Return-Path: X-Original-To: apmail-cxf-dev-archive@www.apache.org Delivered-To: apmail-cxf-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7503B6F6C for ; Mon, 16 May 2011 17:15:52 +0000 (UTC) Received: (qmail 50834 invoked by uid 500); 16 May 2011 17:15:52 -0000 Delivered-To: apmail-cxf-dev-archive@cxf.apache.org Received: (qmail 50783 invoked by uid 500); 16 May 2011 17:15:52 -0000 Mailing-List: contact dev-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list dev@cxf.apache.org Received: (qmail 50775 invoked by uid 99); 16 May 2011 17:15:52 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 16 May 2011 17:15:52 +0000 X-ASF-Spam-Status: No, hits=2.0 required=5.0 tests=NORMAL_HTTP_TO_IP,SPF_NEUTRAL,URI_HEX X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [64.85.173.253] (HELO server.dankulp.com) (64.85.173.253) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 16 May 2011 17:15:45 +0000 Received: by server.dankulp.com (Postfix, from userid 5000) id 803C5189053; Mon, 16 May 2011 13:15:24 -0400 (EDT) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on server.dankulp.com X-Spam-Level: X-Msg-File: /tmp/mailfilter-dev@cxf.apache.org.7FUWWIxRAe Received: from dilbert.dankulp.com (c-24-91-72-253.hsd1.ma.comcast.net [24.91.72.253]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by server.dankulp.com (Postfix) with ESMTPSA id 696A018902C; Mon, 16 May 2011 13:15:23 -0400 (EDT) From: Daniel Kulp To: dev@cxf.apache.org Subject: Re: Proxy server configuration at web services client side Date: Mon, 16 May 2011 13:15:22 -0400 User-Agent: KMail/1.13.7 (Linux/2.6.38; KDE/4.6.2; x86_64; ; ) Cc: vidMacquarie References: <201004201035.41759.dkulp@apache.org> <1305507792497-4398942.post@n5.nabble.com> In-Reply-To: <1305507792497-4398942.post@n5.nabble.com> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201105161315.22596.dkulp@apache.org> X-Virus-Checked: Checked by ClamAV on apache.org X-Old-Spam-Status: No, score=-102.9 required=3.0 tests=ALL_TRUSTED,BAYES_00, SHORTCIRCUIT shortcircuit=ham autolearn=disabled version=3.3.1 The CXF part of the communication looks completely correct. On the sending side, the proper Authorization and Proxy-Authorization headers are there. Thus, it looks like there should be an error or something on the server side that you would need to look at. Maybe an invalid username/password or something. I'm not really sure. Dan On Sunday, May 15, 2011 9:03:12 PM vidMacquarie wrote: > Hi CXF contributors, > > I have experienced similar error when I try to invoke a logon operation on > a Web service provider. I have attached the logs which has all the SSL > handshake logs and soap messages. I went through the ssl handshake logs > and it appears to me that my client has succesfully established the > handshake with server (web service provider), then invoked the logon > service operation. After logon operation I have received Fobidden access > error. I am unclear here whether it is an issue with my CXF config or our > proxy server rejecting the operation or webservice provider is rejecting > the operation. Do you think you can help me with reviewing the logs and > confirm to me that my CXF config is not the issue? If i can confirm this > then i could determine if I need to chase our infrastructure team that > manage proxy server or web service provider. Please note, I am using > camel-cxf, so you will see some camel logs.. > > http://cxf.547215.n5.nabble.com/file/n4398942/ssl-cxf.txt ssl-cxf.txt > > > wsdlLocation="classpath:META- INF/wsdl/bclear/bclearapi-1.6.wsdl" > serviceClass="com.cinnober.trademanager.bclearapi_1_6.BclearApi16" > serviceName="BclearApi16" > id="bclearClient" > createdFromAPI="true"> > > > > > > > > > > > > name="{http://trademanager.cinnober.com/bclearapi-1.6}BclearApi16.http-cond > uit" id="macProxy"> > > disableCNCheck="true" > > > > file="C:\BEL\src\test\resources\META-INF\wsdl\bclear\certs\3HB.p12"/> > > > file="C:\BEL\src\test\resources\META-INF\wsdl\bclear\certs\3HB.cer"/> > > > > test > test > BASIC > > > test > test > BASIC > > Connection="Keep-Alive" > ProxyServer="proxy-dev2" > ProxyServerPort="8080" > ConnectionTimeout="0" > ReceiveTimeout="0" > ContentType="text/xml" > Host="https://156.48.255.126/axis/services/BclearApi16" > AcceptLanguage="English" > AllowChunking="false" > > /> > > > > > > > > > > Kind regards, > -Vid- > > > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Proxy-server-configuration-at-web-services > -client-side-tp569342p4398942.html Sent from the cxf-dev mailing list > archive at Nabble.com. -- Daniel Kulp dkulp@apache.org http://dankulp.com/blog Talend - http://www.talend.com