I looked more into this and I found AXIS2-4318 from 2012 which states the
reason for dropping the support of those features below.

Keep in mind that Axis2 1.6.x was the era of commons-httpclient 3.x. While
4.x is currently in our trunk, these next several days I will be upgrading
to 5.x so anything we do here needs to work with the latest Apache
httpclient release.

https://issues.apache.org/jira/browse/AXIS2-4318

3) drop authenticator preemptive authentication support

Preemptive authentication is considered unsecure and is strongly
discouraged. Moreover the code found in examples:
http://hc.apache.org/httpcomponents-client/examples.html is no longer
officially supported. Which means that we should drop preemptive
authentication support from the trunk; alternatively we can allow a number
of pluggable mechanisms to allow users to enable preemptive auth. The user
would have to provide HttpRequestInterceptor and HttpResponseInterceptor
implementations as well as a means to properties to configure a
BasicHttpContext for use with the HttpClient. As a workaround/alternative
the user could fully initialize it's own AbstractHttpClient instance and
pass it through the existing CACHED_HTTP_CLIENT option.

On Wed, Feb 7, 2024 at 5:48 AM Luis Silva <luis.gc.si...@redshift.pt.invalid>
wrote:

> Hi Robert,
>
>
>
> All help is welcome. If necessary, I’m available to help with testing.
>
>
>
> Best Regard’s,
>
> Luis Silva
>
>
>
>
>
> *From:* robertlazarski <robertlazar...@gmail.com>
> *Sent:* Wednesday, 7 February 2024 15:29
> *To:* java-user@axis.apache.org
> *Subject:* Re: [Axis2] - Problem with authentication Negotiate
>
>
>
> It might take me a few days to look at this but I can probably help.
>
>
>
>
>
> I'm about to make commits that upgrade Axis2 from httpclient 4.x to 5.x
> for the next release and this feature will need to be fixed for that too.
>
>
>
> On Wed, Feb 7, 2024 at 4:32 AM Luis Silva <
> luis.gc.si...@redshift.pt.invalid> wrote:
>
> Hi,
>
>
>
> I’m having a problem upgrading one application that uses axis2 version
> 1.6.0 to the 1.8.2 version.
>
> The situation is that I’m trying to connect to one IIS webservice from a
> linux server, and the IIS use in the authentication Negotiate. In version
> 1.6.0 its working using a custom class to handle the request.
>
> I try to upgrade the client part to use axis2 1.8.2 but there are changes
> on axis in HttpTransportProperties class that now doesn’t have
> Authenticator. I’m trying to use the HttpTransportPropertiesImpl class but
> it’s not working.
>
> Using HttpTransportPropertiesImpl I can’t use the custom class that
> handles the Negotiate authentication. I’m going to expose the situation
> using the code.
>
>
>
> This is the code using axis2 1.6.0, and using wsdl2java to create the stub
>
>
>
> *ProfilesStub stub = new ProfilesStub(wsURL);  // Stub created by
> wsdl2java*
>
> *System.setProperty("java.security.auth.login.config",
> kbr5LoginConfigFile); *
>
> *System.setProperty("java.security.krb5.conf", kbr5ConfigFile);*
>
> *System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");*
>
>
>
> *System.setProperty("sun.security.krb5.debug", "true");*
>
> *System.setProperty("sun.security.jgss.debug", "true");*
>
> *System.setProperty("java.security.debug",
> "logincontext,policy,scl,gssloginconfig");*
>
>
>
> *AuthPolicy.unregisterAuthScheme("BASIC");*
>
> *AuthPolicy.unregisterAuthScheme("DIGEST");*
>
> *AuthPolicy.unregisterAuthScheme("NTLM");*
>
>
>
> *ArrayList authSchemes = new ArrayList();*
>
> *if ( AuthSchemeId.equals("Negotiate") )  // **ß** I’m using
> AuthSchemeId=Negotiate*
>
> *{*
>
> *      AuthPolicy.registerAuthScheme("Negotiate",
> NegotiateSchemeCustom.class);   //**ß** the custom class that handles the
> Negotiate authentication*
>
> *       authSchemes.add("Negotiate");*
>
> *}*
>
> *else*
>
> *{*
>
> * if ( AuthSchemeId.equals("Kerberos") )*
>
> *  {*
>
> *        AuthPolicy.registerAuthScheme("Kerberos",
> KerberosSchemeCustom.class);*
>
> *        authSchemes.add("Kerberos");            }*
>
> *        else*
>
> *           throw new Exception("Invalid authentication scheme '" +
> (AuthSchemeId == null ? "(null)" : AuthSchemeId) + "'");*
>
> * }*
>
>
>
> *       HttpTransportProperties.Authenticator auth = new
> HttpTransportProperties.Authenticator();*
>
> *        auth.setDomain(userDomain);*
>
> *        auth.setHost((new URL(wsURL)).getHost());*
>
> *        java.util.Properties properties = new java.util.Properties();*
>
> *        // absolute from the classpath*
>
> *        String configFileName = "wsURL.config";*
>
> *        try*
>
> *        {*
>
> *            properties.load(new java.io.FileInputStream(configFileName));*
>
> *        }*
>
> *        catch ( Exception exception )*
>
> *        {*
>
> *            System.out.println("ERROR oppening file " + configFileName +
> "--");*
>
> *            System.out.println("EX:" + exception.getMessage() +"--");*
>
> *        }*
>
> *        String username = properties.getProperty("username");*
>
> *        String password = properties.getProperty("password");*
>
>
>
> *        auth.setUsername(username);*
>
> *        auth.setPassword(password);*
>
>
>
> *        auth.setAuthSchemes(authSchemes);*
>
>
>
> *        HttpParams params = DefaultHttpParams.getDefaultParams();*
>
> *        params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY,
> authSchemes);*
>
>
>
> *        Options options = stub._getServiceClient().getOptions();*
>
> *
> options.setProperty(org.apache.axis2.transport.http.HTTPConstants.AUTHENTICATE,
> auth);*
>
> *
> options.setProperty(org.apache.axis2.transport.http.HTTPConstants.CHUNKED,
> Boolean.FALSE);*
>
> *
> options.setProperty(org.apache.axis2.transport.http.HTTPConstants.REUSE_HTTP_CLIENT,
> "true");*
>
>
>
> *        stub._getServiceClient().setOptions(options);*
>
>
>
> *       GetUserInfo userInfo = GetUserInfo.Factory.newInstance(); //
> GetUserInfo class created by wsdl2java*
>
> *        userInfo.setSUserName(userName);*
>
> *        userInfo.setSDomain(domain);*
>
> *        userInfo.setSApplication(application);*
>
>
>
> *        GetUserInfoDocument getUserInfoDocument =
> GetUserInfoDocument.Factory.newInstance();// GetUserInfoDocument class
> created by wsdl2java*
>
>
>
> *       getUserInfoDocument.setGetUserInfo(userInfo); *
>
>
>
> *        GetUserInfoResponseDocument response =
> stub.getUserInfo(getUserInfoDocument); // getUserInfo method to invoke,
> GetUserInfoResponseDocument class created by wsdl2java*
>
> *        String userData =
> response.getGetUserInfoResponse().getGetUserInfoResult().toString();*
>
>
>
> And using trace on the NegotiateSchemeCustom.class I confirm that this
> class is used
>
> In the class
>
> *public NegotiateSchemeCustom () {*
>
> *        super();*
>
> *        state = UNINITIATED;*
>
> *        System.out.println("Created NegotiateSchemeCustom()");*
>
> *    }*
>
>
>
> The output
>
> Jan 31, 2024 5:09:09 PM
> org.apache.commons.httpclient.auth.AuthChallengeProcessor selectAuthScheme
>
> INFO: negotiate authentication scheme selected
>
> Created NegotiateSchemeCustom()
>
>
>
> And the invocation is successful.
>
>
>
> But when I try using 1.8.2 version
>
>
>
> *ProfilesStub stub = new ProfilesStub(wsURL);  // Stub created by
> wsdl2java version 1.8.2*
>
> *System.setProperty("java.security.auth.login.config",
> kbr5LoginConfigFile); *
>
> *System.setProperty("java.security.krb5.conf", kbr5ConfigFile);*
>
> *System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");*
>
>
>
> *System.setProperty("sun.security.krb5.debug", "true");*
>
> *System.setProperty("sun.security.jgss.debug", "true");*
>
> *System.setProperty("java.security.debug",
> "logincontext,policy,scl,gssloginconfig");*
>
>
>
> *AuthPolicy.unregisterAuthScheme("BASIC");*
>
> *AuthPolicy.unregisterAuthScheme("DIGEST");*
>
> *AuthPolicy.unregisterAuthScheme("NTLM");*
>
>
>
> *ArrayList authSchemes = new ArrayList();*
>
> *if ( AuthSchemeId.equals("Negotiate") )  // **ß** I’m using
> AuthSchemeId=Negotiate*
>
> *{*
>
> *      AuthPolicy.registerAuthScheme("Negotiate",
> NegotiateSchemeCustom.class);   //**ß** the custom class that handles the
> Negotiate authentication, same as the 1.6.0*
>
> *       authSchemes.add("Negotiate");*
>
> *}*
>
> *else*
>
> *{*
>
> * if ( AuthSchemeId.equals("Kerberos") )*
>
> *  {*
>
> *        AuthPolicy.registerAuthScheme("Kerberos",
> KerberosSchemeCustom.class);*
>
> *        authSchemes.add("Kerberos");            }*
>
> *        else*
>
> *           throw new Exception("Invalid authentication scheme '" +
> (AuthSchemeId == null ? "(null)" : AuthSchemeId) + "'");*
>
> * }*
>
>
>
> *       HttpTransportPropertiesImpl.Authenticator auth = new
> HttpTransportPropertiesImpl.Authenticator(); // **ß** Using
> HttpTransportPropertiesImpl that has Authenticator*
>
> *        auth.setDomain(userDomain);*
>
> *        auth.setHost((new URL(wsURL)).getHost());*
>
> *        java.util.Properties properties = new java.util.Properties();*
>
> *        // absolute from the classpath*
>
> *        String configFileName = "wsURL.config";*
>
> *        try*
>
> *        {*
>
> *            properties.load(new java.io.FileInputStream(configFileName));*
>
> *        }*
>
> *        catch ( Exception exception )*
>
> *        {*
>
> *            System.out.println("ERROR oppening file " + configFileName +
> "--");*
>
> *            System.out.println("EX:" + exception.getMessage() +"--");*
>
> *        }*
>
> *        String username = properties.getProperty("username");*
>
> *        String password = properties.getProperty("password");*
>
>
>
> *        auth.setUsername(username);*
>
> *        auth.setPassword(password);*
>
>
>
> *        auth.setAuthSchemes(authSchemes);*
>
>
>
> *        HttpParams params = DefaultHttpParams.getDefaultParams();*
>
> *        params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY,
> authSchemes);*
>
>
>
> *        Options options = stub._getServiceClient().getOptions();*
>
> *
> options.setProperty(org.apache.axis2.transport.http.HTTPConstants.AUTHENTICATE,
> auth);*
>
> *
> options.setProperty(org.apache.axis2.transport.http.HTTPConstants.CHUNKED,
> Boolean.FALSE);*
>
> *
> options.setProperty(org.apache.axis2.transport.http.HTTPConstants.REUSE_HTTP_CLIENT,
> "true");*
>
>
>
> *        stub._getServiceClient().setOptions(options);*
>
>
>
> *       GetUserInfo userInfo = GetUserInfo.Factory.newInstance(); //
> GetUserInfo class created by wsdl2java*
>
> *        userInfo.setSUserName(userName);*
>
> *        userInfo.setSDomain(domain);*
>
> *        userInfo.setSApplication(application);*
>
>
>
> *        GetUserInfoDocument getUserInfoDocument =
> GetUserInfoDocument.Factory.newInstance();// GetUserInfoDocument class
> created by wsdl2java*
>
>
>
> *       getUserInfoDocument.setGetUserInfo(userInfo); *
>
>
>
> *        GetUserInfoResponseDocument response =
> stub.getUserInfo(getUserInfoDocument); // getUserInfo method to invoke,
> GetUserInfoResponseDocument class created by wsdl2java*
>
> *        String userData =
> response.getGetUserInfoResponse().getGetUserInfoResult().toString();*
>
>
>
> My problems started, first is with HttpTransportPropertiesImpl, it does
> not recognizes Negotiate schema.
>
> I checked the code and when the method getAuthPolicyPref of the
> Authenticator class of the HttpTransportPropertiesImpl is called with
> Negotiate its returns null.
>
> Where is part of the code of
> axis2-1.8.2\modules\transport\http\src\org\apache\axis2\transport\http\impl\httpclient4\HttpTransportPropertiesImpl.java
>
> *@Override*
>
> *        public Object getAuthPolicyPref(String scheme) {*
>
> *            if (BASIC.equals(scheme)) {*
>
> *                return AuthPolicy.BASIC;*
>
> *            } else if (NTLM.equals(scheme)) {*
>
> *                return AuthPolicy.NTLM;*
>
> *            } else if (DIGEST.equals(scheme)) {*
>
> *                return AuthPolicy.DIGEST;*
>
> *            }*
>
> *            return null;*
>
> *        }*
>
> There is no Negotiate so it returns null and in the
> AuthenticationStrategyImpl select method it causes one exception bellow,
> because id is null
>
> *for (final String id: authPrefs) {*
>
> *            final Header challenge =
> challenges.get(id.toLowerCase(Locale.ROOT));*
>
>
>
> My solution to this was to create a custom
> HttpTransportPropertiesImplCustom that includes Negotiate and Kerberos
>
> This is my custom class.
>
> *public class HttpTransportPropertiesImplCustom extends
> HttpTransportProperties {*
>
>
>
> *    protected HttpVersion httpVersion;*
>
>
>
> *    @Override*
>
> *    public void setHttpVersion(Object httpVerion) {*
>
> *        this.httpVersion = (HttpVersion) httpVerion;*
>
> *    }*
>
>
>
> *    @Override*
>
> *    public Object getHttpVersion() {*
>
> *        return this.httpVersion;*
>
> *    }*
>
>
>
> *    public static class Authenticator extends HTTPAuthenticator {*
>
>
>
> *        private int port = -1;*
>
> *        private String realm = null;*
>
>
>
> *        public static final String NTLM = "NTLM";*
>
> *        public static final String DIGEST = "Digest";*
>
> *        public static final String BASIC = "Basic";*
>
> *        public static final String SPNEGO = "Negotiate";*
>
> *        public static final String KERBEROS = "Kerberos";*
>
>
>
> *        public int getPort() {*
>
> *            return port;*
>
> *        }*
>
>
>
> *        public void setPort(int port) {*
>
> *            this.port = port;*
>
> *        }*
>
>
>
> *        public String getRealm() {*
>
> *            return realm;*
>
> *        }*
>
>
>
> *        public void setRealm(String realm) {*
>
> *            this.realm = realm;*
>
> *        }*
>
>
>
> *        @Override*
>
> *        public Object getAuthPolicyPref(String scheme) {*
>
> *            if (BASIC.equals(scheme)) {*
>
> *                return "Basic";*
>
> *            } else if (NTLM.equals(scheme)) {*
>
> *                return "NTLM";*
>
> *            } else if (DIGEST.equals(scheme)) {*
>
> *                return "Digest";*
>
> *            }*
>
> *            else if (SPNEGO.equals(scheme)) {*
>
> *                return "Negotiate";*
>
> *            }*
>
> *            else if (KERBEROS.equals(scheme)) {*
>
> *                return "Kerberos";*
>
> *            }*
>
> *            return null;*
>
> *        }*
>
> *    }*
>
>
>
> *}*
>
>
>
> With this now I have a valid schema for Negotiate but still can’t invoke
> my custom class. Debugging I see that the class used when the schema is
> Negotiate is SPNegoScheme of the package org.apache.http.impl.auth. It
> ignores my NegotiateSchemeCustom.class
>
> I also tried to create a custom SPNegoScheme with the code of
> NegotiateSchemeCustom.class but have other problems.
>
> But instead of trying to use this solution why my custom class
>  NegotiateSchemeCustom.class isn’t used as the schema for Negotiate?
>
> I’m I missing some new configuration?
>
>
>
> Any help/suggestion is appreciated .
>
>
>
> Best Regards,
>
> Luis Silva
>
>
>
>

Reply via email to