Karl is right Majority of architects would design a solution which would authenticate at initial entry point either 1) the webserver or 2) customer-facing servlet (which would implement the NTLM provider with HttpClient...)
BUT: Lets say you're a Scandanavian Mobile Phone manufacturer and you want to open up a direct SOAP interface for your high profile clients (e.g. BestBuy and or Staples) you can achieve a secure soap service with rahas and rampart Axis modules Here is a sample service configurator that comes with Rampart security module (named s5-services.xml) <service name="SecureService"> <module ref="rampart"/> <module ref="rahas"/> <parameter locked="false" name="ServiceClass">org.apache.rahas.Service</parameter> <operation name="echo"> <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/> <actionMapping>urn:echo</actionMapping> </operation> <parameter name="saml-issuer-config"> <!-- start NTLM specific --> <saml-issuer-config> <issuerName>Test_STS</issuerName> <issuerKeyAlias>ip</issuerKeyAlias> <issuerKeyPassword>password</issuerKeyPassword> <cryptoProperties> <crypto provider="org.apache.ws.security.components.crypto.Merlin"> <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property> <property name="org.apache.ws.security.crypto.merlin.file">rahas-sts.jks</property> <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property> </crypto> </cryptoProperties> <timeToLive>300000</timeToLive> <keySize>256</keySize> <addRequestedAttachedRef /> <addRequestedUnattachedRef /> <!-- code a new Java Class which would implement SAMLCallbackHandler and implement NTLM auth --> <dataCallbackHandlerClass>org.apache.rahas.SAMLDataProvider</dataCallbackHandlerClass> <!-- Key computation mechanism 1 - Use Request Entropy 2 - Provide Entropy 3 - Use Own Key --> <keyComputation>2</keyComputation> <!-- proofKeyType element is valid only if the keyComputation is set to 3 i.e. Use Own Key Valid values are: EncryptedKey & BinarySecret --> <proofKeyType>BinarySecret</proofKeyType> <trusted-services> <service alias="bob">http://localhost:5555/axis2/services/SecureService</service> <service alias="bob1">http://localhost:5555/axis2/services/SecureService1</service> <service alias="bob2">http://localhost:5555/axis2/services/SecureService2</service> <service alias="bob3">http://localhost:5555/axis2/services/SecureService3</service> <!-- you can change the PortNumber but you will need to update the following Server and Client files --> .\src\main\java\org\apache\axis2\integration\UtilServer.java .\src\main\java\org\apache\axis2\integration\UtilsTCPServer.java .\src\main\java\org\apache\rahas\TestClient.java <!-- end file listing with hardcoded Port numbers --> </trusted-services> </saml-issuer-config> </parameter> <parameter name="InflowSecurity"> <action> <items>UsernameToken Timestamp</items> <!-- custom Callback class implements javax.security.auth.callback.CallbackHandler for incoming requests --> <passwordCallbackClass xmlns="">org.apache.rahas.PWCallback</passwordCallbackClass> </action> </parameter> <parameter name="OutflowSecurity"> <action> <items>Timestamp</items> <user>ip</user> <!-- custom Callback Class implements javax.security.auth.callback.CallbackHandler for outgoing responses --> <passwordCallbackClass xmlns="">org.apache.rahas.PWCallback</passwordCallbackClass> <enableSignatureConfirmation>false</enableSignatureConfirmation> </action> </parameter> </service> More information on implementing custom security providers in rampart available at http://axis.apache.org/axis2/java/rampart/ Viel Gluck! Martin ______________________________________________ Verzicht und Vertraulichkeitanmerkung Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. ________________________________ > From: karl.wri...@nokia.com > To: java-dev@axis.apache.org; java-dev-...@axis.apache.org > Subject: RE: [axis2] NTLM v2 Authentication using Apache Axis2 Java Client > Date: Fri, 1 Mar 2013 13:25:10 +0000 > > > The HttpComponents/HttpClient implementation of NTLM contains modern > and tested support for this functionality. I have no idea what the > Axis implementation is based on, but probably it is extremely old and > out of date. > > > > Karl > > > > From: ext ajaya_senap...@dell.com [mailto:ajaya_senap...@dell.com] > Sent: Friday, March 01, 2013 6:45 AM > To: java-dev@axis.apache.org; java-dev-...@axis.apache.org > Subject: [axis2] NTLM v2 Authentication using Apache Axis2 Java Client > > > > Hi All, > > > > I am using Apache Axis2 v1.6.2 for generating the web service code > using wsdl2java utility. > > The web service I am trying to connect uses NTLM v2 authentication ( > using > org.apache.axis2.transport.http.HttpTransportProperties.Authenticator > - Authenticator.NTLM). > > > > The client code I am using always returns me back “401 – Unauthorized” > response. > > I have browsed through different site, but did not get any help. > > > > Can anybody suggest me how can this issue be fixed? > > > > Thanks & Regards > > Ajaya Kumar Senapati --------------------------------------------------------------------- To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org