If you are using Tomcat then Tomcatspnego is another alternative: http://tomcatspnego.codeplex.com/Release/ProjectReleases.aspx?ReleaseId= 29695
Tomcatspnego works with NTLMV2, and jcif doesn't. Alberto Acevedo -----Original Message----- From: Daniel Kulp [mailto:[email protected]] Sent: Wednesday, December 02, 2009 10:57 AM To: [email protected] Cc: Pink, Simon (AGCS) Subject: Re: Using CXF with NTLM authentication as well as SSL/HTTPS You would probably need to log a bug with jcifs. That said, I expect they are going to say something along the lines of NTLM with SSL/HTTPS is completely redundant and not worth supporting. With SSL/HTTPS, the channel is already encrypted. Thus, the extra protection offered by NTLM is not needed. The NTLM stuff also extracts a performance hit due to the handshaking required. Thus, I would suggest ntlm (or digest) auth for http and just use basic auth for https. The only other alternative that I'm aware of is the NTLM stuff built into the JDK on Windows. That PROBABLY "just works" (built into the jdk's HttpURLConnection object), but that's obviously windows only. Dan On Tue December 1 2009 11:07:09 am Pink, Simon (AGCS) wrote: > I cannot seem to get jcifs NTLM working with SSL/HTTPS. I get the > following > exception: > > java.lang.NoSuchMethodException<http://java.sun.com/javase/6/docs/api/ > java > /lang/NoSuchMethodException.html>: > jcifs.http.NtlmHttpURLConnection.getSSLSocketFactory() > > In a nutshell, CXF is trying to decorate the > javax.net.ssl.HttpsURLConnection.getSSLSocketFactory method - but NTLM > has replaced the https connection with its own handler: NtlmHttpURLConnection. > The CXF handler doesn't support SSL. Is it actually possible to use > both SSL and NTLM using CXF (or any other JAX-WS implementation)? > > I'm banging my head against a wall at the moment! Any help would be > greatly appreciated. > > Code: > I am using the NTLM > > Authentication<http://cwiki.apache.org/CXF20DOC/client-http-transport- > incl uding-ssl-support.html> example almost verbatim, and then used a > conduit to allow HTTPS: > > //Set the jcifs properties > jcifs.Config.setProperty("jcifs.smb.client.domain", "my.domain.com"); > jcifs.Config.setProperty("jcifs.netbios.wins", "my.wins.server.com"); > jcifs.Config.setProperty("jcifs.smb.client.soTimeout", "300000"); > //5 minutes jcifs.Config.setProperty("jcifs.netbios.cachePolicy", "1200"); > //20 minutes // jcifs.Config.setProperty("jcifs.smb.client.username", > "myNTLogin"); // jcifs.Config.setProperty("jcifs.smb.client.password", > "secret"); > > //Register the jcifs URL handler to enable NTLM > jcifs.Config.registerSmbURLHandler(); > > ClientProxyFactoryBean factory = new ClientProxyFactoryBean(new > JaxWsClientFactoryBean()); > > factory.setServiceClass( ListsSoap.class ); > factory.setAddress( "https://my.service.endpoint.url"; ); > ListsSoap client = (ListsSoap) factory.create(); > Client proxy = ClientProxy.getClient( client ); > > HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); > httpClientPolicy.setConnectionTimeout(36000); > httpClientPolicy.setAllowChunking(false); > > HTTPConduit conduit = (HTTPConduit) proxy.getConduit(); > conduit.setClient(httpClientPolicy); > TLSClientParameters tcp = new TLSClientParameters(); > tcp.setTrustManagers( new TrustManager[]{ new > TrustAllX509TrustManager() } ); conduit.setTlsClientParameters( tcp > ); > > GetListCollectionResult col = client.getListCollection(); > System.out.println(col); > -- Daniel Kulp [email protected] http://www.dankulp.com/blog
