You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Ed Rouse <er...@milner.com> on 2013/12/12 20:03:31 UTC

responding to a 401

Cxf version 2.7.8, using HTTPConduits. This is the code I am using. Much of it may be unnescessary, but I have been trying a variety of approaches trying to get this to work. The IIS log results are after the code and show that cxf is not responding to the 401. Personally, I would like to just always send the user/pass and not have to worry about the 401, but getting a response sent so that it at least works would be fine as well. Not sure why it doesn't send the response in this case. I have been on google for 2 days looking at solutions but haven't found one that works. The client connects to 3 different web services, all of which are windows C# and all of which were programmed by people who have no idea how web services are supposed to be set up. 2 of the services don't require authentication, but 1 does; and that is the one that is failing. You can see in the log snippet that the one works (200) but the other sends a 401 and gets no response from cxf, so it fails.

This used to work. I suspect an update from Microsoft broke it, but I am expected to fix it. Thanks for looking.

    if(port == null)
    {
      URL wsdl = Thread.currentThread().getContextClassLoader().getResource(ID_WSDL_PATH);

      Service service = new Service(wsdl);
      ServiceSoap port = service.getServiceSoap();
      HTTPConduit conduit = (HTTPConduit)ClientProxy.getClient(port).getConduit();

      HTTPClientPolicy policy = new HTTPClientPolicy();
      policy.setAllowChunking(false);
      policy.setConnectionTimeout(300000);
      policy.setReceiveTimeout(300000);

      ((BindingProvider)port).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, idEndpoint);
      ((BindingProvider)port).getRequestContext().put(BindingProvider.SESSION_MAINTAIN_PROPERTY, Boolean.TRUE);
      ((BindingProvider)port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, auth.getUserName());
      ((BindingProvider)port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, auth.getPassword());

      if(auth != null)
      {
        conduit.setAuthorization(auth);
      }
      else
      {
        log.debug("auth is null");
      }
      conduit.setClient(policy);

      CookieManager manager = new CookieManager();
      manager.setCookiePolicy(CookiePolicy.ACCEPT_ALL);
      CookieHandler.setDefault(manager);

      String tmp = "";
      try
      {
        tmp = port.setProduct(LICENSE_FEATURE, LICENSE_VERSION, getLicenseInfo(), errorInfo);
      }
      catch(Exception e)
      {
        if(errorInfo.value != null && errorInfo.value.getMessage() != null)
          log.error(errorInfo.value.getMessage());
        log.debug(tmp);
        e.printStackTrace();
      }

      CookieStore cookieJar = manager.getCookieStore();
      List<HttpCookie> cookies = cookieJar.getCookies();
      for(HttpCookie cookie: cookies)
      {
        log.debug("Cookie: " + cookie);
        policy.setCookie(cookie.toString());
      }
      this.port = port;
    }
    return port;



2013-12-12 18:30:21 10.82.60.122 POST /IDWMExtras/Service.asmx - 80 - 10.82.60.172 Apache+CXF+2.7.8 200 0 0 0
2013-12-12 18:30:29 10.82.60.122 POST /C2SWebService/Service.asmx - 80 - 10.82.60.172 Apache+CXF+2.7.8 401 2 5 0
2013-12-12 18:30:29 10.82.60.122 POST /C2SWebService/Service.asmx - 80 - 10.82.60.172 Apache+CXF+2.7.8 401 2 5 0

Thanks.

Re: responding to a 401

Posted by Daniel Kulp <dk...@apache.org>.

You may want to try using wireshark or something to look at the raw transfers.   With that code, the AUTH information should be proactively sent, but only via basic auth.   It’s possible that the other side is only allowing digest or NTLM based authentication.   Getting the response headers could likely tell you if it needs a domain or something as well.

Dan



On Dec 12, 2013, at 2:03 PM, Ed Rouse <er...@milner.com> wrote:

> Cxf version 2.7.8, using HTTPConduits. This is the code I am using. Much of it may be unnescessary, but I have been trying a variety of approaches trying to get this to work. The IIS log results are after the code and show that cxf is not responding to the 401. Personally, I would like to just always send the user/pass and not have to worry about the 401, but getting a response sent so that it at least works would be fine as well. Not sure why it doesn't send the response in this case. I have been on google for 2 days looking at solutions but haven't found one that works. The client connects to 3 different web services, all of which are windows C# and all of which were programmed by people who have no idea how web services are supposed to be set up. 2 of the services don't require authentication, but 1 does; and that is the one that is failing. You can see in the log snippet that the one works (200) but the other sends a 401 and gets no response from cxf, so it fails.
> 
> This used to work. I suspect an update from Microsoft broke it, but I am expected to fix it. Thanks for looking.
> 
>    if(port == null)
>    {
>      URL wsdl = Thread.currentThread().getContextClassLoader().getResource(ID_WSDL_PATH);
> 
>      Service service = new Service(wsdl);
>      ServiceSoap port = service.getServiceSoap();
>      HTTPConduit conduit = (HTTPConduit)ClientProxy.getClient(port).getConduit();
> 
>      HTTPClientPolicy policy = new HTTPClientPolicy();
>      policy.setAllowChunking(false);
>      policy.setConnectionTimeout(300000);
>      policy.setReceiveTimeout(300000);
> 
>      ((BindingProvider)port).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, idEndpoint);
>      ((BindingProvider)port).getRequestContext().put(BindingProvider.SESSION_MAINTAIN_PROPERTY, Boolean.TRUE);
>      ((BindingProvider)port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, auth.getUserName());
>      ((BindingProvider)port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, auth.getPassword());
> 
>      if(auth != null)
>      {
>        conduit.setAuthorization(auth);
>      }
>      else
>      {
>        log.debug("auth is null");
>      }
>      conduit.setClient(policy);
> 
>      CookieManager manager = new CookieManager();
>      manager.setCookiePolicy(CookiePolicy.ACCEPT_ALL);
>      CookieHandler.setDefault(manager);
> 
>      String tmp = "";
>      try
>      {
>        tmp = port.setProduct(LICENSE_FEATURE, LICENSE_VERSION, getLicenseInfo(), errorInfo);
>      }
>      catch(Exception e)
>      {
>        if(errorInfo.value != null && errorInfo.value.getMessage() != null)
>          log.error(errorInfo.value.getMessage());
>        log.debug(tmp);
>        e.printStackTrace();
>      }
> 
>      CookieStore cookieJar = manager.getCookieStore();
>      List<HttpCookie> cookies = cookieJar.getCookies();
>      for(HttpCookie cookie: cookies)
>      {
>        log.debug("Cookie: " + cookie);
>        policy.setCookie(cookie.toString());
>      }
>      this.port = port;
>    }
>    return port;
> 
> 
> 
> 2013-12-12 18:30:21 10.82.60.122 POST /IDWMExtras/Service.asmx - 80 - 10.82.60.172 Apache+CXF+2.7.8 200 0 0 0
> 2013-12-12 18:30:29 10.82.60.122 POST /C2SWebService/Service.asmx - 80 - 10.82.60.172 Apache+CXF+2.7.8 401 2 5 0
> 2013-12-12 18:30:29 10.82.60.122 POST /C2SWebService/Service.asmx - 80 - 10.82.60.172 Apache+CXF+2.7.8 401 2 5 0
> 
> Thanks.
> 

-- 
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com