[
https://issues.apache.org/jira/browse/CXF-9056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17885955#comment-17885955
]
Freeman Yue Fang commented on CXF-9056:
---------------------------------------
Hi [~alexandersuter],
This is probably caused by the in-jdk http client used in HttpConduit
introduced by CXF 3.6.x.
Could you please test with java system property
"org.apache.cxf.transport.http.forceURLConnection" as "true" to switch back to
use old HttpConduit to see if this helps?
Best Regards
Freeman
> NTML Login ends up with Authorization loop detected after upgrading CXF from
> 3.5 to 3.6
> ---------------------------------------------------------------------------------------
>
> Key: CXF-9056
> URL: https://issues.apache.org/jira/browse/CXF-9056
> Project: CXF
> Issue Type: Bug
> Reporter: Alexander Suter
> Priority: Major
> Attachments: stacktrace.txt
>
>
> After upgrading cxf from 3.5 to 3.6 we can no longer authenticate with NTLM
> with CXF as web service client technology.
>
> We do support two modes in our product. With Challenge and without challenge.
> And the case without challenge (challenge = false) is no longer working
> whereas the authentication will be set on the httpConduit directly.
>
> {code:java}
> public class NTLMAuthenticationFeature implements WebServiceClientFeature {
>
> @Override
> public void initialize(WebServiceClientFeatureContext context) {
> BindingProvider bindingProvider = context.getBindingProvider();
> WsProps props = new WsProps(context.getProperties());
> Client proxy = ClientProxy.getClient(bindingProvider);
>
> boolean challenge =
> props.bool(Authentication.NTLM.CHALLENGE).orElse(Boolean.TRUE);
> proxy.getRequestContext().put(AsyncHTTPConduit.USE_ASYNC, challenge);
> var credentials = createNTCredentials(props);
> if (challenge) {
> proxy.getRequestContext().put(Credentials.class.getName(), credentials);
> }
> Conduit conduit = proxy.getConduit();
> if (conduit instanceof HTTPConduit httpConduit) {
> httpConduit.getClient().setAutoRedirect(true);
> }
> if (!challenge) {
> // this does no longer work
> httpConduit.getClient().setAllowChunking(false);
> setNtlmAuthHeader(credentials, httpConduit);
> }
> }
> private void setNtlmAuthHeader(NTCredentials credentials, HTTPConduit
> httpConduit) {
> var auth = httpConduit.getAuthorization();
> auth.setAuthorizationType("NTLM");
> auth.setUserName(credentials.getUserPrincipal().getName());
> auth.setPassword(credentials.getPassword());
> }
> private static NTCredentials createNTCredentials(WsProps properties) {
> var username = properties.string(Authentication.USERNAME);
> var password = properties.string(Authentication.PASSWORD);
> var workstation = properties.string(Authentication.NTLM.WORKSTATION);
> var domain = properties.string(Authentication.NTLM.DOMAIN);
> return new NTCredentials(username, password, workstation, domain);
> }
> private static record WsProps(Map<String, Object> props) {
>
> String string(String key) {
>
> return Optional.ofNullable(props.get(key))
> .map(String.class::cast)
> .orElse(null);
>
> Optional<Boolean> bool(String key) {
> return Optional.ofNullable(props.get(key))
> .map(String.class::cast)
> .filter(Predicate.not(String::isBlank))
> .map(Boolean::parseBoolean);
> }
> }
> } {code}
>
> See the error stack trace in the log.
> Do you have any hints for this problem?
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
