You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Alfonso Baqueiro <ab...@yahoo.com> on 2006/01/27 02:35:53 UTC
How to change Axis TransportHandlers to support SPNEGO??
I need some suggestions on how to modify a webservice that uses normal axis flow, cause I need to modify the HTTP request axis does so I can add a special header (SPNEGO) that is a kerberos tickect that allow the webserver to authenticate the petition against a Kerberos server.
The product I am using is Vintela VSJ, and it uses a special HTTPTransport Class to do this, here is the code mechanics:
//First it gets a Kerberos credential:
LoginContext lc = new LoginContext("JAASCONFIG",
new SimpleCallbackHandler(username, password) );
lc.login();
Subject kerberosSubject = lc.getSubject();
//After that it uses that credential to get the response from the webserver.
InputStream in = (InputStream) Subject.doAsPrivileged(
kerberosSubject,
new CredentialAction( kerberosSubject, url ),
null
);
// read response
//...
-------------
The HTTP reques t is the interesting part:
class CredentialAction implements PrivilegedExceptionAction {
private Subject kerbSubject;
private URL serverURL;
public CredentialAction(Subject kerbSubject, URL serverAddress) {
this.kerbSubject = kerbSubject;
this.serverURL = serverAddress;
}
public Object run() throws LoginException, PrivilegedActionException {
return authenticateAndGetData();
}
private InputStream authenticateAndGetData() throws PrivilegedActionException {
String host = this.serverURL.getHost();
KerberosPrincipal princ = (KerberosPrincipal) this.kerbSubject
.getPrincipals(KerberosPrincipal.class).iterator().next();
GSSCredential cred = (GSSCredential) this.kerbSubject
.getPrivateCredentials(GSSCredential.class).iterator().next();
try{
GSSContext cl = spnegoManager.createContext( peer, mech, cred, lifetime );
// Create transport mechanism for SPNEGO tokens
HttpTokenTransport trans = new HttpTokenTranspor( url.toString );
// Authenticate with the server via HTTP
byte[] inToken = new byte[0];
do {
byte[] outToken = cl.initSecContext( inToken, 0, inToken.length );
if ( outToken != null ){
inToken = trans.sendAndReceive(outToken);
}
} while ( !cl.isEstablished() && inToken != null );
// we have succesfullly authenticated, get the URL data
return trans.getInputStream();
} catch (GSSException ex) {
throw new PrivilegedActionException( ex );
} catch ( IOException ex ){
; throw new PrivilegedActionException( ex );
}
}
//...
}
That is example to retrive a URL that is protected and requires Kerberos Auth, I do not know how can I do this to modify a WebService that uses Axis client to be able to do the Kerberos Auth:
This is my webservice normal axis code:
ServiceFactory factory = ServiceFactory.newInstance();
Service service = factory.createService( new QName(qnameService));
QName port = new QName(qnamePort);
Call call = service.createCall(port);
call.setTargetEndpointAddress(sUrl);
call.setProperty(Call.SOAPACTION_USE_PROPERTY, new Boolean(true));
call.setProperty(Call.SOAPACTION_URI_PROPERTY,"");
call.setProperty(ENCODING_STYLE_PROPERTY,URI_ENCODING);
QName QNAME_TYPE_STRING = new QName(NS_XSD, "string");
call.setReturnType(QNAME_TYPE_STRING);
call.setOperationName(new QName(BODY_NAMESPACE_VALUE,"getAplicaciones"));
call.addParameter("String_1", QNAME_TYPE_STRING, ParameterMode.IN);
call.addParameter("String_2", QNAME_TYPE_STRING, ParameterMode.IN);
call.addParameter("String_3", QNAME_TYPE_STRING, ParameterMode.IN);
String[] params = {sUsuario, sPassword, sCveEntidad};
String wsResponse = (String)call.invoke(params);
Any ideas? Do I need to modify the Axis code? or Is there a pattern I can use?? I reviewed the Axis documentation and view something like a Transport layer and Transport Handlers, can I use this to do what I need??? How do I change the Axis Transpor Handler so it makes the SPNEGO?
Thanks a priori.
__________________________________________________
Correo Yahoo!
Espacio para todos tus mensajes, antivirus y antispam ¡gratis!
Regístrate ya - http://correo.espanol.yahoo.com/