It might take me a few days to look at this but I can probably help. I'm about to make commits that upgrade Axis2 from httpclient 4.x to 5.x for the next release and this feature will need to be fixed for that too.
On Wed, Feb 7, 2024 at 4:32 AM Luis Silva <luis.gc.si...@redshift.pt.invalid> wrote: > Hi, > > > > I’m having a problem upgrading one application that uses axis2 version > 1.6.0 to the 1.8.2 version. > > The situation is that I’m trying to connect to one IIS webservice from a > linux server, and the IIS use in the authentication Negotiate. In version > 1.6.0 its working using a custom class to handle the request. > > I try to upgrade the client part to use axis2 1.8.2 but there are changes > on axis in HttpTransportProperties class that now doesn’t have > Authenticator. I’m trying to use the HttpTransportPropertiesImpl class but > it’s not working. > > Using HttpTransportPropertiesImpl I can’t use the custom class that > handles the Negotiate authentication. I’m going to expose the situation > using the code. > > > > This is the code using axis2 1.6.0, and using wsdl2java to create the stub > > > > *ProfilesStub stub = new ProfilesStub(wsURL); // Stub created by > wsdl2java* > > *System.setProperty("java.security.auth.login.config", > kbr5LoginConfigFile); * > > *System.setProperty("java.security.krb5.conf", kbr5ConfigFile);* > > *System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");* > > > > *System.setProperty("sun.security.krb5.debug", "true");* > > *System.setProperty("sun.security.jgss.debug", "true");* > > *System.setProperty("java.security.debug", > "logincontext,policy,scl,gssloginconfig");* > > > > *AuthPolicy.unregisterAuthScheme("BASIC");* > > *AuthPolicy.unregisterAuthScheme("DIGEST");* > > *AuthPolicy.unregisterAuthScheme("NTLM");* > > > > *ArrayList authSchemes = new ArrayList();* > > *if ( AuthSchemeId.equals("Negotiate") ) // **ß** I’m using > AuthSchemeId=Negotiate* > > *{* > > * AuthPolicy.registerAuthScheme("Negotiate", > NegotiateSchemeCustom.class); //**ß** the custom class that handles the > Negotiate authentication* > > * authSchemes.add("Negotiate");* > > *}* > > *else* > > *{* > > * if ( AuthSchemeId.equals("Kerberos") )* > > * {* > > * AuthPolicy.registerAuthScheme("Kerberos", > KerberosSchemeCustom.class);* > > * authSchemes.add("Kerberos"); }* > > * else* > > * throw new Exception("Invalid authentication scheme '" + > (AuthSchemeId == null ? "(null)" : AuthSchemeId) + "'");* > > * }* > > > > * HttpTransportProperties.Authenticator auth = new > HttpTransportProperties.Authenticator();* > > * auth.setDomain(userDomain);* > > * auth.setHost((new URL(wsURL)).getHost());* > > * java.util.Properties properties = new java.util.Properties();* > > * // absolute from the classpath* > > * String configFileName = "wsURL.config";* > > * try* > > * {* > > * properties.load(new java.io.FileInputStream(configFileName));* > > * }* > > * catch ( Exception exception )* > > * {* > > * System.out.println("ERROR oppening file " + configFileName + > "--");* > > * System.out.println("EX:" + exception.getMessage() +"--");* > > * }* > > * String username = properties.getProperty("username");* > > * String password = properties.getProperty("password");* > > > > * auth.setUsername(username);* > > * auth.setPassword(password);* > > > > * auth.setAuthSchemes(authSchemes);* > > > > * HttpParams params = DefaultHttpParams.getDefaultParams();* > > * params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, > authSchemes);* > > > > * Options options = stub._getServiceClient().getOptions();* > > * > options.setProperty(org.apache.axis2.transport.http.HTTPConstants.AUTHENTICATE, > auth);* > > * > options.setProperty(org.apache.axis2.transport.http.HTTPConstants.CHUNKED, > Boolean.FALSE);* > > * > options.setProperty(org.apache.axis2.transport.http.HTTPConstants.REUSE_HTTP_CLIENT, > "true");* > > > > * stub._getServiceClient().setOptions(options);* > > > > * GetUserInfo userInfo = GetUserInfo.Factory.newInstance(); // > GetUserInfo class created by wsdl2java* > > * userInfo.setSUserName(userName);* > > * userInfo.setSDomain(domain);* > > * userInfo.setSApplication(application);* > > > > * GetUserInfoDocument getUserInfoDocument = > GetUserInfoDocument.Factory.newInstance();// GetUserInfoDocument class > created by wsdl2java* > > > > * getUserInfoDocument.setGetUserInfo(userInfo); * > > > > * GetUserInfoResponseDocument response = > stub.getUserInfo(getUserInfoDocument); // getUserInfo method to invoke, > GetUserInfoResponseDocument class created by wsdl2java* > > * String userData = > response.getGetUserInfoResponse().getGetUserInfoResult().toString();* > > > > And using trace on the NegotiateSchemeCustom.class I confirm that this > class is used > > In the class > > *public NegotiateSchemeCustom () {* > > * super();* > > * state = UNINITIATED;* > > * System.out.println("Created NegotiateSchemeCustom()");* > > * }* > > > > The output > > Jan 31, 2024 5:09:09 PM > org.apache.commons.httpclient.auth.AuthChallengeProcessor selectAuthScheme > > INFO: negotiate authentication scheme selected > > Created NegotiateSchemeCustom() > > > > And the invocation is successful. > > > > But when I try using 1.8.2 version > > > > *ProfilesStub stub = new ProfilesStub(wsURL); // Stub created by > wsdl2java version 1.8.2* > > *System.setProperty("java.security.auth.login.config", > kbr5LoginConfigFile); * > > *System.setProperty("java.security.krb5.conf", kbr5ConfigFile);* > > *System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");* > > > > *System.setProperty("sun.security.krb5.debug", "true");* > > *System.setProperty("sun.security.jgss.debug", "true");* > > *System.setProperty("java.security.debug", > "logincontext,policy,scl,gssloginconfig");* > > > > *AuthPolicy.unregisterAuthScheme("BASIC");* > > *AuthPolicy.unregisterAuthScheme("DIGEST");* > > *AuthPolicy.unregisterAuthScheme("NTLM");* > > > > *ArrayList authSchemes = new ArrayList();* > > *if ( AuthSchemeId.equals("Negotiate") ) // **ß** I’m using > AuthSchemeId=Negotiate* > > *{* > > * AuthPolicy.registerAuthScheme("Negotiate", > NegotiateSchemeCustom.class); //**ß** the custom class that handles the > Negotiate authentication, same as the 1.6.0* > > * authSchemes.add("Negotiate");* > > *}* > > *else* > > *{* > > * if ( AuthSchemeId.equals("Kerberos") )* > > * {* > > * AuthPolicy.registerAuthScheme("Kerberos", > KerberosSchemeCustom.class);* > > * authSchemes.add("Kerberos"); }* > > * else* > > * throw new Exception("Invalid authentication scheme '" + > (AuthSchemeId == null ? "(null)" : AuthSchemeId) + "'");* > > * }* > > > > * HttpTransportPropertiesImpl.Authenticator auth = new > HttpTransportPropertiesImpl.Authenticator(); // **ß** Using > HttpTransportPropertiesImpl that has Authenticator* > > * auth.setDomain(userDomain);* > > * auth.setHost((new URL(wsURL)).getHost());* > > * java.util.Properties properties = new java.util.Properties();* > > * // absolute from the classpath* > > * String configFileName = "wsURL.config";* > > * try* > > * {* > > * properties.load(new java.io.FileInputStream(configFileName));* > > * }* > > * catch ( Exception exception )* > > * {* > > * System.out.println("ERROR oppening file " + configFileName + > "--");* > > * System.out.println("EX:" + exception.getMessage() +"--");* > > * }* > > * String username = properties.getProperty("username");* > > * String password = properties.getProperty("password");* > > > > * auth.setUsername(username);* > > * auth.setPassword(password);* > > > > * auth.setAuthSchemes(authSchemes);* > > > > * HttpParams params = DefaultHttpParams.getDefaultParams();* > > * params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, > authSchemes);* > > > > * Options options = stub._getServiceClient().getOptions();* > > * > options.setProperty(org.apache.axis2.transport.http.HTTPConstants.AUTHENTICATE, > auth);* > > * > options.setProperty(org.apache.axis2.transport.http.HTTPConstants.CHUNKED, > Boolean.FALSE);* > > * > options.setProperty(org.apache.axis2.transport.http.HTTPConstants.REUSE_HTTP_CLIENT, > "true");* > > > > * stub._getServiceClient().setOptions(options);* > > > > * GetUserInfo userInfo = GetUserInfo.Factory.newInstance(); // > GetUserInfo class created by wsdl2java* > > * userInfo.setSUserName(userName);* > > * userInfo.setSDomain(domain);* > > * userInfo.setSApplication(application);* > > > > * GetUserInfoDocument getUserInfoDocument = > GetUserInfoDocument.Factory.newInstance();// GetUserInfoDocument class > created by wsdl2java* > > > > * getUserInfoDocument.setGetUserInfo(userInfo); * > > > > * GetUserInfoResponseDocument response = > stub.getUserInfo(getUserInfoDocument); // getUserInfo method to invoke, > GetUserInfoResponseDocument class created by wsdl2java* > > * String userData = > response.getGetUserInfoResponse().getGetUserInfoResult().toString();* > > > > My problems started, first is with HttpTransportPropertiesImpl, it does > not recognizes Negotiate schema. > > I checked the code and when the method getAuthPolicyPref of the > Authenticator class of the HttpTransportPropertiesImpl is called with > Negotiate its returns null. > > Where is part of the code of > axis2-1.8.2\modules\transport\http\src\org\apache\axis2\transport\http\impl\httpclient4\HttpTransportPropertiesImpl.java > > *@Override* > > * public Object getAuthPolicyPref(String scheme) {* > > * if (BASIC.equals(scheme)) {* > > * return AuthPolicy.BASIC;* > > * } else if (NTLM.equals(scheme)) {* > > * return AuthPolicy.NTLM;* > > * } else if (DIGEST.equals(scheme)) {* > > * return AuthPolicy.DIGEST;* > > * }* > > * return null;* > > * }* > > There is no Negotiate so it returns null and in the > AuthenticationStrategyImpl select method it causes one exception bellow, > because id is null > > *for (final String id: authPrefs) {* > > * final Header challenge = > challenges.get(id.toLowerCase(Locale.ROOT));* > > > > My solution to this was to create a custom > HttpTransportPropertiesImplCustom that includes Negotiate and Kerberos > > This is my custom class. > > *public class HttpTransportPropertiesImplCustom extends > HttpTransportProperties {* > > > > * protected HttpVersion httpVersion;* > > > > * @Override* > > * public void setHttpVersion(Object httpVerion) {* > > * this.httpVersion = (HttpVersion) httpVerion;* > > * }* > > > > * @Override* > > * public Object getHttpVersion() {* > > * return this.httpVersion;* > > * }* > > > > * public static class Authenticator extends HTTPAuthenticator {* > > > > * private int port = -1;* > > * private String realm = null;* > > > > * public static final String NTLM = "NTLM";* > > * public static final String DIGEST = "Digest";* > > * public static final String BASIC = "Basic";* > > * public static final String SPNEGO = "Negotiate";* > > * public static final String KERBEROS = "Kerberos";* > > > > * public int getPort() {* > > * return port;* > > * }* > > > > * public void setPort(int port) {* > > * this.port = port;* > > * }* > > > > * public String getRealm() {* > > * return realm;* > > * }* > > > > * public void setRealm(String realm) {* > > * this.realm = realm;* > > * }* > > > > * @Override* > > * public Object getAuthPolicyPref(String scheme) {* > > * if (BASIC.equals(scheme)) {* > > * return "Basic";* > > * } else if (NTLM.equals(scheme)) {* > > * return "NTLM";* > > * } else if (DIGEST.equals(scheme)) {* > > * return "Digest";* > > * }* > > * else if (SPNEGO.equals(scheme)) {* > > * return "Negotiate";* > > * }* > > * else if (KERBEROS.equals(scheme)) {* > > * return "Kerberos";* > > * }* > > * return null;* > > * }* > > * }* > > > > *}* > > > > With this now I have a valid schema for Negotiate but still can’t invoke > my custom class. Debugging I see that the class used when the schema is > Negotiate is SPNegoScheme of the package org.apache.http.impl.auth. It > ignores my NegotiateSchemeCustom.class > > I also tried to create a custom SPNegoScheme with the code of > NegotiateSchemeCustom.class but have other problems. > > But instead of trying to use this solution why my custom class > NegotiateSchemeCustom.class isn’t used as the schema for Negotiate? > > I’m I missing some new configuration? > > > > Any help/suggestion is appreciated . > > > > Best Regards, > > Luis Silva > > >