Re: Calling NTLM protected service from camel cxf component

Thu, 02 Apr 2015 00:04:12 -0700 

Hello Joe,

1. Make sure that tomcat runs under non-domain user.
In case of domain users, you probably access your ntlm-protected service using 
tomcat's user
(you could verify it easily by means of wireshark) due to credentials caching 
inside jre.

2. Remote sec:Authorization from your conduit configuration.

<http:authorization>
  <sec:UserName>DomainName\${tod.user.username}</sec:UserName>
  <sec:Password>${user.password}</sec:Password>
  <!-- AuthorizationType in case of ntlm and sync. http transport is optional 
as all
       the authentication/authorization magic is done by jre -->
  <sec:AuthorizationType>NTLM</sec:AuthorizationType>
</http:authorization>

3. In case of sync. http transport and tomcat running under domain user use 
dirty hacks like this one

NTLMAuthenticationCallback.setNTLMAuthenticationCallback(
    new NTLMAuthenticationCallback () {
        @Override
        public boolean isTrustedSite(URL url) {
            return false;
        }
    }
);

You should execute this code before cxf initializes

4. Use async. cxf http transport 
(http://cxf.apache.org/docs/asynchronous-client-http-transport.html) that uses
apache http components library which performs ntlm authentication by itself and 
fits your use case much better.


> Hi Surgey

> Thanks for the response. 

> I am running on a tomcat instance on a linux server. The user  is a windows
> user which is setup on our Windows Domain controller. 

> I did try updating the <http:authorization> (within the <http:conduit>)
> element to include an AuthorizationType:

>         <http:authorization>
>            
> <sec:UserName>DomainName\${tod.user.username}</sec:UserName>
>             <sec:Password>${user.password}</sec:Password>
>            
> *<sec:AuthorizationType>Negotiate</sec:AuthorizationType> *         
>             <sec:Authorization>NTLM</sec:Authorization>
>         </http:authorization>

> I am now getting the following exception: *java.lang.RuntimeException: No
> LoginModules configured for NTLM*. I am confused by this as I am only the
> client calling the NTLM protected service

> Thanks
> Joe



> --
> View this message in context:
> http://camel.465427.n5.nabble.com/Calling-NTLM-protected-service-from-camel-cxf-component-tp5765161p5765179.html
> Sent from the Camel - Users mailing list archive at Nabble.com.



-- 
Best regards,
 Sergey                            mailto:[email protected]

Reply via email to