To further clarify, see the example using CACHED_HTTP_CLIENT below; however
that example is going to change slightly soon for httpclient 5.x.

https://axis.apache.org/axis2/java/core/docs/http-transport.html

On Fri, Feb 16, 2024 at 2:57 PM robertlazarski <robertlazar...@gmail.com>
wrote:

> I looked more into this and I found AXIS2-4318 from 2012 which states the
> reason for dropping the support of those features below.
>
> Keep in mind that Axis2 1.6.x was the era of commons-httpclient 3.x. While
> 4.x is currently in our trunk, these next several days I will be upgrading
> to 5.x so anything we do here needs to work with the latest Apache
> httpclient release.
>
> https://issues.apache.org/jira/browse/AXIS2-4318
>
> 3) drop authenticator preemptive authentication support
>
> Preemptive authentication is considered unsecure and is strongly
> discouraged. Moreover the code found in examples:
> http://hc.apache.org/httpcomponents-client/examples.html is no longer
> officially supported. Which means that we should drop preemptive
> authentication support from the trunk; alternatively we can allow a number
> of pluggable mechanisms to allow users to enable preemptive auth. The user
> would have to provide HttpRequestInterceptor and HttpResponseInterceptor
> implementations as well as a means to properties to configure a
> BasicHttpContext for use with the HttpClient. As a workaround/alternative
> the user could fully initialize it's own AbstractHttpClient instance and
> pass it through the existing CACHED_HTTP_CLIENT option.
>
> On Wed, Feb 7, 2024 at 5:48 AM Luis Silva
> <luis.gc.si...@redshift.pt.invalid> wrote:
>
>> Hi Robert,
>>
>>
>>
>> All help is welcome. If necessary, I’m available to help with testing.
>>
>>
>>
>> Best Regard’s,
>>
>> Luis Silva
>>
>>
>>
>>
>>
>> *From:* robertlazarski <robertlazar...@gmail.com>
>> *Sent:* Wednesday, 7 February 2024 15:29
>> *To:* java-user@axis.apache.org
>> *Subject:* Re: [Axis2] - Problem with authentication Negotiate
>>
>>
>>
>> It might take me a few days to look at this but I can probably help.
>>
>>
>>
>>
>>
>> I'm about to make commits that upgrade Axis2 from httpclient 4.x to 5.x
>> for the next release and this feature will need to be fixed for that too.
>>
>>
>>
>> On Wed, Feb 7, 2024 at 4:32 AM Luis Silva <
>> luis.gc.si...@redshift.pt.invalid> wrote:
>>
>> Hi,
>>
>>
>>
>> I’m having a problem upgrading one application that uses axis2 version
>> 1.6.0 to the 1.8.2 version.
>>
>> The situation is that I’m trying to connect to one IIS webservice from a
>> linux server, and the IIS use in the authentication Negotiate. In version
>> 1.6.0 its working using a custom class to handle the request.
>>
>> I try to upgrade the client part to use axis2 1.8.2 but there are changes
>> on axis in HttpTransportProperties class that now doesn’t have
>> Authenticator. I’m trying to use the HttpTransportPropertiesImpl class but
>> it’s not working.
>>
>> Using HttpTransportPropertiesImpl I can’t use the custom class that
>> handles the Negotiate authentication. I’m going to expose the situation
>> using the code.
>>
>>
>>
>> This is the code using axis2 1.6.0, and using wsdl2java to create the
>> stub
>>
>>
>>
>> *ProfilesStub stub = new ProfilesStub(wsURL);  // Stub created by
>> wsdl2java*
>>
>> *System.setProperty("java.security.auth.login.config",
>> kbr5LoginConfigFile); *
>>
>> *System.setProperty("java.security.krb5.conf", kbr5ConfigFile);*
>>
>> *System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");*
>>
>>
>>
>> *System.setProperty("sun.security.krb5.debug", "true");*
>>
>> *System.setProperty("sun.security.jgss.debug", "true");*
>>
>> *System.setProperty("java.security.debug",
>> "logincontext,policy,scl,gssloginconfig");*
>>
>>
>>
>> *AuthPolicy.unregisterAuthScheme("BASIC");*
>>
>> *AuthPolicy.unregisterAuthScheme("DIGEST");*
>>
>> *AuthPolicy.unregisterAuthScheme("NTLM");*
>>
>>
>>
>> *ArrayList authSchemes = new ArrayList();*
>>
>> *if ( AuthSchemeId.equals("Negotiate") )  // **ß** I’m using
>> AuthSchemeId=Negotiate*
>>
>> *{*
>>
>> *      AuthPolicy.registerAuthScheme("Negotiate",
>> NegotiateSchemeCustom.class);   //**ß** the custom class that handles
>> the Negotiate authentication*
>>
>> *       authSchemes.add("Negotiate");*
>>
>> *}*
>>
>> *else*
>>
>> *{*
>>
>> * if ( AuthSchemeId.equals("Kerberos") )*
>>
>> *  {*
>>
>> *        AuthPolicy.registerAuthScheme("Kerberos",
>> KerberosSchemeCustom.class);*
>>
>> *        authSchemes.add("Kerberos");            }*
>>
>> *        else*
>>
>> *           throw new Exception("Invalid authentication scheme '" +
>> (AuthSchemeId == null ? "(null)" : AuthSchemeId) + "'");*
>>
>> * }*
>>
>>
>>
>> *       HttpTransportProperties.Authenticator auth = new
>> HttpTransportProperties.Authenticator();*
>>
>> *        auth.setDomain(userDomain);*
>>
>> *        auth.setHost((new URL(wsURL)).getHost());*
>>
>> *        java.util.Properties properties = new java.util.Properties();*
>>
>> *        // absolute from the classpath*
>>
>> *        String configFileName = "wsURL.config";*
>>
>> *        try*
>>
>> *        {*
>>
>> *            properties.load(new
>> java.io.FileInputStream(configFileName));*
>>
>> *        }*
>>
>> *        catch ( Exception exception )*
>>
>> *        {*
>>
>> *            System.out.println("ERROR oppening file " + configFileName +
>> "--");*
>>
>> *            System.out.println("EX:" + exception.getMessage() +"--");*
>>
>> *        }*
>>
>> *        String username = properties.getProperty("username");*
>>
>> *        String password = properties.getProperty("password");*
>>
>>
>>
>> *        auth.setUsername(username);*
>>
>> *        auth.setPassword(password);*
>>
>>
>>
>> *        auth.setAuthSchemes(authSchemes);*
>>
>>
>>
>> *        HttpParams params = DefaultHttpParams.getDefaultParams();*
>>
>> *        params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY,
>> authSchemes);*
>>
>>
>>
>> *        Options options = stub._getServiceClient().getOptions();*
>>
>> *
>> options.setProperty(org.apache.axis2.transport.http.HTTPConstants.AUTHENTICATE,
>> auth);*
>>
>> *
>> options.setProperty(org.apache.axis2.transport.http.HTTPConstants.CHUNKED,
>> Boolean.FALSE);*
>>
>> *
>> options.setProperty(org.apache.axis2.transport.http.HTTPConstants.REUSE_HTTP_CLIENT,
>> "true");*
>>
>>
>>
>> *        stub._getServiceClient().setOptions(options);*
>>
>>
>>
>> *       GetUserInfo userInfo = GetUserInfo.Factory.newInstance(); //
>> GetUserInfo class created by wsdl2java*
>>
>> *        userInfo.setSUserName(userName);*
>>
>> *        userInfo.setSDomain(domain);*
>>
>> *        userInfo.setSApplication(application);*
>>
>>
>>
>> *        GetUserInfoDocument getUserInfoDocument =
>> GetUserInfoDocument.Factory.newInstance();// GetUserInfoDocument class
>> created by wsdl2java*
>>
>>
>>
>> *       getUserInfoDocument.setGetUserInfo(userInfo); *
>>
>>
>>
>> *        GetUserInfoResponseDocument response =
>> stub.getUserInfo(getUserInfoDocument); // getUserInfo method to invoke,
>> GetUserInfoResponseDocument class created by wsdl2java*
>>
>> *        String userData =
>> response.getGetUserInfoResponse().getGetUserInfoResult().toString();*
>>
>>
>>
>> And using trace on the NegotiateSchemeCustom.class I confirm that this
>> class is used
>>
>> In the class
>>
>> *public NegotiateSchemeCustom () {*
>>
>> *        super();*
>>
>> *        state = UNINITIATED;*
>>
>> *        System.out.println("Created NegotiateSchemeCustom()");*
>>
>> *    }*
>>
>>
>>
>> The output
>>
>> Jan 31, 2024 5:09:09 PM
>> org.apache.commons.httpclient.auth.AuthChallengeProcessor selectAuthScheme
>>
>> INFO: negotiate authentication scheme selected
>>
>> Created NegotiateSchemeCustom()
>>
>>
>>
>> And the invocation is successful.
>>
>>
>>
>> But when I try using 1.8.2 version
>>
>>
>>
>> *ProfilesStub stub = new ProfilesStub(wsURL);  // Stub created by
>> wsdl2java version 1.8.2*
>>
>> *System.setProperty("java.security.auth.login.config",
>> kbr5LoginConfigFile); *
>>
>> *System.setProperty("java.security.krb5.conf", kbr5ConfigFile);*
>>
>> *System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");*
>>
>>
>>
>> *System.setProperty("sun.security.krb5.debug", "true");*
>>
>> *System.setProperty("sun.security.jgss.debug", "true");*
>>
>> *System.setProperty("java.security.debug",
>> "logincontext,policy,scl,gssloginconfig");*
>>
>>
>>
>> *AuthPolicy.unregisterAuthScheme("BASIC");*
>>
>> *AuthPolicy.unregisterAuthScheme("DIGEST");*
>>
>> *AuthPolicy.unregisterAuthScheme("NTLM");*
>>
>>
>>
>> *ArrayList authSchemes = new ArrayList();*
>>
>> *if ( AuthSchemeId.equals("Negotiate") )  // **ß** I’m using
>> AuthSchemeId=Negotiate*
>>
>> *{*
>>
>> *      AuthPolicy.registerAuthScheme("Negotiate",
>> NegotiateSchemeCustom.class);   //**ß** the custom class that handles
>> the Negotiate authentication, same as the 1.6.0*
>>
>> *       authSchemes.add("Negotiate");*
>>
>> *}*
>>
>> *else*
>>
>> *{*
>>
>> * if ( AuthSchemeId.equals("Kerberos") )*
>>
>> *  {*
>>
>> *        AuthPolicy.registerAuthScheme("Kerberos",
>> KerberosSchemeCustom.class);*
>>
>> *        authSchemes.add("Kerberos");            }*
>>
>> *        else*
>>
>> *           throw new Exception("Invalid authentication scheme '" +
>> (AuthSchemeId == null ? "(null)" : AuthSchemeId) + "'");*
>>
>> * }*
>>
>>
>>
>> *       HttpTransportPropertiesImpl.Authenticator auth = new
>> HttpTransportPropertiesImpl.Authenticator(); // **ß** Using
>> HttpTransportPropertiesImpl that has Authenticator*
>>
>> *        auth.setDomain(userDomain);*
>>
>> *        auth.setHost((new URL(wsURL)).getHost());*
>>
>> *        java.util.Properties properties = new java.util.Properties();*
>>
>> *        // absolute from the classpath*
>>
>> *        String configFileName = "wsURL.config";*
>>
>> *        try*
>>
>> *        {*
>>
>> *            properties.load(new
>> java.io.FileInputStream(configFileName));*
>>
>> *        }*
>>
>> *        catch ( Exception exception )*
>>
>> *        {*
>>
>> *            System.out.println("ERROR oppening file " + configFileName +
>> "--");*
>>
>> *            System.out.println("EX:" + exception.getMessage() +"--");*
>>
>> *        }*
>>
>> *        String username = properties.getProperty("username");*
>>
>> *        String password = properties.getProperty("password");*
>>
>>
>>
>> *        auth.setUsername(username);*
>>
>> *        auth.setPassword(password);*
>>
>>
>>
>> *        auth.setAuthSchemes(authSchemes);*
>>
>>
>>
>> *        HttpParams params = DefaultHttpParams.getDefaultParams();*
>>
>> *        params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY,
>> authSchemes);*
>>
>>
>>
>> *        Options options = stub._getServiceClient().getOptions();*
>>
>> *
>> options.setProperty(org.apache.axis2.transport.http.HTTPConstants.AUTHENTICATE,
>> auth);*
>>
>> *
>> options.setProperty(org.apache.axis2.transport.http.HTTPConstants.CHUNKED,
>> Boolean.FALSE);*
>>
>> *
>> options.setProperty(org.apache.axis2.transport.http.HTTPConstants.REUSE_HTTP_CLIENT,
>> "true");*
>>
>>
>>
>> *        stub._getServiceClient().setOptions(options);*
>>
>>
>>
>> *       GetUserInfo userInfo = GetUserInfo.Factory.newInstance(); //
>> GetUserInfo class created by wsdl2java*
>>
>> *        userInfo.setSUserName(userName);*
>>
>> *        userInfo.setSDomain(domain);*
>>
>> *        userInfo.setSApplication(application);*
>>
>>
>>
>> *        GetUserInfoDocument getUserInfoDocument =
>> GetUserInfoDocument.Factory.newInstance();// GetUserInfoDocument class
>> created by wsdl2java*
>>
>>
>>
>> *       getUserInfoDocument.setGetUserInfo(userInfo); *
>>
>>
>>
>> *        GetUserInfoResponseDocument response =
>> stub.getUserInfo(getUserInfoDocument); // getUserInfo method to invoke,
>> GetUserInfoResponseDocument class created by wsdl2java*
>>
>> *        String userData =
>> response.getGetUserInfoResponse().getGetUserInfoResult().toString();*
>>
>>
>>
>> My problems started, first is with HttpTransportPropertiesImpl, it does
>> not recognizes Negotiate schema.
>>
>> I checked the code and when the method getAuthPolicyPref of the
>> Authenticator class of the HttpTransportPropertiesImpl is called with
>> Negotiate its returns null.
>>
>> Where is part of the code of
>> axis2-1.8.2\modules\transport\http\src\org\apache\axis2\transport\http\impl\httpclient4\HttpTransportPropertiesImpl.java
>>
>> *@Override*
>>
>> *        public Object getAuthPolicyPref(String scheme) {*
>>
>> *            if (BASIC.equals(scheme)) {*
>>
>> *                return AuthPolicy.BASIC;*
>>
>> *            } else if (NTLM.equals(scheme)) {*
>>
>> *                return AuthPolicy.NTLM;*
>>
>> *            } else if (DIGEST.equals(scheme)) {*
>>
>> *                return AuthPolicy.DIGEST;*
>>
>> *            }*
>>
>> *            return null;*
>>
>> *        }*
>>
>> There is no Negotiate so it returns null and in the
>> AuthenticationStrategyImpl select method it causes one exception bellow,
>> because id is null
>>
>> *for (final String id: authPrefs) {*
>>
>> *            final Header challenge =
>> challenges.get(id.toLowerCase(Locale.ROOT));*
>>
>>
>>
>> My solution to this was to create a custom
>> HttpTransportPropertiesImplCustom that includes Negotiate and Kerberos
>>
>> This is my custom class.
>>
>> *public class HttpTransportPropertiesImplCustom extends
>> HttpTransportProperties {*
>>
>>
>>
>> *    protected HttpVersion httpVersion;*
>>
>>
>>
>> *    @Override*
>>
>> *    public void setHttpVersion(Object httpVerion) {*
>>
>> *        this.httpVersion = (HttpVersion) httpVerion;*
>>
>> *    }*
>>
>>
>>
>> *    @Override*
>>
>> *    public Object getHttpVersion() {*
>>
>> *        return this.httpVersion;*
>>
>> *    }*
>>
>>
>>
>> *    public static class Authenticator extends HTTPAuthenticator {*
>>
>>
>>
>> *        private int port = -1;*
>>
>> *        private String realm = null;*
>>
>>
>>
>> *        public static final String NTLM = "NTLM";*
>>
>> *        public static final String DIGEST = "Digest";*
>>
>> *        public static final String BASIC = "Basic";*
>>
>> *        public static final String SPNEGO = "Negotiate";*
>>
>> *        public static final String KERBEROS = "Kerberos";*
>>
>>
>>
>> *        public int getPort() {*
>>
>> *            return port;*
>>
>> *        }*
>>
>>
>>
>> *        public void setPort(int port) {*
>>
>> *            this.port = port;*
>>
>> *        }*
>>
>>
>>
>> *        public String getRealm() {*
>>
>> *            return realm;*
>>
>> *        }*
>>
>>
>>
>> *        public void setRealm(String realm) {*
>>
>> *            this.realm = realm;*
>>
>> *        }*
>>
>>
>>
>> *        @Override*
>>
>> *        public Object getAuthPolicyPref(String scheme) {*
>>
>> *            if (BASIC.equals(scheme)) {*
>>
>> *                return "Basic";*
>>
>> *            } else if (NTLM.equals(scheme)) {*
>>
>> *                return "NTLM";*
>>
>> *            } else if (DIGEST.equals(scheme)) {*
>>
>> *                return "Digest";*
>>
>> *            }*
>>
>> *            else if (SPNEGO.equals(scheme)) {*
>>
>> *                return "Negotiate";*
>>
>> *            }*
>>
>> *            else if (KERBEROS.equals(scheme)) {*
>>
>> *                return "Kerberos";*
>>
>> *            }*
>>
>> *            return null;*
>>
>> *        }*
>>
>> *    }*
>>
>>
>>
>> *}*
>>
>>
>>
>> With this now I have a valid schema for Negotiate but still can’t invoke
>> my custom class. Debugging I see that the class used when the schema is
>> Negotiate is SPNegoScheme of the package org.apache.http.impl.auth. It
>> ignores my NegotiateSchemeCustom.class
>>
>> I also tried to create a custom SPNegoScheme with the code of
>> NegotiateSchemeCustom.class but have other problems.
>>
>> But instead of trying to use this solution why my custom class
>>  NegotiateSchemeCustom.class isn’t used as the schema for Negotiate?
>>
>> I’m I missing some new configuration?
>>
>>
>>
>> Any help/suggestion is appreciated .
>>
>>
>>
>> Best Regards,
>>
>> Luis Silva
>>
>>
>>
>>

Reply via email to