Ignore this error. The configuration below seems to work fine for NTLM authentication.
I found out that the call was succeeding, but that I was passing a value that the server didn't like, and the Microsoft GP Web Services server is not very graceful about notifying the client of 'what went wrong'. I changed the value and no more exception. I still have some issues, but at this point they don't look related to CXF. Thank you very much Daniel. Not even Microsoft support (the authors of the service) could figure out how to do this, but you did. bruno -----Original Message----- From: Bruno Melloni Sent: Monday, April 12, 2010 8:52 AM To: 'Daniel Kulp'; users@cxf.apache.org Cc: Nate Woody Subject: RE: Service authentication credentials I think I did what you said and I made some progress, it loads the bean fine, but now cxf blows up with little information about why. My updated cxf configuration and the stacktrace are: <jaxws:client id="gpClient" address="http://myServer/DynamicsGPWebServices/DynamicsGPService.asmx"; serviceClass="com.microsoft.schemas.dynamics.gp._2006._01.DynamicsX0020GPSoap" /> <http-conf:conduit name="*.http-conduit"> <http-conf:authorization> <cxf-sec:UserName>myUsername</cxf-sec:UserName> <cxf-sec:Password>myPassword</cxf-sec:Password> </http-conf:authorization> <http-conf:client AllowChunking="false" ConnectionTimeout="60000"/> </http-conf:conduit> Loading client proxy from context. Loaded client proxy from context. Calling ws method getVendorList(). Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: The application encountered an unhandled system exception. Contact your system administrator for details. at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:146) at $Proxy61.getVendorList(Unknown Source) at wstest.Test.main(Test.java:57) Caused by: org.apache.cxf.binding.soap.SoapFault: The application encountered an unhandled system exception. Contact your system administrator for details. at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:99) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:672) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2254) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2134) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1988) at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66) at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:639) at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:484) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:310) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:262) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124) ... 2 more -----Original Message----- From: Daniel Kulp [mailto:dk...@apache.org] Sent: Thursday, April 08, 2010 9:01 PM To: users@cxf.apache.org Cc: Bruno Melloni; Nate Woody Subject: Re: Service authentication credentials On Thursday 08 April 2010 6:04:35 pm Bruno Melloni wrote: > As you suggested, I am now using Java 6 and CXF 2.2.7. It sounds like > doing NTLM authentication should be trivial. But I can't seem to find the > right documentation for doing this in Spring, or even something that > explains what goes which tag. > > The following snippet is probably close to what I need, but I know it is > still wrong. I highlighted the parts that are obviously wrong. I suspect > that there are more. Can you help me make it right? > > > <http-conf:conduit name="*.http-conduit"> > <http-conf:authorization> > <Authorization>NTLM?</Authorization> > <AuthorizationType>NTLM?</AuthorizationType> I think just don't specify them and let the JVM negotiate them. > <UserName>myUsername</UserName> > <Password>myPassword</Password> > </http-conf:authorization> > <http-conf:client AllowChunking="false" ConnectionTimeout="60000"/> > </http-conf:conduit> One thing to check is the namespace on the UserName and password elements. They should be in the security config namespace of: http://cxf.apache.org/configuration/security Unqualified elements won't work here. Dan > > > Thanks, > > > > Bruno > > > > -----Original Message----- > From: Daniel Kulp [mailto:dk...@apache.org] > Sent: Tuesday, March 16, 2010 10:43 PM > To: users@cxf.apache.org > Cc: Bruno Melloni; Nate Woody > Subject: Re: Service authentication credentials > > > > > > There is a small section on NTLM stuff at the bottom of: > > http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html > > > > The main suggestion is to use Java6 and CXF 2.2.6 (or preferrably 2.2.7 > when I > > build that in the next couple days which fixes a potential bug in this > area). > > With NTLM built into the JDK, it becomes much easier. Just set the > username > > and password like normal basic auth and it pretty much will just work. > > > > Dan > > On Monday 15 March 2010 9:42:54 am Bruno Melloni wrote: > > Ron, I've had no problems writing clients for 'normal' web services > > written > > > > in .NET. > > > > > > > > > > > > > > > > Nate, yes, it is Great Plains, written by Microsoft. It seems to not be > > > > WS-S, but rather NTLM authentication in the headers (captured and > > included > > > > below). I found the following article discussing HTTP client stacks that > > > > can deal with NTLM authentication: > > > > http://oaklandsoftware.com/papers/ntlm.html. I also found the following > > > > the following thread from 2008 on how somebody managed to make it work > > > > with CXF in a programmatic way: > > > > http://old.nabble.com/NTLM-Support--td16447079.html. It mentions a link > > > > to the CXF wiki, but it has since gone dead. In case it is relevant, I > > am > > > > using CXF 2.2.2. > > > > > > > > > > > > > > > > The questions that remain are: > > > > > > > > > > > > > > > > - Has CXF evolved since 2008 so that there is a cleaner way to use > > NTLM > > > > authentication? > > > > > > > > - How to translate the programmatic solution to something that can be > > > > put in the Spring context file, perhaps as properties under the > > > > <jaxws:client> tag? > > > > > > > > > > > > > > > > If the answer to my questions is obvious I apologize for my ignorance. I > > > > am quite comfortable with the Spring-based approach to CXF but I am still > > > > not very familiar with doing CXF without it. > > > > > > > > > > > > > > > > Thanks. > > > > > > > > > > > > > > > > ----- > > > > > > > > HEADERS: > > > > > > > > > > > > > > > > POST http://ddusek1108:88/DynamicsGPWebServices/DynamicsGPService.asmx > > > > HTTP/1.1 > > > > > > > > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client > > > > Protocol 2.0.50727.832) > > > > > > > > VsDebuggerCausalityData: > > > > uIDPo5dDV8l0LwpLmWT/FsojNsYAAAAAHmXIxE8tmEaZBSfNmWFGWEGujufiJq5JoaaQyRTzT > > 2 > > > > gACAAA > > > > > > > > Content-Type: text/xml; charset=utf-8 > > > > > > > > SOAPAction: > > > > "http://schemas.microsoft.com/dynamics/gp/2006/01/GetCustomerList"; > > > > > > > > Authorization: NTLM > > > > TlRMTVNTUAADAAAAGAAYAHwAAAAYABgAlAAAABgAGABIAAAACAAIAGAAAAAUABQAaAAAABAAE > > A > > > > CsAAAANYKI4gUCzg4AAAAPbgBvAHIAdABoAGEAbQBlAHIAaQBjAGEAcAByAG8AdABEAEQAVQB > > TA > > > > EUASwAxADEAMAA4AAKY0Sa9Kp9OAAAAAAAAAAAAAAAAAAAAAKvDCPBVwuwaRtfaI/6mTH6Pms > > +c > > > > gk2JNgmzIC1jRA2cWXofHirtcb0= > > > > > > > > Host: ddusek1108:88 > > > > > > > > Content-Length: 626 > > > > > > > > Expect: 100-continue > > > > > > > > > > > > > > > > <?xml version="1.0" encoding="utf-8"?><soap:Envelope > > > > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"; > > > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > > > > xmlns:xsd="http://www.w3.org/2001/XMLSchema";><soap:Body><GetCustomerList > > > > xmlns="http://schemas.microsoft.com/dynamics/gp/2006/01";><criteria><Name> > > < > > > > Like>%</Like></Name><Scope>Return All</Scope></criteria><Context > > > > xmlns="http://schemas.microsoft.com/dynamics/2006/01";><OrganizationKey > > > > xsi:type="CompanyKey"><Id>-1</Id></OrganizationKey><CultureName>en-US</Cu > > l > > > > tureName><CurrencyType>Transactional</CurrencyType></Context></GetCustome > > rL > > > > ist></soap:Body></soap:Envelope> > > > > > > > > > > > > > > > > ----- > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: Nate Woody [mailto:na...@cac.cornell.edu] > > > > Sent: Thursday, March 11, 2010 8:40 AM > > > > To: users@cxf.apache.org > > > > Subject: RE: Service authentication credentials > > > > > > > > > > > > > > > > I've been forced to write quite a few CXF clients to Microsoft services, > > > > > > > > I think the mailing list is littered with my questions about that. Is > > > > > > > > this a service someone developed using Microsoft tools, or a service > > > > > > > > produced by Microsoft? That's a Great Plains reference? I've often had > > > > > > > > trouble with figuring the security mechanism from a MS wsdl, so I tend > > > > > > > > to go pragmatic and start here: > > > > > > > > > > > > > > > > 1) What does the service reply with when you call it from CXF? If it's > > > > > > > > something as simple as WS-S, you ought to get a complaint about missing > > > > > > > > security headers. > > > > > > > > > > > > > > > > 2) It sounds like you have a functional .NET implementation. Log the > > > > > > > > packets from that implementation and take a look at what's going in. > > > > > > > > > > > > > > > > Best, > > > > > > > > Nate > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > From: Bruno Melloni [mailto:bruno.mell...@chickasaw.net] > > > > > > > > Sent: Thursday, March 11, 2010 9:20 AM > > > > > > > > To: 'users@cxf.apache.org' > > > > > > > > Subject: Service authentication credentials > > > > > > > > > > > > > > > > I am trying to access a Microsoft-developed service that requires > > > > > > > > authentication. Being Microsoft, they do not document anything at the > > > > > > > > web service level since they want you to use Visual Studio which creates > > > > > > > > a .NET proxy that is capable of using NTLM to supply the > > > > > > > > username/password to the underlying web service. I *think* that they > > > > > > > > are following web services standards for the underlying web service. > > > > > > > > > > > > > > > > Of course, I am trying to use a CXF client to access the underlying web > > > > > > > > service from Java. I used wsdl2java to generate the java classes, but I > > > > > > > > see no credentials-related information (which you do see in the .NET > > > > > > > > proxy). That makes me suspect that they must be in the stored in the > > > > > > > > SOAP headers and that in CXF we access them in a different way. > > > > > > > > > > > > > > > > I could use any clues on how to: > > > > > > > > > > > > > > > > a) Figure out how authentication is being done for this web service. > > > > > > > > > > > > > > > > b) Figure out how to provide the credentials to the web service when > > > > > > > > called. I am using the Spring approach to get the CXF client proxy and > > > > my current configuration looks like: > > <jaxws:client id="gpClient" > > > > address="http://myServer.myDomain/DynamicsGPWebServices/DynamicsGPServic > > > > > > > > e.asmx" > > > > > > > > > > > > > > > > serviceClass="com.microsoft.schemas.dynamics.gp._2006._01.DynamicsX0020G > > > > > > > > PSoap" /> > > > > > > > > > > > > > > > > Needless to say, my experience with CXF is not too deep (created and > > > > > > > > called a few services via the Spring method - the simplest), and my > > > > > > > > knowledge of web services authentication is zero. Unfortunately CXF's > > > > > > > > documentation isn't very helpful for someone at my stage of learning > > > > > > > > CXF. I'll appreciate any help I can get. > > > > > > > > > > > > > > > > I tried to attach a copy of the WSDL for the service that I'm trying to > > > > > > > > access, but it exceeds the size limits for this mailing list. > > -- > > Daniel Kulp > > dk...@apache.org > > http://dankulp.com/blog -- Daniel Kulp dk...@apache.org http://dankulp.com/blog
