I think I did what you said and I made some progress, it loads the bean fine, but now cxf blows up with little information about why.
My updated cxf configuration and the stacktrace are: <jaxws:client id="gpClient" address="http://myServer/DynamicsGPWebServices/DynamicsGPService.asmx"; serviceClass="com.microsoft.schemas.dynamics.gp._2006._01.DynamicsX0020GPSoap" /> <http-conf:conduit name="*.http-conduit"> <http-conf:authorization> <cxf-sec:UserName>myUsername</cxf-sec:UserName> <cxf-sec:Password>myPassword</cxf-sec:Password> </http-conf:authorization> <http-conf:client AllowChunking="false" ConnectionTimeout="60000"/> </http-conf:conduit> Loading client proxy from context. Loaded client proxy from context. Calling ws method getVendorList(). Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: The application encountered an unhandled system exception. Contact your system administrator for details. at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:146) at $Proxy61.getVendorList(Unknown Source) at wstest.Test.main(Test.java:57) Caused by: org.apache.cxf.binding.soap.SoapFault: The application encountered an unhandled system exception. Contact your system administrator for details. at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:99) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:672) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2254) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2134) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1988) at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66) at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:639) at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:484) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:310) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:262) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124) ... 2 more -----Original Message----- From: Daniel Kulp [mailto:dk...@apache.org] Sent: Thursday, April 08, 2010 9:01 PM To: users@cxf.apache.org Cc: Bruno Melloni; Nate Woody Subject: Re: Service authentication credentials On Thursday 08 April 2010 6:04:35 pm Bruno Melloni wrote: > As you suggested, I am now using Java 6 and CXF 2.2.7. It sounds like > doing NTLM authentication should be trivial. But I can't seem to find the > right documentation for doing this in Spring, or even something that > explains what goes which tag. > > The following snippet is probably close to what I need, but I know it is > still wrong. I highlighted the parts that are obviously wrong. I suspect > that there are more. Can you help me make it right? > > > <http-conf:conduit name="*.http-conduit"> > <http-conf:authorization> > <Authorization>NTLM?</Authorization> > <AuthorizationType>NTLM?</AuthorizationType> I think just don't specify them and let the JVM negotiate them. > <UserName>myUsername</UserName> > <Password>myPassword</Password> > </http-conf:authorization> > <http-conf:client AllowChunking="false" ConnectionTimeout="60000"/> > </http-conf:conduit> One thing to check is the namespace on the UserName and password elements. They should be in the security config namespace of: http://cxf.apache.org/configuration/security Unqualified elements won't work here. Dan > > > Thanks, > > > > Bruno > > > > -----Original Message----- > From: Daniel Kulp [mailto:dk...@apache.org] > Sent: Tuesday, March 16, 2010 10:43 PM > To: users@cxf.apache.org > Cc: Bruno Melloni; Nate Woody > Subject: Re: Service authentication credentials > > > > > > There is a small section on NTLM stuff at the bottom of: > > http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html > > > > The main suggestion is to use Java6 and CXF 2.2.6 (or preferrably 2.2.7 > when I > > build that in the next couple days which fixes a potential bug in this > area). > > With NTLM built into the JDK, it becomes much easier. Just set the > username > > and password like normal basic auth and it pretty much will just work. > > > > Dan > > On Monday 15 March 2010 9:42:54 am Bruno Melloni wrote: > > Ron, I've had no problems writing clients for 'normal' web services > > written > > > > in .NET. > > > > > > > > > > > > > > > > Nate, yes, it is Great Plains, written by Microsoft. It seems to not be > > > > WS-S, but rather NTLM authentication in the headers (captured and > > included > > > > below). I found the following article discussing HTTP client stacks that > > > > can deal with NTLM authentication: > > > > http://oaklandsoftware.com/papers/ntlm.html. I also found the following > > > > the following thread from 2008 on how somebody managed to make it work > > > > with CXF in a programmatic way: > > > > http://old.nabble.com/NTLM-Support--td16447079.html. It mentions a link > > > > to the CXF wiki, but it has since gone dead. In case it is relevant, I > > am > > > > using CXF 2.2.2. > > > > > > > > > > > > > > > > The questions that remain are: > > > > > > > > > > > > > > > > - Has CXF evolved since 2008 so that there is a cleaner way to use > > NTLM > > > > authentication? > > > > > > > > - How to translate the programmatic solution to something that can be > > > > put in the Spring context file, perhaps as properties under the > > > > <jaxws:client> tag? > > > > > > > > > > > > > > > > If the answer to my questions is obvious I apologize for my ignorance. I > > > > am quite comfortable with the Spring-based approach to CXF but I am still > > > > not very familiar with doing CXF without it. > > > > > > > > > > > > > > > > Thanks. > > > > > > > > > > > > > > > > ----- > > > > > > > > HEADERS: > > > > > > > > > > > > > > > > POST http://ddusek1108:88/DynamicsGPWebServices/DynamicsGPService.asmx > > > > HTTP/1.1 > > > > > > > > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client > > > > Protocol 2.0.50727.832) > > > > > > > > VsDebuggerCausalityData: > > > > uIDPo5dDV8l0LwpLmWT/FsojNsYAAAAAHmXIxE8tmEaZBSfNmWFGWEGujufiJq5JoaaQyRTzT > > 2 > > > > gACAAA > > > > > > > > Content-Type: text/xml; charset=utf-8 > > > > > > > > SOAPAction: > > > > "http://schemas.microsoft.com/dynamics/gp/2006/01/GetCustomerList"; > > > > > > > > Authorization: NTLM > > > > TlRMTVNTUAADAAAAGAAYAHwAAAAYABgAlAAAABgAGABIAAAACAAIAGAAAAAUABQAaAAAABAAE > > A > > > > CsAAAANYKI4gUCzg4AAAAPbgBvAHIAdABoAGEAbQBlAHIAaQBjAGEAcAByAG8AdABEAEQAVQB > > TA > > > > EUASwAxADEAMAA4AAKY0Sa9Kp9OAAAAAAAAAAAAAAAAAAAAAKvDCPBVwuwaRtfaI/6mTH6Pms > > +c > > > > gk2JNgmzIC1jRA2cWXofHirtcb0= > > > > > > > > Host: ddusek1108:88 > > > > > > > > Content-Length: 626 > > > > > > > > Expect: 100-continue > > > > > > > > > > > > > > > > <?xml version="1.0" encoding="utf-8"?><soap:Envelope > > > > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"; > > > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > > > > xmlns:xsd="http://www.w3.org/2001/XMLSchema";><soap:Body><GetCustomerList > > > > xmlns="http://schemas.microsoft.com/dynamics/gp/2006/01";><criteria><Name> > > < > > > > Like>%</Like></Name><Scope>Return All</Scope></criteria><Context > > > > xmlns="http://schemas.microsoft.com/dynamics/2006/01";><OrganizationKey > > > > xsi:type="CompanyKey"><Id>-1</Id></OrganizationKey><CultureName>en-US</Cu > > l > > > > tureName><CurrencyType>Transactional</CurrencyType></Context></GetCustome > > rL > > > > ist></soap:Body></soap:Envelope> > > > > > > > > > > > > > > > > ----- > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: Nate Woody [mailto:na...@cac.cornell.edu] > > > > Sent: Thursday, March 11, 2010 8:40 AM > > > > To: users@cxf.apache.org > > > > Subject: RE: Service authentication credentials > > > > > > > > > > > > > > > > I've been forced to write quite a few CXF clients to Microsoft services, > > > > > > > > I think the mailing list is littered with my questions about that. Is > > > > > > > > this a service someone developed using Microsoft tools, or a service > > > > > > > > produced by Microsoft? That's a Great Plains reference? I've often had > > > > > > > > trouble with figuring the security mechanism from a MS wsdl, so I tend > > > > > > > > to go pragmatic and start here: > > > > > > > > > > > > > > > > 1) What does the service reply with when you call it from CXF? If it's > > > > > > > > something as simple as WS-S, you ought to get a complaint about missing > > > > > > > > security headers. > > > > > > > > > > > > > > > > 2) It sounds like you have a functional .NET implementation. Log the > > > > > > > > packets from that implementation and take a look at what's going in. > > > > > > > > > > > > > > > > Best, > > > > > > > > Nate > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > From: Bruno Melloni [mailto:bruno.mell...@chickasaw.net] > > > > > > > > Sent: Thursday, March 11, 2010 9:20 AM > > > > > > > > To: 'users@cxf.apache.org' > > > > > > > > Subject: Service authentication credentials > > > > > > > > > > > > > > > > I am trying to access a Microsoft-developed service that requires > > > > > > > > authentication. Being Microsoft, they do not document anything at the > > > > > > > > web service level since they want you to use Visual Studio which creates > > > > > > > > a .NET proxy that is capable of using NTLM to supply the > > > > > > > > username/password to the underlying web service. I *think* that they > > > > > > > > are following web services standards for the underlying web service. > > > > > > > > > > > > > > > > Of course, I am trying to use a CXF client to access the underlying web > > > > > > > > service from Java. I used wsdl2java to generate the java classes, but I > > > > > > > > see no credentials-related information (which you do see in the .NET > > > > > > > > proxy). That makes me suspect that they must be in the stored in the > > > > > > > > SOAP headers and that in CXF we access them in a different way. > > > > > > > > > > > > > > > > I could use any clues on how to: > > > > > > > > > > > > > > > > a) Figure out how authentication is being done for this web service. > > > > > > > > > > > > > > > > b) Figure out how to provide the credentials to the web service when > > > > > > > > called. I am using the Spring approach to get the CXF client proxy and > > > > my current configuration looks like: > > <jaxws:client id="gpClient" > > > > address="http://myServer.myDomain/DynamicsGPWebServices/DynamicsGPServic > > > > > > > > e.asmx" > > > > > > > > > > > > > > > > serviceClass="com.microsoft.schemas.dynamics.gp._2006._01.DynamicsX0020G > > > > > > > > PSoap" /> > > > > > > > > > > > > > > > > Needless to say, my experience with CXF is not too deep (created and > > > > > > > > called a few services via the Spring method - the simplest), and my > > > > > > > > knowledge of web services authentication is zero. Unfortunately CXF's > > > > > > > > documentation isn't very helpful for someone at my stage of learning > > > > > > > > CXF. I'll appreciate any help I can get. > > > > > > > > > > > > > > > > I tried to attach a copy of the WSDL for the service that I'm trying to > > > > > > > > access, but it exceeds the size limits for this mailing list. > > -- > > Daniel Kulp > > dk...@apache.org > > http://dankulp.com/blog -- Daniel Kulp dk...@apache.org http://dankulp.com/blog
