You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by Aj...@DELL.Com on 2013/03/01 12:44:51 UTC
[axis2] NTLM v2 Authentication using Apache Axis2 Java Client
Hi All,
I am using Apache Axis2 v1.6.2 for generating the web service code using wsdl2java utility.
The web service I am trying to connect uses NTLM v2 authentication ( using org.apache.axis2.transport.http.HttpTransportProperties.Authenticator - Authenticator.NTLM).
The client code I am using always returns me back "401 - Unauthorized" response.
I have browsed through different site, but did not get any help.
Can anybody suggest me how can this issue be fixed?
Thanks & Regards
Ajaya Kumar Senapati
RE: [axis2] NTLM v2 Authentication using Apache Axis2 Java Client
Posted by Martin Gainty <mg...@hotmail.com>.
Karl is right
Majority of architects would design a solution which would authenticate at initial entry point either
1) the webserver or
2) customer-facing servlet (which would implement the NTLM provider with HttpClient...)
BUT:
Lets say you're a Scandanavian Mobile Phone manufacturer and you want to open up a direct SOAP interface for your high profile clients (e.g. BestBuy and or Staples)
you can achieve a secure soap service with rahas and rampart Axis modules
Here is a sample service configurator that comes with Rampart security module (named s5-services.xml)
<service name="SecureService">
<module ref="rampart"/>
<module ref="rahas"/>
<parameter locked="false" name="ServiceClass">org.apache.rahas.Service</parameter>
<operation name="echo">
<messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
<actionMapping>urn:echo</actionMapping>
</operation>
<parameter name="saml-issuer-config">
<!-- start NTLM specific -->
<saml-issuer-config>
<issuerName>Test_STS</issuerName>
<issuerKeyAlias>ip</issuerKeyAlias>
<issuerKeyPassword>password</issuerKeyPassword>
<cryptoProperties>
<crypto provider="org.apache.ws.security.components.crypto.Merlin">
<property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
<property name="org.apache.ws.security.crypto.merlin.file">rahas-sts.jks</property>
<property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
</crypto>
</cryptoProperties>
<timeToLive>300000</timeToLive>
<keySize>256</keySize>
<addRequestedAttachedRef />
<addRequestedUnattachedRef />
<!-- code a new Java Class which would implement SAMLCallbackHandler and implement NTLM auth -->
<dataCallbackHandlerClass>org.apache.rahas.SAMLDataProvider</dataCallbackHandlerClass>
<!--
Key computation mechanism
1 - Use Request Entropy
2 - Provide Entropy
3 - Use Own Key
-->
<keyComputation>2</keyComputation>
<!--
proofKeyType element is valid only if the keyComputation is set to 3
i.e. Use Own Key
Valid values are: EncryptedKey & BinarySecret
-->
<proofKeyType>BinarySecret</proofKeyType>
<trusted-services>
<service alias="bob">http://localhost:5555/axis2/services/SecureService</service>
<service alias="bob1">http://localhost:5555/axis2/services/SecureService1</service>
<service alias="bob2">http://localhost:5555/axis2/services/SecureService2</service>
<service alias="bob3">http://localhost:5555/axis2/services/SecureService3</service>
<!-- you can change the PortNumber but you will need to update the following Server and Client files -->
.\src\main\java\org\apache\axis2\integration\UtilServer.java
.\src\main\java\org\apache\axis2\integration\UtilsTCPServer.java
.\src\main\java\org\apache\rahas\TestClient.java
<!-- end file listing with hardcoded Port numbers -->
</trusted-services>
</saml-issuer-config>
</parameter>
<parameter name="InflowSecurity">
<action>
<items>UsernameToken Timestamp</items>
<!-- custom Callback class implements javax.security.auth.callback.CallbackHandler for incoming requests -->
<passwordCallbackClass xmlns="">org.apache.rahas.PWCallback</passwordCallbackClass>
</action>
</parameter>
<parameter name="OutflowSecurity">
<action>
<items>Timestamp</items>
<user>ip</user>
<!-- custom Callback Class implements javax.security.auth.callback.CallbackHandler for outgoing responses -->
<passwordCallbackClass xmlns="">org.apache.rahas.PWCallback</passwordCallbackClass>
<enableSignatureConfirmation>false</enableSignatureConfirmation>
</action>
</parameter>
</service>
More information on implementing custom security providers in rampart available at
http://axis.apache.org/axis2/java/rampart/
Viel Gluck!
Martin
______________________________________________
Verzicht und Vertraulichkeitanmerkung
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
________________________________
> From: karl.wright@nokia.com
> To: java-dev@axis.apache.org; java-dev-faq@axis.apache.org
> Subject: RE: [axis2] NTLM v2 Authentication using Apache Axis2 Java Client
> Date: Fri, 1 Mar 2013 13:25:10 +0000
>
>
> The HttpComponents/HttpClient implementation of NTLM contains modern
> and tested support for this functionality. I have no idea what the
> Axis implementation is based on, but probably it is extremely old and
> out of date.
>
>
>
> Karl
>
>
>
> From: ext Ajaya_Senapati@DELL.Com [mailto:Ajaya_Senapati@DELL.Com]
> Sent: Friday, March 01, 2013 6:45 AM
> To: java-dev@axis.apache.org; java-dev-faq@axis.apache.org
> Subject: [axis2] NTLM v2 Authentication using Apache Axis2 Java Client
>
>
>
> Hi All,
>
>
>
> I am using Apache Axis2 v1.6.2 for generating the web service code
> using wsdl2java utility.
>
> The web service I am trying to connect uses NTLM v2 authentication (
> using
> org.apache.axis2.transport.http.HttpTransportProperties.Authenticator
> - Authenticator.NTLM).
>
>
>
> The client code I am using always returns me back “401 – Unauthorized”
> response.
>
> I have browsed through different site, but did not get any help.
>
>
>
> Can anybody suggest me how can this issue be fixed?
>
>
>
> Thanks & Regards
>
> Ajaya Kumar Senapati
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org
RE: [axis2] NTLM v2 Authentication using Apache Axis2 Java Client
Posted by ka...@nokia.com.
The HttpComponents/HttpClient implementation of NTLM contains modern and tested support for this functionality. I have no idea what the Axis implementation is based on, but probably it is extremely old and out of date.
Karl
From: ext Ajaya_Senapati@DELL.Com [mailto:Ajaya_Senapati@DELL.Com]
Sent: Friday, March 01, 2013 6:45 AM
To: java-dev@axis.apache.org; java-dev-faq@axis.apache.org
Subject: [axis2] NTLM v2 Authentication using Apache Axis2 Java Client
Hi All,
I am using Apache Axis2 v1.6.2 for generating the web service code using wsdl2java utility.
The web service I am trying to connect uses NTLM v2 authentication ( using org.apache.axis2.transport.http.HttpTransportProperties.Authenticator - Authenticator.NTLM).
The client code I am using always returns me back "401 - Unauthorized" response.
I have browsed through different site, but did not get any help.
Can anybody suggest me how can this issue be fixed?
Thanks & Regards
Ajaya Kumar Senapati