cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zhemzhitsky Sergey <Sergey_Zhemzhit...@troika.ru>
Subject RE: Linux box and NTLM proxy authorization
Date Tue, 31 May 2011 13:18:42 GMT
It seems that if username is set cxf tries to use basic authentication, at least there is the
following code in the org.apache.cxf.transport.http.HttpConduit which set HTTP headers for
basic authentication if the username for the proxy is configured.

    private void setHeadersByAuthorizationPolicy(
            Message message,
            URL url,
            Map<String, List<String>> headers
    ) {
        AuthorizationPolicy authPolicy = getAuthorization();
...
        AuthorizationPolicy proxyAuthPolicy = getProxyAuthorization();
        if (proxyAuthPolicy != null && proxyAuthPolicy.isSetUserName()) {
            userName = proxyAuthPolicy.getUserName();
            if (userName != null) {
                passwd = "";
                if (proxyAuthPolicy.isSetPassword()) {
                    passwd = proxyAuthPolicy.getPassword();
                }
                setProxyBasicAuthHeader(userName, passwd, headers);
            } else if (proxyAuthPolicy.isSetAuthorizationType() 
                       && proxyAuthPolicy.isSetAuthorization()) {
                String type = proxyAuthPolicy.getAuthorizationType();
                type += " ";
                type += proxyAuthPolicy.getAuthorization();
                headers.put("Proxy-Authorization",
                            createMutableList(type));
            }
        }

Here is output from the logging output interceptor:

Content-Type: application/x-www-form-urlencoded
Headers: {accept-encoding=[gzip,deflate], org.apache.cxf.request.uri=[/cxf/sms/message/segment/26292604/state],
Host=[linuxHost:8443], CamelCxfRsQueryMap=[{user=XXX, pass=XXX, action=status}], User-Agent=[Jakarta
Commons-HttpClient/3.1], Accept=[application/xml], org.apache.cxf.message.Message.ENCODING=[ISO-8859-1],
Content-Type=[*/*], Proxy-Authorization=[Basic bGRhcHNlYXJjaDpsZGFwc2VhcmNo], Connection=[Keep-Alive]}

The interesting thing is Proxy-Authorization=[Basic bGRhcHNlYXJjaDpsZGFwc2VhcmNo].

So now I'm quite confused why I was able to run cxf successfully on the windows host.

On windows and linux hosts headers are exactly the same, but the interesting thing is that
on the windows host org.apache.cxf.transport.http.CXFAuthenticator is not called at all, at
the same time on the linux host it is called to get user name and password for the proxy.


Best Regards,
Sergey Zhemzhitsky


-----Original Message-----
From: Sergey Beryozkin [mailto:sberyozkin@gmail.com] 
Sent: Tuesday, May 31, 2011 3:00 PM
To: users@cxf.apache.org
Subject: Re: Linux box and NTLM proxy authorization

Hi

2011/5/31 Zhemzhitsky Sergey <Sergey_Zhemzhitsky@troika.ru>:
> Hi there,
>
> I need to call an external RESTful service by means of cxf from my local area network.
The request have to go through the NTLM proxy.
> On my windows machine everything works as expected and I have the external service called.
At the same time on the linux machine I've got HTTP response code 407 every time.
>

I'm wondering, is it something to do with the fact that the server recognizes that the request
comes in from Windows ?
Perhaps some extra HTTP header is included by default on Win, given that CXF uses HttpURLConnection...
Can you please capture the headers which CXF sends on Windows and Linux, using a logging feature
or some tcp trace utility ? If it is to do with some missing header then it can be added explicitly
on Linux

Cheers, Sergey


> I'm using JDK 1.6.0_24 that have support of NTLM.
>
> Here is configuration of http:conduit element.
>
> <http:conduit name="*.http-conduit">
>    <http:proxyAuthorization>
>        <sec:UserName>${proxy.user}</sec:UserName>
>        <sec:Password>${proxy.pass}</sec:Password>
>        <sec:AuthorizationType>NTLM</sec:AuthorizationType>
>    </http:proxyAuthorization>
>    <http:client
>        ProxyServerType="HTTP"
>        ProxyServer="${proxy.host}"
>        ProxyServerPort="${proxy.port}"
>        AutoRedirect="true"
>        AllowChunking="false"
>        Connection="Keep-Alive"
>        ContentType="application/x-www-form-urlencoded"/>
> </http:conduit>
>
> Is it possible to configure CXF on a linux machine to call external services throuth
NTLM proxies?
>
>
> Best Regards,
> Sergey Zhemzhitsky
>
>
> _______________________________________________________
>
> The information contained in this message may be privileged and conf idential and protected
from disclosure. If you are not the original intended recipient, you are hereby notified that
any review, retransmission, dissemination, or other use of, or taking of any action in reliance
upon, this information is prohibited. If you have received this communication in error, please
notify the sender immediately by replying to this message and delete it from your computer.
Thank you for your cooperation. Troika Dialog, Russia.
> If you need assistance please contact our Contact Center  (+7495) 258 
> 0500 or go to www.troika.ru/eng/Contacts/system.wbp
>
>

_______________________________________________________

The information contained in this message may be privileged and conf idential and protected
from disclosure. If you are not the original intended recipient, you are hereby notified that
any review, retransmission, dissemination, or other use of, or taking of any action in reliance
upon, this information is prohibited. If you have received this communication in error, please
notify the sender immediately by replying to this message and delete it from your computer.
Thank you for your cooperation. Troika Dialog, Russia. 
If you need assistance please contact our Contact Center  (+7495) 258 0500 or go to www.troika.ru/eng/Contacts/system.wbp
 



Mime
View raw message