axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Evgeny Beskrovny <Ebeskro...@jacada.com>
Subject Re: NTLM Authentication (again)
Date Tue, 28 Jun 2005 15:38:44 GMT
I would suggest you to use Ethereal sniffer to catch the difference between
using just HttpClient and CommonHttpSender. It may give you a clue of
what's going on.
Evgeny


                                                                           
             Martin Woodward                                               
             <martin.woodward@                                             
             gmail.com>                                                 To 
                                       axis-user@ws.apache.org             
             06/28/2005 05:05                                           cc 
             PM                                                            
                                                                   Subject 
                                       Re: NTLM Authentication (again)     
             Please respond to                                             
             axis-user@ws.apac                                             
                  he.org                                                   
                                                                           
                                                                           
                                                                           




The latest version (3.0 RC3) of the Commons HttpClient works just fine
with NTLM.  Which suggests to me that something is going funny in the
org.apache.axis.transport.http.CommonsHTTPSender class.  I'll dig
around in the CommonsHTTPSender class, but I was wondering if anyone
had come across this before or actually got NTLM working...

Below is the code I used that just used the Commons HTTPClient class
to get an NTLM protected message (changed slightly to protect the
innocent).  I tried it against the same web service method that my
WDSL2Java generated call eventually winds up calling...

-----

package com.mrwpro.vsts.play;

import java.io.IOException;

import org.apache.commons.httpclient.Credentials;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpException;
import org.apache.commons.httpclient.HttpMethodBase;
import org.apache.commons.httpclient.NTCredentials;
import org.apache.commons.httpclient.auth.AuthScope;
import org.apache.commons.httpclient.methods.GetMethod;

/**
 * Get a NTLM secured page.
 * @author martinwoodward
 */
public class NTLMHttpTest {

  public static void main(String[] args) {

    HttpClient httpClient = new HttpClient();
    Credentials credentials =  new NTCredentials("username",
"password", "remoteMachine", "MY_DOMAIN");
    httpClient.getState().setCredentials(AuthScope.ANY,credentials);
    HttpMethodBase method = new
GetMethod("http://remoteMachine/WebService/MyService.asmx/WhoAmI");

    try {
      int returnCode = httpClient.executeMethod(method);
      String response = method.getResponseBodyAsString();
      System.out.println("Response: " + response);
    } catch (HttpException e) {
      e.printStackTrace();
    } catch (IOException e) {
      e.printStackTrace();
    }

  }
}

-----

Thanks,

Martin.





On 28/06/05, Evgeny Beskrovny <Ebeskrovny@jacada.com> wrote:
> I suggest you to write the code using the classes of Apache that connect
to
> the NTLM server and see if it works. There is a big chance that it won't
> work since as far as I remember they don't support different parameters
> that can be set in NTLM for example usage of NTLM2 that server during the
> NTLM handshake might prescribe client to do.
> Evgeny
>
>             Martin Woodward
>             <martin.woodward@
>             gmail.com>                                                 To
>                                       axis-user@ws.apache.org
>             06/28/2005 01:30                                           cc
>             PM
>                                                                   Subject
>                                       Re: NTLM Authentication (again)
>             Please respond to
>             axis-user@ws.apac
>                  he.org
>
> I'm pretty sure that that the Commons HTTPClient implementation (used
> by CommonsHTTPSender) has an implementation of NTLM in 3.0-RC3.  If I
> take out my credentials from the call then I get the following error
> when talking via the proxy
>
> No credentials available for NTLM <any realm>@mymachine:80
>
> Which would suggest that it is the Commons HTTPClient code that
> negotiating, not TCPMon.
>
> I am not creating the HTTP connection directly.  I am using a
> WSDL2Java generated stub which I have added a couple of lines to add
> my credentials to the _call in the createCall method.  I have then
> used the client-config.wsdd to override the default transport
> implementaion to the Commons one (which has NTLM support)
>
> Below if the contents of my client-config.msdd file...
>
> <?xml version="1.0" encoding="UTF-8"?>
> <deployment name="defaultClientConfig"
> xmlns="http://xml.apache.org/axis/wsdd/"
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
>  <globalConfiguration>
>    <parameter name="disablePrettyXML" value="true"/>
>  </globalConfiguration>
>  <transport name="http"
> pivot="java:org.apache.axis.transport.http.CommonsHTTPSender"/>
>  <!-- transport name="http"
>
pivot="java:org.apache.axis.transport.http.HTTPSender"/ -->
>  <transport name="local"
> pivot="java:org.apache.axis.transport.local.LocalSender"/>
>  <transport name="java"
> pivot="java:org.apache.axis.transport.java.JavaSender"/>
> </deployment>
>
> I think it is actually the
> org.apache.axis.transport.http.CommonsHTTPSender class that creates
> the URL connection - please let me know if I doing something daft or
> have mis-understood your point.
>
> Cheers,
>
> Martin.
>
> On 28/06/05, Evgeny Beskrovny <Ebeskrovny@jacada.com> wrote:
> > Hi,
> > I think the reason it doesn't work for you is because in order to make
it
> > work you need to have a Sun implementation of HTTPUrlConnection on a
> > client, while here as I understand you use HttpClient of Apache that
> might
> > have no implementation of NTLM. When you connect to a proxy it
internally
> > uses Sun implementation of HTTPUrlConnection so it works.
> > When you create a URL on your client you would better use it this way
> >
> > handler = new sun.net.www.protocol.http.Handler();
> > urlToConnect    = new URL (null, urlPath.toString(),handler);
> > URLConnection connection = urlToConnect.openConnection();
> > Try this and see if it works.
> > Evgeny
> >
> >             Martin Woodward
> >             <martin.woodward@
> >             gmail.com>
To
> >                                       axis-user@ws.apache.org
> >             06/27/2005 08:30
cc
> >             PM
> >
Subject
> >                                       NTLM Authentication (again)
> >             Please respond to
> >             axis-user@ws.apac
> >                  he.org
> >
> >
> > Hi,
> >
> > I'm trying to talk to a web service that requires NTLM authentication
> > for my sins.  The good news is that it works, the bad news is that I
> > have to proxy the request through a local instance of TCPmon to get it
> > to work.  Does this sound familiar to anyone, I could very possibly be
> > me doing something dumb...
> >
> > I am using axis-1_2_1, commons-httpclient-3.0-rc3, commons-codec-1.3
> > on j2sdk1.4.2_08 running in Windows XP Pro SP2.
> >
> > As I say, everything works fine if I run up TCPMonitor on my machine
> > and then include the following lines in my client...
> >
> > System.setProperty("http.proxyHost", "localhost");
> > System.setProperty("http.proxyPort", "8888");
> >
> > I've allready edited my stub to add the username/password and added a
> > client-config.wsdd to point to the CommonsHTTPSender.
> >
> > Below is the stack trace when I don't have the web service call
proxied:-
> >
> > AxisFault
> > faultCode:
> {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
> > faultSubcode:
> > faultString: java.net.SocketException: Connection reset
> > faultActor:
> > faultNode:
> > faultDetail:
> >
> > {http://xml.apache.org/axis/}stackTrace:java.net.SocketException:
> > Connection reset
> >             at
> java.net.SocketInputStream.read(SocketInputStream.java:168)
> >             at
> > java.io.BufferedInputStream.fill(BufferedInputStream.java:183)
> >             at
> > java.io.BufferedInputStream.read(BufferedInputStream.java:201)
> >             at
> >
org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:77)
> >             at
> > org.apache.commons.httpclient.HttpParser.readLine(HttpParser.java:105)
> >             at
> >
>
org.apache.commons.httpclient.HttpConnection.readLine(HttpConnection.java:1110)

>
> >
> >             at
> >
>
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.readLine(MultiThreadedHttpConnectionManager.java:1391)

>
> >
> >             at
> >
>
org.apache.commons.httpclient.HttpMethodBase.readStatusLine(HttpMethodBase.java:1832)

>
> >
> >             at
> >
>
org.apache.commons.httpclient.HttpMethodBase.readResponse(HttpMethodBase.java:1592)

>
> >
> >             at
> >
>
org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:995)

>
> >
> >             at
> >
>
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:393)

>
> >
> >             at
> >
>
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168)

>
> >
> >             at
> >
>
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
> >             at
> >
>
org.apache.axis.transport.http.CommonsHTTPSender.invoke(CommonsHTTPSender.java:188)

>
> >
> >             at
> >
>
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)

>
> >
> >             at
> > org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
> >             at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
> >             at
> > org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
> >             at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
> >             at org.apache.axis.client.Call.invoke(Call.java:2748)
> >             at org.apache.axis.client.Call.invoke(Call.java:2424)
> >             at org.apache.axis.client.Call.invoke(Call.java:2347)
> >             at org.apache.axis.client.Call.invoke(Call.java:1804)
> >             at SNIP.whoAmI(SNIP.java:430)
> >             at com.mrwpro.vsts.play.TestClient.main(TestClient.java:30)
> >
> >             {http://xml.apache.org/axis/}hostname:tst-028-04452
> >
> > java.net.SocketException: Connection reset
> >             at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
> >             at
> >
>
org.apache.axis.transport.http.CommonsHTTPSender.invoke(CommonsHTTPSender.java:277)

>
> >
> >             at
> >
>
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)

>
> >
> >             at
> > org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
> >             at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
> >             at
> > org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
> >             at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
> >             at org.apache.axis.client.Call.invoke(Call.java:2748)
> >             at org.apache.axis.client.Call.invoke(Call.java:2424)
> >             at org.apache.axis.client.Call.invoke(Call.java:2347)
> >             at org.apache.axis.client.Call.invoke(Call.java:1804)
> >             at SNIP.whoAmI(SNIP.java:430)
> >             at com.mrwpro.vsts.play.TestClient.main(TestClient.java:30)
> > Caused by: java.net.SocketException: Connection reset
> >             at
> java.net.SocketInputStream.read(SocketInputStream.java:168)
> >             at
> > java.io.BufferedInputStream.fill(BufferedInputStream.java:183)
> >             at
> > java.io.BufferedInputStream.read(BufferedInputStream.java:201)
> >             at
> >
org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:77)
> >             at
> > org.apache.commons.httpclient.HttpParser.readLine(HttpParser.java:105)
> >             at
> >
>
org.apache.commons.httpclient.HttpConnection.readLine(HttpConnection.java:1110)

>
> >
> >             at
> >
>
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.readLine(MultiThreadedHttpConnectionManager.java:1391)

>
> >
> >             at
> >
>
org.apache.commons.httpclient.HttpMethodBase.readStatusLine(HttpMethodBase.java:1832)

>
> >
> >             at
> >
>
org.apache.commons.httpclient.HttpMethodBase.readResponse(HttpMethodBase.java:1592)

>
> >
> >             at
> >
>
org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:995)

>
> >
> >             at
> >
>
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:393)

>
> >
> >             at
> >
>
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168)

>
> >
> >             at
> >
>
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
> >             at
> >
>
org.apache.axis.transport.http.CommonsHTTPSender.invoke(CommonsHTTPSender.java:188)

>
> >
> >             ... 11 more
> >
> > When I do have it proxied, you see the 401 error coming back from the
> > server, followed by a 100 with the final 200 response containing the
> > answer.  When I run pointing to the proxy I also get the following
> > console output...
> >
> > - Unable to find required classes (javax.activation.DataHandler and
> > javax.mail.internet.MimeMultipart). Attachment support is disabled.
> > - ntlm authentication scheme selected
> > - Discarding unexpected response: HTTP/1.1 100 Continue
> >
> > Any ideas?
> >
> > Thanks,
> >
> > Martin.
> >
> > --
> >
> > http://www.woodwardweb.com
> >
> >
>
> --
>
> http://www.woodwardweb.com
>
>


--

http://www.woodwardweb.com



Mime
View raw message