cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-6741) Apache CXF - Kerberos Authentication Invocation error:
Date Mon, 11 Jan 2016 14:27:40 GMT

    [ https://issues.apache.org/jira/browse/CXF-6741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15091971#comment-15091971
] 

Colm O hEigeartaigh commented on CXF-6741:
------------------------------------------


You might find this system test helpful:

https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git;a=blob;f=systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosTest.java;h=57c98765dc3c7ddd00c845949121c308b00e9582;hb=HEAD

I'm closing this JIRA as it's not a CXF bug.

> Apache CXF - Kerberos Authentication Invocation error:
> ------------------------------------------------------
>
>                 Key: CXF-6741
>                 URL: https://issues.apache.org/jira/browse/CXF-6741
>             Project: CXF
>          Issue Type: Bug
>            Reporter: Remya Thomas
>
> We have a Restful webservice[developed using Apache CXF] which is protected by kerberos,
below are the cxf configurations, <jaxrs:server id="MYServices" address="/">
> 		<jaxrs:serviceBeans>
> 			<ref bean="firstServiceImpl" />
> 		</jaxrs:serviceBeans>
> 		<jaxrs:providers>
> 			 <ref bean="kerberosFilter"/>
> 			<ref bean="jsonProvider" />
> 			<ref bean="xmlProvider" />
> 		</jaxrs:providers>
> 		<jaxrs:extensionMappings>
> 			<entry key="json" value="application/json" />
> 			<entry key="xml" value="application/xml" />
> 		</jaxrs:extensionMappings>
> 		<jaxrs:inInterceptors>
> 			<ref bean="restInInterceptor" />
> 		</jaxrs:inInterceptors>
> 		<jaxrs:outFaultInterceptors>
> 			<ref bean="errorOutFaultInterceptor" />
> 		</jaxrs:outFaultInterceptors>
> 	</jaxrs:server>
> 	
> 	<bean id="kerberosFilter" class="org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter">
>    <property name="loginContextName" value="spnego-server"/> </bean> Also
"spnego-server" from login config which is spnego-client {
> 	com.sun.security.auth.module.Krb5LoginModule required; };
> spnego-server {
> 	com.sun.security.auth.module.Krb5LoginModule required
> 	storeKey=true
> 	useKeyTab=true
> 	keyTab="FILE:/etc/hellokeytab.keytab"
> 	principal=HTTP/hostname.india.com
> 	isInitiator=false;
> };
> We have a webapplication which is trying to invoke this kerberos protected webservices,
through org.apache.commons.httpclient.HttpClient , but we are getting "401 UnAuthorized Exception"
error every time.
> HttpClient httpclient = new HttpClient(); GetMethod get = new GetMethod(resourceURL);
>   get.setRequestHeader(entry.getKey(), value); Since the service is protected by kerberos,
i found that we need to set the below as headers in client
> Authorization: Negotiate "the encrypted service ticket"
> But how can we get the "the encrypted service ticket" and set it explicity into HTTPclient
headers?
> We are using thirdparty REST clients(Example: Mozilla REST client & Chrome's REST
CLIENT) there also , how to set the Authorization Negotiate ?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message