conduit>
Thanks,
Bruno
-----Original Message-----
From: Daniel Kulp [mailto:dkulp@apache.org]
Sent: Tuesday, March 16, 2010 10:43 PM
To: users@cxf.apache.org
Cc: Bruno Melloni; Nate Woody
Subject: Re: Service authentication credentials
There is a small section on NTLM stuff at the bottom of:
http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
The main suggestion is to use Java6 and CXF 2.2.6 (or preferrably 2.2.7 when I
build that in the next couple days which fixes a potential bug in this area).
With NTLM built into the JDK, it becomes much easier. Just set the username
and password like normal basic auth and it pretty much will just work.
Dan
On Monday 15 March 2010 9:42:54 am Bruno Melloni wrote:
> Ron, I've had no problems writing clients for 'normal' web services written
> in .NET.
>
>
>
> Nate, yes, it is Great Plains, written by Microsoft. It seems to not be
> WS-S, but rather NTLM authentication in the headers (captured and included
> below). I found the following article discussing HTTP client stacks that
> can deal with NTLM authentication:
> http://oaklandsoftware.com/papers/ntlm.html. I also found the following
> the following thread from 2008 on how somebody managed to make it work
> with CXF in a programmatic way:
> http://old.nabble.com/NTLM-Support--td16447079.html. It mentions a link
> to the CXF wiki, but it has since gone dead. In case it is relevant, I am
> using CXF 2.2.2.
>
>
>
> The questions that remain are:
>
>
>
> - Has CXF evolved since 2008 so that there is a cleaner way to use NTLM
> authentication?
>
> - How to translate the programmatic solution to something that can be
> put in the Spring context file, perhaps as properties under the
> <jaxws:client> tag?
>
>
>
> If the answer to my questions is obvious I apologize for my ignorance. I
> am quite comfortable with the Spring-based approach to CXF but I am still
> not very familiar with doing CXF without it.
>
>
>
> Thanks.
>
>
>
> -----
>
> HEADERS:
>
>
>
> POST http://ddusek1108:88/DynamicsGPWebServices/DynamicsGPService.asmx
> HTTP/1.1
>
> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client
> Protocol 2.0.50727.832)
>
> VsDebuggerCausalityData:
> uIDPo5dDV8l0LwpLmWT/FsojNsYAAAAAHmXIxE8tmEaZBSfNmWFGWEGujufiJq5JoaaQyRTzT2
> gACAAA
>
> Content-Type: text/xml; charset=utf-8
>
> SOAPAction:
> "http://schemas.microsoft.com/dynamics/gp/2006/01/GetCustomerList"
>
> Authorization: NTLM
> TlRMTVNTUAADAAAAGAAYAHwAAAAYABgAlAAAABgAGABIAAAACAAIAGAAAAAUABQAaAAAABAAEA
> CsAAAANYKI4gUCzg4AAAAPbgBvAHIAdABoAGEAbQBlAHIAaQBjAGEAcAByAG8AdABEAEQAVQBTA
> EUASwAxADEAMAA4AAKY0Sa9Kp9OAAAAAAAAAAAAAAAAAAAAAKvDCPBVwuwaRtfaI/6mTH6Pms+c
> gk2JNgmzIC1jRA2cWXofHirtcb0=
>
> Host: ddusek1108:88
>
> Content-Length: 626
>
> Expect: 100-continue
>
>
>
> <?xml version="1.0" encoding="utf-8"?><soap:Envelope
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><GetCustomerList
> xmlns="http://schemas.microsoft.com/dynamics/gp/2006/01"><criteria><Name><
> Like>%</Like></Name><Scope>Return All</Scope></criteria><Context
> xmlns="http://schemas.microsoft.com/dynamics/2006/01"><OrganizationKey
> xsi:type="CompanyKey"><Id>-1</Id></OrganizationKey><CultureName>en-US</Cul
> tureName><CurrencyType>Transactional</CurrencyType></Context></GetCustomerL
> ist></soap:Body></soap:Envelope>
>
>
>
> -----
>
>
>
> -----Original Message-----
> From: Nate Woody [mailto:naw47@cac.cornell.edu]
> Sent: Thursday, March 11, 2010 8:40 AM
> To: users@cxf.apache.org
> Subject: RE: Service authentication credentials
>
>
>
> I've been forced to write quite a few CXF clients to Microsoft services,
>
> I think the mailing list is littered with my questions about that. Is
>
> this a service someone developed using Microsoft tools, or a service
>
> produced by Microsoft? That's a Great Plains reference? I've often had
>
> trouble with figuring the security mechanism from a MS wsdl, so I tend
>
> to go pragmatic and start here:
>
>
>
> 1) What does the service reply with when you call it from CXF? If it's
>
> something as simple as WS-S, you ought to get a complaint about missing
>
> security headers.
>
>
>
> 2) It sounds like you have a functional .NET implementation. Log the
>
> packets from that implementation and take a look at what's going in.
>
>
>
> Best,
>
> Nate
>
>
>
>
>
> -----Original Message-----
>
> From: Bruno Melloni [mailto:Bruno.Melloni@chickasaw.net]
>
> Sent: Thursday, March 11, 2010 9:20 AM
>
> To: 'users@cxf.apache.org'
>
> Subject: Service authentication credentials
>
>
>
> I am trying to access a Microsoft-developed service that requires
>
> authentication. Being Microsoft, they do not document anything at the
>
> web service level since they want you to use Visual Studio which creates
>
> a .NET proxy that is capable of using NTLM to supply the
>
> username/password to the underlying web service. I *think* that they
>
> are following web services standards for the underlying web service.
>
>
>
> Of course, I am trying to use a CXF client to access the underlying web
>
> service from Java. I used wsdl2java to generate the java classes, but I
>
> see no credentials-related information (which you do see in the .NET
>
> proxy). That makes me suspect that they must be in the stored in the
>
> SOAP headers and that in CXF we access them in a different way.
>
>
>
> I could use any clues on how to:
>
>
>
> a) Figure out how authentication is being done for this web service.
>
>
>
> b) Figure out how to provide the credentials to the web service when
>
> called. I am using the Spring approach to get the CXF client proxy and
>
> my current configuration looks like:
>
>
>
> <jaxws:client id="gpClient"
>
> address="http://myServer.myDomain/DynamicsGPWebServices/DynamicsGPServic
>
> e.asmx"
>
>
>
> serviceClass="com.microsoft.schemas.dynamics.gp._2006._01.DynamicsX0020G
>
> PSoap" />
>
>
>
> Needless to say, my experience with CXF is not too deep (created and
>
> called a few services via the Spring method - the simplest), and my
>
> knowledge of web services authentication is zero. Unfortunately CXF's
>
> documentation isn't very helpful for someone at my stage of learning
>
> CXF. I'll appreciate any help I can get.
>
>
>
> I tried to attach a copy of the WSDL for the service that I'm trying to
>
> access, but it exceeds the size limits for this mailing list.
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
Re: Service authentication credentials
Posted by Daniel Kulp <dk...@apache.org>.
There is a small section on NTLM stuff at the bottom of:
http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
The main suggestion is to use Java6 and CXF 2.2.6 (or preferrably 2.2.7 when I
build that in the next couple days which fixes a potential bug in this area).
With NTLM built into the JDK, it becomes much easier. Just set the username
and password like normal basic auth and it pretty much will just work.
Dan
On Monday 15 March 2010 9:42:54 am Bruno Melloni wrote:
> Ron, I've had no problems writing clients for 'normal' web services written
> in .NET.
>
>
>
> Nate, yes, it is Great Plains, written by Microsoft. It seems to not be
> WS-S, but rather NTLM authentication in the headers (captured and included
> below). I found the following article discussing HTTP client stacks that
> can deal with NTLM authentication:
> http://oaklandsoftware.com/papers/ntlm.html. I also found the following
> the following thread from 2008 on how somebody managed to make it work
> with CXF in a programmatic way:
> http://old.nabble.com/NTLM-Support--td16447079.html. It mentions a link
> to the CXF wiki, but it has since gone dead. In case it is relevant, I am
> using CXF 2.2.2.
>
>
>
> The questions that remain are:
>
>
>
> - Has CXF evolved since 2008 so that there is a cleaner way to use NTLM
> authentication?
>
> - How to translate the programmatic solution to something that can be
> put in the Spring context file, perhaps as properties under the
> <jaxws:client> tag?
>
>
>
> If the answer to my questions is obvious I apologize for my ignorance. I
> am quite comfortable with the Spring-based approach to CXF but I am still
> not very familiar with doing CXF without it.
>
>
>
> Thanks.
>
>
>
> -----
>
> HEADERS:
>
>
>
> POST http://ddusek1108:88/DynamicsGPWebServices/DynamicsGPService.asmx
> HTTP/1.1
>
> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client
> Protocol 2.0.50727.832)
>
> VsDebuggerCausalityData:
> uIDPo5dDV8l0LwpLmWT/FsojNsYAAAAAHmXIxE8tmEaZBSfNmWFGWEGujufiJq5JoaaQyRTzT2
> gACAAA
>
> Content-Type: text/xml; charset=utf-8
>
> SOAPAction:
> "http://schemas.microsoft.com/dynamics/gp/2006/01/GetCustomerList"
>
> Authorization: NTLM
> TlRMTVNTUAADAAAAGAAYAHwAAAAYABgAlAAAABgAGABIAAAACAAIAGAAAAAUABQAaAAAABAAEA
> CsAAAANYKI4gUCzg4AAAAPbgBvAHIAdABoAGEAbQBlAHIAaQBjAGEAcAByAG8AdABEAEQAVQBTA
> EUASwAxADEAMAA4AAKY0Sa9Kp9OAAAAAAAAAAAAAAAAAAAAAKvDCPBVwuwaRtfaI/6mTH6Pms+c
> gk2JNgmzIC1jRA2cWXofHirtcb0=
>
> Host: ddusek1108:88
>
> Content-Length: 626
>
> Expect: 100-continue
>
>
>
> <?xml version="1.0" encoding="utf-8"?><soap:Envelope
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><GetCustomerList
> xmlns="http://schemas.microsoft.com/dynamics/gp/2006/01"><criteria><Name><
> Like>%</Like></Name><Scope>Return All</Scope></criteria><Context
> xmlns="http://schemas.microsoft.com/dynamics/2006/01"><OrganizationKey
> xsi:type="CompanyKey"><Id>-1</Id></OrganizationKey><CultureName>en-US</Cul
> tureName><CurrencyType>Transactional</CurrencyType></Context></GetCustomerL
> ist></soap:Body></soap:Envelope>
>
>
>
> -----
>
>
>
> -----Original Message-----
> From: Nate Woody [mailto:naw47@cac.cornell.edu]
> Sent: Thursday, March 11, 2010 8:40 AM
> To: users@cxf.apache.org
> Subject: RE: Service authentication credentials
>
>
>
> I've been forced to write quite a few CXF clients to Microsoft services,
>
> I think the mailing list is littered with my questions about that. Is
>
> this a service someone developed using Microsoft tools, or a service
>
> produced by Microsoft? That's a Great Plains reference? I've often had
>
> trouble with figuring the security mechanism from a MS wsdl, so I tend
>
> to go pragmatic and start here:
>
>
>
> 1) What does the service reply with when you call it from CXF? If it's
>
> something as simple as WS-S, you ought to get a complaint about missing
>
> security headers.
>
>
>
> 2) It sounds like you have a functional .NET implementation. Log the
>
> packets from that implementation and take a look at what's going in.
>
>
>
> Best,
>
> Nate
>
>
>
>
>
> -----Original Message-----
>
> From: Bruno Melloni [mailto:Bruno.Melloni@chickasaw.net]
>
> Sent: Thursday, March 11, 2010 9:20 AM
>
> To: 'users@cxf.apache.org'
>
> Subject: Service authentication credentials
>
>
>
> I am trying to access a Microsoft-developed service that requires
>
> authentication. Being Microsoft, they do not document anything at the
>
> web service level since they want you to use Visual Studio which creates
>
> a .NET proxy that is capable of using NTLM to supply the
>
> username/password to the underlying web service. I *think* that they
>
> are following web services standards for the underlying web service.
>
>
>
> Of course, I am trying to use a CXF client to access the underlying web
>
> service from Java. I used wsdl2java to generate the java classes, but I
>
> see no credentials-related information (which you do see in the .NET
>
> proxy). That makes me suspect that they must be in the stored in the
>
> SOAP headers and that in CXF we access them in a different way.
>
>
>
> I could use any clues on how to:
>
>
>
> a) Figure out how authentication is being done for this web service.
>
>
>
> b) Figure out how to provide the credentials to the web service when
>
> called. I am using the Spring approach to get the CXF client proxy and
>
> my current configuration looks like:
>
>
>
> <jaxws:client id="gpClient"
>
> address="http://myServer.myDomain/DynamicsGPWebServices/DynamicsGPServic
>
> e.asmx"
>
>
>
> serviceClass="com.microsoft.schemas.dynamics.gp._2006._01.DynamicsX0020G
>
> PSoap" />
>
>
>
> Needless to say, my experience with CXF is not too deep (created and
>
> called a few services via the Spring method - the simplest), and my
>
> knowledge of web services authentication is zero. Unfortunately CXF's
>
> documentation isn't very helpful for someone at my stage of learning
>
> CXF. I'll appreciate any help I can get.
>
>
>
> I tried to attach a copy of the WSDL for the service that I'm trying to
>
> access, but it exceeds the size limits for this mailing list.
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
RE: Service authentication credentials
Posted by Bruno Melloni <Br...@chickasaw.net>.
Ron, I've had no problems writing clients for 'normal' web services written in .NET.
Nate, yes, it is Great Plains, written by Microsoft. It seems to not be WS-S, but rather NTLM authentication in the headers (captured and included below). I found the following article discussing HTTP client stacks that can deal with NTLM authentication: http://oaklandsoftware.com/papers/ntlm.html. I also found the following the following thread from 2008 on how somebody managed to make it work with CXF in a programmatic way: http://old.nabble.com/NTLM-Support--td16447079.html. It mentions a link to the CXF wiki, but it has since gone dead. In case it is relevant, I am using CXF 2.2.2.
The questions that remain are:
- Has CXF evolved since 2008 so that there is a cleaner way to use NTLM authentication?
- How to translate the programmatic solution to something that can be put in the Spring context file, perhaps as properties under the <jaxws:client> tag?
If the answer to my questions is obvious I apologize for my ignorance. I am quite comfortable with the Spring-based approach to CXF but I am still not very familiar with doing CXF without it.
Thanks.
-----
HEADERS:
POST http://ddusek1108:88/DynamicsGPWebServices/DynamicsGPService.asmx HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 2.0.50727.832)
VsDebuggerCausalityData: uIDPo5dDV8l0LwpLmWT/FsojNsYAAAAAHmXIxE8tmEaZBSfNmWFGWEGujufiJq5JoaaQyRTzT2gACAAA
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://schemas.microsoft.com/dynamics/gp/2006/01/GetCustomerList"
Authorization: NTLM TlRMTVNTUAADAAAAGAAYAHwAAAAYABgAlAAAABgAGABIAAAACAAIAGAAAAAUABQAaAAAABAAEACsAAAANYKI4gUCzg4AAAAPbgBvAHIAdABoAGEAbQBlAHIAaQBjAGEAcAByAG8AdABEAEQAVQBTAEUASwAxADEAMAA4AAKY0Sa9Kp9OAAAAAAAAAAAAAAAAAAAAAKvDCPBVwuwaRtfaI/6mTH6Pms+cgk2JNgmzIC1jRA2cWXofHirtcb0=
Host: ddusek1108:88
Content-Length: 626
Expect: 100-continue
<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><GetCustomerList xmlns="http://schemas.microsoft.com/dynamics/gp/2006/01"><criteria><Name><Like>%</Like></Name><Scope>Return All</Scope></criteria><Context xmlns="http://schemas.microsoft.com/dynamics/2006/01"><OrganizationKey xsi:type="CompanyKey"><Id>-1</Id></OrganizationKey><CultureName>en-US</CultureName><CurrencyType>Transactional</CurrencyType></Context></GetCustomerList></soap:Body></soap:Envelope>
-----
-----Original Message-----
From: Nate Woody [mailto:naw47@cac.cornell.edu]
Sent: Thursday, March 11, 2010 8:40 AM
To: users@cxf.apache.org
Subject: RE: Service authentication credentials
I've been forced to write quite a few CXF clients to Microsoft services,
I think the mailing list is littered with my questions about that. Is
this a service someone developed using Microsoft tools, or a service
produced by Microsoft? That's a Great Plains reference? I've often had
trouble with figuring the security mechanism from a MS wsdl, so I tend
to go pragmatic and start here:
1) What does the service reply with when you call it from CXF? If it's
something as simple as WS-S, you ought to get a complaint about missing
security headers.
2) It sounds like you have a functional .NET implementation. Log the
packets from that implementation and take a look at what's going in.
Best,
Nate
-----Original Message-----
From: Bruno Melloni [mailto:Bruno.Melloni@chickasaw.net]
Sent: Thursday, March 11, 2010 9:20 AM
To: 'users@cxf.apache.org'
Subject: Service authentication credentials
I am trying to access a Microsoft-developed service that requires
authentication. Being Microsoft, they do not document anything at the
web service level since they want you to use Visual Studio which creates
a .NET proxy that is capable of using NTLM to supply the
username/password to the underlying web service. I *think* that they
are following web services standards for the underlying web service.
Of course, I am trying to use a CXF client to access the underlying web
service from Java. I used wsdl2java to generate the java classes, but I
see no credentials-related information (which you do see in the .NET
proxy). That makes me suspect that they must be in the stored in the
SOAP headers and that in CXF we access them in a different way.
I could use any clues on how to:
a) Figure out how authentication is being done for this web service.
b) Figure out how to provide the credentials to the web service when
called. I am using the Spring approach to get the CXF client proxy and
my current configuration looks like:
<jaxws:client id="gpClient"
address="http://myServer.myDomain/DynamicsGPWebServices/DynamicsGPServic
e.asmx"
serviceClass="com.microsoft.schemas.dynamics.gp._2006._01.DynamicsX0020G
PSoap" />
Needless to say, my experience with CXF is not too deep (created and
called a few services via the Spring method - the simplest), and my
knowledge of web services authentication is zero. Unfortunately CXF's
documentation isn't very helpful for someone at my stage of learning
CXF. I'll appreciate any help I can get.
I tried to attach a copy of the WSDL for the service that I'm trying to
access, but it exceeds the size limits for this mailing list.
RE: Service authentication credentials
Posted by Nate Woody <na...@cac.cornell.edu>.
I've been forced to write quite a few CXF clients to Microsoft services,
I think the mailing list is littered with my questions about that. Is
this a service someone developed using Microsoft tools, or a service
produced by Microsoft? That's a Great Plains reference? I've often had
trouble with figuring the security mechanism from a MS wsdl, so I tend
to go pragmatic and start here:
1) What does the service reply with when you call it from CXF? If it's
something as simple as WS-S, you ought to get a complaint about missing
security headers.
2) It sounds like you have a functional .NET implementation. Log the
packets from that implementation and take a look at what's going in.
Best,
Nate
-----Original Message-----
From: Bruno Melloni [mailto:Bruno.Melloni@chickasaw.net]
Sent: Thursday, March 11, 2010 9:20 AM
To: 'users@cxf.apache.org'
Subject: Service authentication credentials
I am trying to access a Microsoft-developed service that requires
authentication. Being Microsoft, they do not document anything at the
web service level since they want you to use Visual Studio which creates
a .NET proxy that is capable of using NTLM to supply the
username/password to the underlying web service. I *think* that they
are following web services standards for the underlying web service.
Of course, I am trying to use a CXF client to access the underlying web
service from Java. I used wsdl2java to generate the java classes, but I
see no credentials-related information (which you do see in the .NET
proxy). That makes me suspect that they must be in the stored in the
SOAP headers and that in CXF we access them in a different way.
I could use any clues on how to:
a) Figure out how authentication is being done for this web service.
b) Figure out how to provide the credentials to the web service when
called. I am using the Spring approach to get the CXF client proxy and
my current configuration looks like:
<jaxws:client id="gpClient"
address="http://myServer.myDomain/DynamicsGPWebServices/DynamicsGPServic
e.asmx"
serviceClass="com.microsoft.schemas.dynamics.gp._2006._01.DynamicsX0020G
PSoap" />
Needless to say, my experience with CXF is not too deep (created and
called a few services via the Spring method - the simplest), and my
knowledge of web services authentication is zero. Unfortunately CXF's
documentation isn't very helpful for someone at my stage of learning
CXF. I'll appreciate any help I can get.
I tried to attach a copy of the WSDL for the service that I'm trying to
access, but it exceeds the size limits for this mailing list.
RE: Service authentication credentials
Posted by Ron Grimes <rg...@sinclairoil.com>.
I consume some third party .Net web services. Typically, it should be pretty easy. Since they are obviously using SOAP, there must be a corresponding WSDL. You should be able to punch the address to the WSDL into a tool like SOAPUI and have it generate request SOAP envelopes for you. From there, you know what the service is expecting. Hopefully, the SOAP envelope will refer to any xsd documents that it is using, which should give you further definition of what types of values can be inserted into the request envelope.
Ron
-----Original Message-----
From: Bruno Melloni [mailto:Bruno.Melloni@chickasaw.net]
Sent: Thursday, March 11, 2010 7:20 AM
To: 'users@cxf.apache.org'
Subject: Service authentication credentials
I am trying to access a Microsoft-developed service that requires authentication. Being Microsoft, they do not document anything at the web service level since they want you to use Visual Studio which creates a .NET proxy that is capable of using NTLM to supply the username/password to the underlying web service. I *think* that they are following web services standards for the underlying web service.
Of course, I am trying to use a CXF client to access the underlying web service from Java. I used wsdl2java to generate the java classes, but I see no credentials-related information (which you do see in the .NET proxy). That makes me suspect that they must be in the stored in the SOAP headers and that in CXF we access them in a different way.
I could use any clues on how to:
a) Figure out how authentication is being done for this web service.
b) Figure out how to provide the credentials to the web service when called. I am using the Spring approach to get the CXF client proxy and my current configuration looks like:
<jaxws:client id="gpClient" address="http://myServer.myDomain/DynamicsGPWebServices/DynamicsGPService.asmx"
serviceClass="com.microsoft.schemas.dynamics.gp._2006._01.DynamicsX0020GPSoap" />
Needless to say, my experience with CXF is not too deep (created and called a few services via the Spring method - the simplest), and my knowledge of web services authentication is zero. Unfortunately CXF's documentation isn't very helpful for someone at my stage of learning CXF. I'll appreciate any help I can get.
I tried to attach a copy of the WSDL for the service that I'm trying to access, but it exceeds the size limits for this mailing list.