You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by mrusso <mr...@roundarch.com> on 2008/04/02 16:23:00 UTC
NTLM Support?
I can't seem to find anything related to configuring CXF to support NTLM.
Has anyone tried this or found any documentation / examples that they could
point me towards?
I'm trying to consume a Custom Microsoft SharePoint Web Service from our
Java Portal (Spring / Hibernate on WebSphere) over SSL with NTLM. I'm told
by the SharePoint admins that I can use Basic Authentication, but my tests
have shown that it keeps asking me for NTLM credentials.
I'm generating a client from a provided .WSDL. My plan is to work from the
ground up, starting with No SSL, No Authentication. Add Authentication to
the SharePoint instance, retest, add SSL, retest, etc. Rinse, Repeat. My
initial tests tell me that OOB CXF doesn't talk nicely with Integrated
Windows Authentication, but I'm pretty new to this arena, so I'm not ruling
out user error.
I've followed this process with Axis2 with some success, but the generated
files are horrendous, and we already are using CXF to serve to a flex
client, so I'd like to keep it in the family, so to speak.
Thanks for your time,
Mario
--
View this message in context: http://www.nabble.com/NTLM-Support--tp16447079p16447079.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: NTLM Support?
Posted by Glen Mazza <gl...@gmail.com>.
Hmmm, because they very heavily interact with and emphasize interoperability
with Microsoft[1], you may wish to take a good look at GlassFish Metro
first. While I doubt Metro can handle everything you want below, it will
probably get you closest to where you want to be.
Glen
[1]
http://weblogs.java.net/blog/haroldcarr/archive/2008/03/metro_web_servi_2.html
mrusso wrote:
>
> I can't seem to find anything related to configuring CXF to support NTLM.
> Has anyone tried this or found any documentation / examples that they
> could point me towards?
>
> I'm trying to consume a Custom Microsoft SharePoint Web Service from our
> Java Portal (Spring / Hibernate on WebSphere) over SSL with NTLM. I'm
> told by the SharePoint admins that I can use Basic Authentication, but my
> tests have shown that it keeps asking me for NTLM credentials.
>
> I'm generating a client from a provided .WSDL. My plan is to work from
> the ground up, starting with No SSL, No Authentication. Add
> Authentication to the SharePoint instance, retest, add SSL, retest, etc.
> Rinse, Repeat. My initial tests tell me that OOB CXF doesn't talk nicely
> with Integrated Windows Authentication, but I'm pretty new to this arena,
> so I'm not ruling out user error.
>
> I've followed this process with Axis2 with some success, but the generated
> files are horrendous, and we already are using CXF to serve to a flex
> client, so I'd like to keep it in the family, so to speak.
>
> Thanks for your time,
>
> Mario
>
--
View this message in context: http://www.nabble.com/NTLM-Support--tp16447079p16447433.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: NTLM Support?
Posted by Daniel Kulp <dk...@apache.org>.
Cool. Thanks for that update. I've gone ahead and updated the docs with
this information:
http://cwiki.apache.org/confluence/display/CXF20DOC/Client+HTTP+Transport+(including+SSL+support)
Dan
On Sunday 14 September 2008 9:14:20 pm benjwarner wrote:
> Hi all,
> Thanks for your thread, it has enabled me to get NTLM over CXF working.
> Thought I'd update the thread for anyone else having this issue.
>
> The code below is my client CXF setup. Notice that I have commented out
> the bit which sets the username/password to use for NTLM. If credentials
> are missing jcifs will use the underlying NT credentials. I've run this on
> a websphere box, and it picks up the service account which is running
> websphere. Which is handy because we don't have to manage credentials in
> the app.
>
> Hope this helps.
>
> //Set the jcifs properties
> jcifs.Config.setProperty("jcifs.smb.client.domain", "ben.com");
> jcifs.Config.setProperty("jcifs.netbios.wins", "xxx.xxx.xxx.xxx");
> jcifs.Config.setProperty("jcifs.smb.client.soTimeout", "300000"); //5
> minutes
> jcifs.Config.setProperty("jcifs.netbios.cachePolicy", "1200"); //20 minutes
> //jcifs.Config.setProperty("jcifs.smb.client.username", "myNTLogin");
> //jcifs.Config.setProperty("jcifs.smb.client.password", "secret");
>
> //Register the jcifs URL handler to enable NTLM
> jcifs.Config.registerSmbURLHandler();
>
> //Setup the proxy factory
> JaxWsProxyFactoryBean proxyFactory = new JaxWsProxyFactoryBean();
> proxyFactory.setServiceClass(com.ben.service.UserDirectoryWebService.class)
>; proxyFactory.setAddress(userDirectoryEndPoint);
>
> //Create the web proxy
> webServiceClient = (UserDirectoryWebService) proxyFactory.create();
>
> //Turn off chunking so that NTLM can occur
> Client client = proxyFactory.getClientFactoryBean().getClient();
> HTTPConduit http = (HTTPConduit) client.getConduit();
> HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
> httpClientPolicy.setConnectionTimeout(36000);
> httpClientPolicy.setAllowChunking(false);
> http.setClient(httpClientPolicy);
>
> dkulp wrote:
> > You might be able to use something like:
> > http://jcifs.samba.org/
> > to do the ntlm stuff. See:
> > http://jcifs.samba.org/src/docs/httpclient.html
> >
> > CXF just uses the JDK HTTPUrlConnection so it should work.
> >
> > That said, you MIGHT need to configure the CXF client to turn off the
> > chunking, turn on the redirect support, etc... so that it doesn't try to
> > stream the data. (the handshakes don't allow the streaming)
> >
> > If this DOES work, please let me know. :-)
> >
> >
> > Dan
> >
> > On Wednesday 02 April 2008, mrusso wrote:
> >> I can't seem to find anything related to configuring CXF to support
> >> NTLM. Has anyone tried this or found any documentation / examples that
> >> they could point me towards?
> >>
> >> I'm trying to consume a Custom Microsoft SharePoint Web Service from
> >> our Java Portal (Spring / Hibernate on WebSphere) over SSL with NTLM.
> >> I'm told by the SharePoint admins that I can use Basic Authentication,
> >> but my tests have shown that it keeps asking me for NTLM credentials.
> >>
> >> I'm generating a client from a provided .WSDL. My plan is to work
> >> from the ground up, starting with No SSL, No Authentication. Add
> >> Authentication to the SharePoint instance, retest, add SSL, retest,
> >> etc. Rinse, Repeat. My initial tests tell me that OOB CXF doesn't
> >> talk nicely with Integrated Windows Authentication, but I'm pretty new
> >> to this arena, so I'm not ruling out user error.
> >>
> >> I've followed this process with Axis2 with some success, but the
> >> generated files are horrendous, and we already are using CXF to serve
> >> to a flex client, so I'd like to keep it in the family, so to speak.
> >>
> >> Thanks for your time,
> >>
> >> Mario
> >
> > --
> > J. Daniel Kulp
> > Principal Engineer, IONA
> > dkulp@apache.org
> > http://www.dankulp.com/blog
--
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog
Re: NTLM Support?
Posted by benjwarner <be...@anz.com>.
Hi all,
Thanks for your thread, it has enabled me to get NTLM over CXF working.
Thought I'd update the thread for anyone else having this issue.
The code below is my client CXF setup. Notice that I have commented out the
bit which sets the username/password to use for NTLM. If credentials are
missing jcifs will use the underlying NT credentials. I've run this on a
websphere box, and it picks up the service account which is running
websphere. Which is handy because we don't have to manage credentials in
the app.
Hope this helps.
//Set the jcifs properties
jcifs.Config.setProperty("jcifs.smb.client.domain", "ben.com");
jcifs.Config.setProperty("jcifs.netbios.wins", "xxx.xxx.xxx.xxx");
jcifs.Config.setProperty("jcifs.smb.client.soTimeout", "300000"); //5
minutes
jcifs.Config.setProperty("jcifs.netbios.cachePolicy", "1200"); //20 minutes
//jcifs.Config.setProperty("jcifs.smb.client.username", "myNTLogin");
//jcifs.Config.setProperty("jcifs.smb.client.password", "secret");
//Register the jcifs URL handler to enable NTLM
jcifs.Config.registerSmbURLHandler();
//Setup the proxy factory
JaxWsProxyFactoryBean proxyFactory = new JaxWsProxyFactoryBean();
proxyFactory.setServiceClass(com.ben.service.UserDirectoryWebService.class);
proxyFactory.setAddress(userDirectoryEndPoint);
//Create the web proxy
webServiceClient = (UserDirectoryWebService) proxyFactory.create();
//Turn off chunking so that NTLM can occur
Client client = proxyFactory.getClientFactoryBean().getClient();
HTTPConduit http = (HTTPConduit) client.getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnectionTimeout(36000);
httpClientPolicy.setAllowChunking(false);
http.setClient(httpClientPolicy);
dkulp wrote:
>
>
> You might be able to use something like:
> http://jcifs.samba.org/
> to do the ntlm stuff. See:
> http://jcifs.samba.org/src/docs/httpclient.html
>
> CXF just uses the JDK HTTPUrlConnection so it should work.
>
> That said, you MIGHT need to configure the CXF client to turn off the
> chunking, turn on the redirect support, etc... so that it doesn't try to
> stream the data. (the handshakes don't allow the streaming)
>
> If this DOES work, please let me know. :-)
>
>
> Dan
>
>
>
> On Wednesday 02 April 2008, mrusso wrote:
>> I can't seem to find anything related to configuring CXF to support
>> NTLM. Has anyone tried this or found any documentation / examples that
>> they could point me towards?
>>
>> I'm trying to consume a Custom Microsoft SharePoint Web Service from
>> our Java Portal (Spring / Hibernate on WebSphere) over SSL with NTLM.
>> I'm told by the SharePoint admins that I can use Basic Authentication,
>> but my tests have shown that it keeps asking me for NTLM credentials.
>>
>> I'm generating a client from a provided .WSDL. My plan is to work
>> from the ground up, starting with No SSL, No Authentication. Add
>> Authentication to the SharePoint instance, retest, add SSL, retest,
>> etc. Rinse, Repeat. My initial tests tell me that OOB CXF doesn't
>> talk nicely with Integrated Windows Authentication, but I'm pretty new
>> to this arena, so I'm not ruling out user error.
>>
>> I've followed this process with Axis2 with some success, but the
>> generated files are horrendous, and we already are using CXF to serve
>> to a flex client, so I'd like to keep it in the family, so to speak.
>>
>> Thanks for your time,
>>
>> Mario
>
>
>
> --
> J. Daniel Kulp
> Principal Engineer, IONA
> dkulp@apache.org
> http://www.dankulp.com/blog
>
>
--
View this message in context: http://www.nabble.com/NTLM-Support--tp16447079p19486039.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: NTLM Support?
Posted by Daniel Kulp <dk...@apache.org>.
You might be able to use something like:
http://jcifs.samba.org/
to do the ntlm stuff. See:
http://jcifs.samba.org/src/docs/httpclient.html
CXF just uses the JDK HTTPUrlConnection so it should work.
That said, you MIGHT need to configure the CXF client to turn off the
chunking, turn on the redirect support, etc... so that it doesn't try to
stream the data. (the handshakes don't allow the streaming)
If this DOES work, please let me know. :-)
Dan
On Wednesday 02 April 2008, mrusso wrote:
> I can't seem to find anything related to configuring CXF to support
> NTLM. Has anyone tried this or found any documentation / examples that
> they could point me towards?
>
> I'm trying to consume a Custom Microsoft SharePoint Web Service from
> our Java Portal (Spring / Hibernate on WebSphere) over SSL with NTLM.
> I'm told by the SharePoint admins that I can use Basic Authentication,
> but my tests have shown that it keeps asking me for NTLM credentials.
>
> I'm generating a client from a provided .WSDL. My plan is to work
> from the ground up, starting with No SSL, No Authentication. Add
> Authentication to the SharePoint instance, retest, add SSL, retest,
> etc. Rinse, Repeat. My initial tests tell me that OOB CXF doesn't
> talk nicely with Integrated Windows Authentication, but I'm pretty new
> to this arena, so I'm not ruling out user error.
>
> I've followed this process with Axis2 with some success, but the
> generated files are horrendous, and we already are using CXF to serve
> to a flex client, so I'd like to keep it in the family, so to speak.
>
> Thanks for your time,
>
> Mario
--
J. Daniel Kulp
Principal Engineer, IONA
dkulp@apache.org
http://www.dankulp.com/blog
Re: NTLM Support?
Posted by David CastaƱeda <da...@gmail.com>.
check this, maybe it can helps,
http://www.nabble.com/-CONF--Apache-CXF-2.0-Documentation:-Client-HTTP-Transport-(including-SSL-support)-(page-edited)-td16377827.html
On Wed, Apr 2, 2008 at 9:23 AM, mrusso <mr...@roundarch.com> wrote:
>
> I can't seem to find anything related to configuring CXF to support NTLM.
> Has anyone tried this or found any documentation / examples that they
> could
> point me towards?
>
> I'm trying to consume a Custom Microsoft SharePoint Web Service from our
> Java Portal (Spring / Hibernate on WebSphere) over SSL with NTLM. I'm
> told
> by the SharePoint admins that I can use Basic Authentication, but my tests
> have shown that it keeps asking me for NTLM credentials.
>
> I'm generating a client from a provided .WSDL. My plan is to work from
> the
> ground up, starting with No SSL, No Authentication. Add Authentication to
> the SharePoint instance, retest, add SSL, retest, etc. Rinse, Repeat. My
> initial tests tell me that OOB CXF doesn't talk nicely with Integrated
> Windows Authentication, but I'm pretty new to this arena, so I'm not
> ruling
> out user error.
>
> I've followed this process with Axis2 with some success, but the generated
> files are horrendous, and we already are using CXF to serve to a flex
> client, so I'd like to keep it in the family, so to speak.
>
> Thanks for your time,
>
> Mario
> --
> View this message in context:
> http://www.nabble.com/NTLM-Support--tp16447079p16447079.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
>
--
David CastaƱeda R.