It seems that if username is set cxf tries to use basic authentication, at
least there is the following code in the
org.apache.cxf.transport.http.HttpConduit which set HTTP headers for basic
authentication if the username for the proxy is configured.
private void setHeadersByAuthorizationPolicy(
Message message,
URL url,
Map<String, List<String>> headers
) {
AuthorizationPolicy authPolicy = getAuthorization();
...
AuthorizationPolicy proxyAuthPolicy = getProxyAuthorization();
if (proxyAuthPolicy != null && proxyAuthPolicy.isSetUserName()) {
userName = proxyAuthPolicy.getUserName();
if (userName != null) {
passwd = "";
if (proxyAuthPolicy.isSetPassword()) {
passwd = proxyAuthPolicy.getPassword();
}
setProxyBasicAuthHeader(userName, passwd, headers);
} else if (proxyAuthPolicy.isSetAuthorizationType()
&& proxyAuthPolicy.isSetAuthorization()) {
String type = proxyAuthPolicy.getAuthorizationType();
type += " ";
type += proxyAuthPolicy.getAuthorization();
headers.put("Proxy-Authorization",
createMutableList(type));
}
}
Here is output from the logging output interceptor:
Content-Type: application/x-www-form-urlencoded
Headers: {accept-encoding=[gzip,deflate],
org.apache.cxf.request.uri=[/cxf/sms/message/segment/26292604/state],
Host=[linuxHost:8443], CamelCxfRsQueryMap=[{user=XXX, pass=XXX,
action=status}], User-Agent=[Jakarta Commons-HttpClient/3.1],
Accept=[application/xml], org.apache.cxf.message.Message.ENCODING=[ISO-8859-1],
Content-Type=[*/*], Proxy-Authorization=[Basic bGRhcHNlYXJjaDpsZGFwc2VhcmNo],
Connection=[Keep-Alive]}
The interesting thing is Proxy-Authorization=[Basic
bGRhcHNlYXJjaDpsZGFwc2VhcmNo].
So now I'm quite confused why I was able to run cxf successfully on the windows
host.
On windows and linux hosts headers are exactly the same, but the interesting
thing is that on the windows host
org.apache.cxf.transport.http.CXFAuthenticator is not called at all, at the
same time on the linux host it is called to get user name and password for the
proxy.
Best Regards,
Sergey Zhemzhitsky
-----Original Message-----
From: Sergey Beryozkin [mailto:[email protected]]
Sent: Tuesday, May 31, 2011 3:00 PM
To: [email protected]
Subject: Re: Linux box and NTLM proxy authorization
Hi
2011/5/31 Zhemzhitsky Sergey <[email protected]>:
> Hi there,
>
> I need to call an external RESTful service by means of cxf from my local area
> network. The request have to go through the NTLM proxy.
> On my windows machine everything works as expected and I have the external
> service called. At the same time on the linux machine I've got HTTP response
> code 407 every time.
>
I'm wondering, is it something to do with the fact that the server recognizes
that the request comes in from Windows ?
Perhaps some extra HTTP header is included by default on Win, given that CXF
uses HttpURLConnection...
Can you please capture the headers which CXF sends on Windows and Linux, using
a logging feature or some tcp trace utility ? If it is to do with some missing
header then it can be added explicitly on Linux
Cheers, Sergey
> I'm using JDK 1.6.0_24 that have support of NTLM.
>
> Here is configuration of http:conduit element.
>
> <http:conduit name="*.http-conduit">
> <http:proxyAuthorization>
> <sec:UserName>${proxy.user}</sec:UserName>
> <sec:Password>${proxy.pass}</sec:Password>
> <sec:AuthorizationType>NTLM</sec:AuthorizationType>
> </http:proxyAuthorization>
> <http:client
> ProxyServerType="HTTP"
> ProxyServer="${proxy.host}"
> ProxyServerPort="${proxy.port}"
> AutoRedirect="true"
> AllowChunking="false"
> Connection="Keep-Alive"
> ContentType="application/x-www-form-urlencoded"/>
> </http:conduit>
>
> Is it possible to configure CXF on a linux machine to call external services
> throuth NTLM proxies?
>
>
> Best Regards,
> Sergey Zhemzhitsky
>
>
> _______________________________________________________
>
> The information contained in this message may be privileged and conf idential
> and protected from disclosure. If you are not the original intended
> recipient, you are hereby notified that any review, retransmission,
> dissemination, or other use of, or taking of any action in reliance upon,
> this information is prohibited. If you have received this communication in
> error, please notify the sender immediately by replying to this message and
> delete it from your computer. Thank you for your cooperation. Troika Dialog,
> Russia.
> If you need assistance please contact our Contact Center (+7495) 258
> 0500 or go to www.troika.ru/eng/Contacts/system.wbp
>
>
_______________________________________________________
The information contained in this message may be privileged and conf idential
and protected from disclosure. If you are not the original intended recipient,
you are hereby notified that any review, retransmission, dissemination, or
other use of, or taking of any action in reliance upon, this information is
prohibited. If you have received this communication in error, please notify the
sender immediately by replying to this message and delete it from your
computer. Thank you for your cooperation. Troika Dialog, Russia.
If you need assistance please contact our Contact Center (+7495) 258 0500 or
go to www.troika.ru/eng/Contacts/system.wbp
