To further clarify, see the example using CACHED_HTTP_CLIENT below; however that example is going to change slightly soon for httpclient 5.x.
https://axis.apache.org/axis2/java/core/docs/http-transport.html On Fri, Feb 16, 2024 at 2:57 PM robertlazarski <robertlazar...@gmail.com> wrote: > I looked more into this and I found AXIS2-4318 from 2012 which states the > reason for dropping the support of those features below. > > Keep in mind that Axis2 1.6.x was the era of commons-httpclient 3.x. While > 4.x is currently in our trunk, these next several days I will be upgrading > to 5.x so anything we do here needs to work with the latest Apache > httpclient release. > > https://issues.apache.org/jira/browse/AXIS2-4318 > > 3) drop authenticator preemptive authentication support > > Preemptive authentication is considered unsecure and is strongly > discouraged. Moreover the code found in examples: > http://hc.apache.org/httpcomponents-client/examples.html is no longer > officially supported. Which means that we should drop preemptive > authentication support from the trunk; alternatively we can allow a number > of pluggable mechanisms to allow users to enable preemptive auth. The user > would have to provide HttpRequestInterceptor and HttpResponseInterceptor > implementations as well as a means to properties to configure a > BasicHttpContext for use with the HttpClient. As a workaround/alternative > the user could fully initialize it's own AbstractHttpClient instance and > pass it through the existing CACHED_HTTP_CLIENT option. > > On Wed, Feb 7, 2024 at 5:48 AM Luis Silva > <luis.gc.si...@redshift.pt.invalid> wrote: > >> Hi Robert, >> >> >> >> All help is welcome. If necessary, I’m available to help with testing. >> >> >> >> Best Regard’s, >> >> Luis Silva >> >> >> >> >> >> *From:* robertlazarski <robertlazar...@gmail.com> >> *Sent:* Wednesday, 7 February 2024 15:29 >> *To:* java-user@axis.apache.org >> *Subject:* Re: [Axis2] - Problem with authentication Negotiate >> >> >> >> It might take me a few days to look at this but I can probably help. >> >> >> >> >> >> I'm about to make commits that upgrade Axis2 from httpclient 4.x to 5.x >> for the next release and this feature will need to be fixed for that too. >> >> >> >> On Wed, Feb 7, 2024 at 4:32 AM Luis Silva < >> luis.gc.si...@redshift.pt.invalid> wrote: >> >> Hi, >> >> >> >> I’m having a problem upgrading one application that uses axis2 version >> 1.6.0 to the 1.8.2 version. >> >> The situation is that I’m trying to connect to one IIS webservice from a >> linux server, and the IIS use in the authentication Negotiate. In version >> 1.6.0 its working using a custom class to handle the request. >> >> I try to upgrade the client part to use axis2 1.8.2 but there are changes >> on axis in HttpTransportProperties class that now doesn’t have >> Authenticator. I’m trying to use the HttpTransportPropertiesImpl class but >> it’s not working. >> >> Using HttpTransportPropertiesImpl I can’t use the custom class that >> handles the Negotiate authentication. I’m going to expose the situation >> using the code. >> >> >> >> This is the code using axis2 1.6.0, and using wsdl2java to create the >> stub >> >> >> >> *ProfilesStub stub = new ProfilesStub(wsURL); // Stub created by >> wsdl2java* >> >> *System.setProperty("java.security.auth.login.config", >> kbr5LoginConfigFile); * >> >> *System.setProperty("java.security.krb5.conf", kbr5ConfigFile);* >> >> *System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");* >> >> >> >> *System.setProperty("sun.security.krb5.debug", "true");* >> >> *System.setProperty("sun.security.jgss.debug", "true");* >> >> *System.setProperty("java.security.debug", >> "logincontext,policy,scl,gssloginconfig");* >> >> >> >> *AuthPolicy.unregisterAuthScheme("BASIC");* >> >> *AuthPolicy.unregisterAuthScheme("DIGEST");* >> >> *AuthPolicy.unregisterAuthScheme("NTLM");* >> >> >> >> *ArrayList authSchemes = new ArrayList();* >> >> *if ( AuthSchemeId.equals("Negotiate") ) // **ß** I’m using >> AuthSchemeId=Negotiate* >> >> *{* >> >> * AuthPolicy.registerAuthScheme("Negotiate", >> NegotiateSchemeCustom.class); //**ß** the custom class that handles >> the Negotiate authentication* >> >> * authSchemes.add("Negotiate");* >> >> *}* >> >> *else* >> >> *{* >> >> * if ( AuthSchemeId.equals("Kerberos") )* >> >> * {* >> >> * AuthPolicy.registerAuthScheme("Kerberos", >> KerberosSchemeCustom.class);* >> >> * authSchemes.add("Kerberos"); }* >> >> * else* >> >> * throw new Exception("Invalid authentication scheme '" + >> (AuthSchemeId == null ? "(null)" : AuthSchemeId) + "'");* >> >> * }* >> >> >> >> * HttpTransportProperties.Authenticator auth = new >> HttpTransportProperties.Authenticator();* >> >> * auth.setDomain(userDomain);* >> >> * auth.setHost((new URL(wsURL)).getHost());* >> >> * java.util.Properties properties = new java.util.Properties();* >> >> * // absolute from the classpath* >> >> * String configFileName = "wsURL.config";* >> >> * try* >> >> * {* >> >> * properties.load(new >> java.io.FileInputStream(configFileName));* >> >> * }* >> >> * catch ( Exception exception )* >> >> * {* >> >> * System.out.println("ERROR oppening file " + configFileName + >> "--");* >> >> * System.out.println("EX:" + exception.getMessage() +"--");* >> >> * }* >> >> * String username = properties.getProperty("username");* >> >> * String password = properties.getProperty("password");* >> >> >> >> * auth.setUsername(username);* >> >> * auth.setPassword(password);* >> >> >> >> * auth.setAuthSchemes(authSchemes);* >> >> >> >> * HttpParams params = DefaultHttpParams.getDefaultParams();* >> >> * params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, >> authSchemes);* >> >> >> >> * Options options = stub._getServiceClient().getOptions();* >> >> * >> options.setProperty(org.apache.axis2.transport.http.HTTPConstants.AUTHENTICATE, >> auth);* >> >> * >> options.setProperty(org.apache.axis2.transport.http.HTTPConstants.CHUNKED, >> Boolean.FALSE);* >> >> * >> options.setProperty(org.apache.axis2.transport.http.HTTPConstants.REUSE_HTTP_CLIENT, >> "true");* >> >> >> >> * stub._getServiceClient().setOptions(options);* >> >> >> >> * GetUserInfo userInfo = GetUserInfo.Factory.newInstance(); // >> GetUserInfo class created by wsdl2java* >> >> * userInfo.setSUserName(userName);* >> >> * userInfo.setSDomain(domain);* >> >> * userInfo.setSApplication(application);* >> >> >> >> * GetUserInfoDocument getUserInfoDocument = >> GetUserInfoDocument.Factory.newInstance();// GetUserInfoDocument class >> created by wsdl2java* >> >> >> >> * getUserInfoDocument.setGetUserInfo(userInfo); * >> >> >> >> * GetUserInfoResponseDocument response = >> stub.getUserInfo(getUserInfoDocument); // getUserInfo method to invoke, >> GetUserInfoResponseDocument class created by wsdl2java* >> >> * String userData = >> response.getGetUserInfoResponse().getGetUserInfoResult().toString();* >> >> >> >> And using trace on the NegotiateSchemeCustom.class I confirm that this >> class is used >> >> In the class >> >> *public NegotiateSchemeCustom () {* >> >> * super();* >> >> * state = UNINITIATED;* >> >> * System.out.println("Created NegotiateSchemeCustom()");* >> >> * }* >> >> >> >> The output >> >> Jan 31, 2024 5:09:09 PM >> org.apache.commons.httpclient.auth.AuthChallengeProcessor selectAuthScheme >> >> INFO: negotiate authentication scheme selected >> >> Created NegotiateSchemeCustom() >> >> >> >> And the invocation is successful. >> >> >> >> But when I try using 1.8.2 version >> >> >> >> *ProfilesStub stub = new ProfilesStub(wsURL); // Stub created by >> wsdl2java version 1.8.2* >> >> *System.setProperty("java.security.auth.login.config", >> kbr5LoginConfigFile); * >> >> *System.setProperty("java.security.krb5.conf", kbr5ConfigFile);* >> >> *System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");* >> >> >> >> *System.setProperty("sun.security.krb5.debug", "true");* >> >> *System.setProperty("sun.security.jgss.debug", "true");* >> >> *System.setProperty("java.security.debug", >> "logincontext,policy,scl,gssloginconfig");* >> >> >> >> *AuthPolicy.unregisterAuthScheme("BASIC");* >> >> *AuthPolicy.unregisterAuthScheme("DIGEST");* >> >> *AuthPolicy.unregisterAuthScheme("NTLM");* >> >> >> >> *ArrayList authSchemes = new ArrayList();* >> >> *if ( AuthSchemeId.equals("Negotiate") ) // **ß** I’m using >> AuthSchemeId=Negotiate* >> >> *{* >> >> * AuthPolicy.registerAuthScheme("Negotiate", >> NegotiateSchemeCustom.class); //**ß** the custom class that handles >> the Negotiate authentication, same as the 1.6.0* >> >> * authSchemes.add("Negotiate");* >> >> *}* >> >> *else* >> >> *{* >> >> * if ( AuthSchemeId.equals("Kerberos") )* >> >> * {* >> >> * AuthPolicy.registerAuthScheme("Kerberos", >> KerberosSchemeCustom.class);* >> >> * authSchemes.add("Kerberos"); }* >> >> * else* >> >> * throw new Exception("Invalid authentication scheme '" + >> (AuthSchemeId == null ? "(null)" : AuthSchemeId) + "'");* >> >> * }* >> >> >> >> * HttpTransportPropertiesImpl.Authenticator auth = new >> HttpTransportPropertiesImpl.Authenticator(); // **ß** Using >> HttpTransportPropertiesImpl that has Authenticator* >> >> * auth.setDomain(userDomain);* >> >> * auth.setHost((new URL(wsURL)).getHost());* >> >> * java.util.Properties properties = new java.util.Properties();* >> >> * // absolute from the classpath* >> >> * String configFileName = "wsURL.config";* >> >> * try* >> >> * {* >> >> * properties.load(new >> java.io.FileInputStream(configFileName));* >> >> * }* >> >> * catch ( Exception exception )* >> >> * {* >> >> * System.out.println("ERROR oppening file " + configFileName + >> "--");* >> >> * System.out.println("EX:" + exception.getMessage() +"--");* >> >> * }* >> >> * String username = properties.getProperty("username");* >> >> * String password = properties.getProperty("password");* >> >> >> >> * auth.setUsername(username);* >> >> * auth.setPassword(password);* >> >> >> >> * auth.setAuthSchemes(authSchemes);* >> >> >> >> * HttpParams params = DefaultHttpParams.getDefaultParams();* >> >> * params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, >> authSchemes);* >> >> >> >> * Options options = stub._getServiceClient().getOptions();* >> >> * >> options.setProperty(org.apache.axis2.transport.http.HTTPConstants.AUTHENTICATE, >> auth);* >> >> * >> options.setProperty(org.apache.axis2.transport.http.HTTPConstants.CHUNKED, >> Boolean.FALSE);* >> >> * >> options.setProperty(org.apache.axis2.transport.http.HTTPConstants.REUSE_HTTP_CLIENT, >> "true");* >> >> >> >> * stub._getServiceClient().setOptions(options);* >> >> >> >> * GetUserInfo userInfo = GetUserInfo.Factory.newInstance(); // >> GetUserInfo class created by wsdl2java* >> >> * userInfo.setSUserName(userName);* >> >> * userInfo.setSDomain(domain);* >> >> * userInfo.setSApplication(application);* >> >> >> >> * GetUserInfoDocument getUserInfoDocument = >> GetUserInfoDocument.Factory.newInstance();// GetUserInfoDocument class >> created by wsdl2java* >> >> >> >> * getUserInfoDocument.setGetUserInfo(userInfo); * >> >> >> >> * GetUserInfoResponseDocument response = >> stub.getUserInfo(getUserInfoDocument); // getUserInfo method to invoke, >> GetUserInfoResponseDocument class created by wsdl2java* >> >> * String userData = >> response.getGetUserInfoResponse().getGetUserInfoResult().toString();* >> >> >> >> My problems started, first is with HttpTransportPropertiesImpl, it does >> not recognizes Negotiate schema. >> >> I checked the code and when the method getAuthPolicyPref of the >> Authenticator class of the HttpTransportPropertiesImpl is called with >> Negotiate its returns null. >> >> Where is part of the code of >> axis2-1.8.2\modules\transport\http\src\org\apache\axis2\transport\http\impl\httpclient4\HttpTransportPropertiesImpl.java >> >> *@Override* >> >> * public Object getAuthPolicyPref(String scheme) {* >> >> * if (BASIC.equals(scheme)) {* >> >> * return AuthPolicy.BASIC;* >> >> * } else if (NTLM.equals(scheme)) {* >> >> * return AuthPolicy.NTLM;* >> >> * } else if (DIGEST.equals(scheme)) {* >> >> * return AuthPolicy.DIGEST;* >> >> * }* >> >> * return null;* >> >> * }* >> >> There is no Negotiate so it returns null and in the >> AuthenticationStrategyImpl select method it causes one exception bellow, >> because id is null >> >> *for (final String id: authPrefs) {* >> >> * final Header challenge = >> challenges.get(id.toLowerCase(Locale.ROOT));* >> >> >> >> My solution to this was to create a custom >> HttpTransportPropertiesImplCustom that includes Negotiate and Kerberos >> >> This is my custom class. >> >> *public class HttpTransportPropertiesImplCustom extends >> HttpTransportProperties {* >> >> >> >> * protected HttpVersion httpVersion;* >> >> >> >> * @Override* >> >> * public void setHttpVersion(Object httpVerion) {* >> >> * this.httpVersion = (HttpVersion) httpVerion;* >> >> * }* >> >> >> >> * @Override* >> >> * public Object getHttpVersion() {* >> >> * return this.httpVersion;* >> >> * }* >> >> >> >> * public static class Authenticator extends HTTPAuthenticator {* >> >> >> >> * private int port = -1;* >> >> * private String realm = null;* >> >> >> >> * public static final String NTLM = "NTLM";* >> >> * public static final String DIGEST = "Digest";* >> >> * public static final String BASIC = "Basic";* >> >> * public static final String SPNEGO = "Negotiate";* >> >> * public static final String KERBEROS = "Kerberos";* >> >> >> >> * public int getPort() {* >> >> * return port;* >> >> * }* >> >> >> >> * public void setPort(int port) {* >> >> * this.port = port;* >> >> * }* >> >> >> >> * public String getRealm() {* >> >> * return realm;* >> >> * }* >> >> >> >> * public void setRealm(String realm) {* >> >> * this.realm = realm;* >> >> * }* >> >> >> >> * @Override* >> >> * public Object getAuthPolicyPref(String scheme) {* >> >> * if (BASIC.equals(scheme)) {* >> >> * return "Basic";* >> >> * } else if (NTLM.equals(scheme)) {* >> >> * return "NTLM";* >> >> * } else if (DIGEST.equals(scheme)) {* >> >> * return "Digest";* >> >> * }* >> >> * else if (SPNEGO.equals(scheme)) {* >> >> * return "Negotiate";* >> >> * }* >> >> * else if (KERBEROS.equals(scheme)) {* >> >> * return "Kerberos";* >> >> * }* >> >> * return null;* >> >> * }* >> >> * }* >> >> >> >> *}* >> >> >> >> With this now I have a valid schema for Negotiate but still can’t invoke >> my custom class. Debugging I see that the class used when the schema is >> Negotiate is SPNegoScheme of the package org.apache.http.impl.auth. It >> ignores my NegotiateSchemeCustom.class >> >> I also tried to create a custom SPNegoScheme with the code of >> NegotiateSchemeCustom.class but have other problems. >> >> But instead of trying to use this solution why my custom class >> NegotiateSchemeCustom.class isn’t used as the schema for Negotiate? >> >> I’m I missing some new configuration? >> >> >> >> Any help/suggestion is appreciated . >> >> >> >> Best Regards, >> >> Luis Silva >> >> >> >>
