Hi,
Interesting, is there any JDK version difference between windows and
linux?
Freeman
On 2011-5-31, at 下午9:18, Zhemzhitsky Sergey wrote:
It seems that if username is set cxf tries to use basic
authentication, at least there is the following code in the
org.apache.cxf.transport.http.HttpConduit which set HTTP headers for
basic authentication if the username for the proxy is configured.
private void setHeadersByAuthorizationPolicy(
Message message,
URL url,
Map<String, List<String>> headers
) {
AuthorizationPolicy authPolicy = getAuthorization();
...
AuthorizationPolicy proxyAuthPolicy = getProxyAuthorization();
if (proxyAuthPolicy != null &&
proxyAuthPolicy.isSetUserName()) {
userName = proxyAuthPolicy.getUserName();
if (userName != null) {
passwd = "";
if (proxyAuthPolicy.isSetPassword()) {
passwd = proxyAuthPolicy.getPassword();
}
setProxyBasicAuthHeader(userName, passwd, headers);
} else if (proxyAuthPolicy.isSetAuthorizationType()
&& proxyAuthPolicy.isSetAuthorization()) {
String type = proxyAuthPolicy.getAuthorizationType();
type += " ";
type += proxyAuthPolicy.getAuthorization();
headers.put("Proxy-Authorization",
createMutableList(type));
}
}
Here is output from the logging output interceptor:
Content-Type: application/x-www-form-urlencoded
Headers: {accept-encoding=[gzip,deflate],
org.apache.cxf.request.uri=[/cxf/sms/message/segment/26292604/
state], Host=[linuxHost:8443], CamelCxfRsQueryMap=[{user=XXX,
pass=XXX, action=status}], User-Agent=[Jakarta Commons-HttpClient/
3.1], Accept=[application/xml],
org.apache.cxf.message.Message.ENCODING=[ISO-8859-1], Content-
Type=[*/*], Proxy-Authorization=[Basic
bGRhcHNlYXJjaDpsZGFwc2VhcmNo], Connection=[Keep-Alive]}
The interesting thing is Proxy-Authorization=[Basic
bGRhcHNlYXJjaDpsZGFwc2VhcmNo].
So now I'm quite confused why I was able to run cxf successfully on
the windows host.
On windows and linux hosts headers are exactly the same, but the
interesting thing is that on the windows host
org.apache.cxf.transport.http.CXFAuthenticator is not called at all,
at the same time on the linux host it is called to get user name and
password for the proxy.
Best Regards,
Sergey Zhemzhitsky
-----Original Message-----
From: Sergey Beryozkin [mailto:[email protected]]
Sent: Tuesday, May 31, 2011 3:00 PM
To: [email protected]
Subject: Re: Linux box and NTLM proxy authorization
Hi
2011/5/31 Zhemzhitsky Sergey <[email protected]>:
Hi there,
I need to call an external RESTful service by means of cxf from my
local area network. The request have to go through the NTLM proxy.
On my windows machine everything works as expected and I have the
external service called. At the same time on the linux machine I've
got HTTP response code 407 every time.
I'm wondering, is it something to do with the fact that the server
recognizes that the request comes in from Windows ?
Perhaps some extra HTTP header is included by default on Win, given
that CXF uses HttpURLConnection...
Can you please capture the headers which CXF sends on Windows and
Linux, using a logging feature or some tcp trace utility ? If it is
to do with some missing header then it can be added explicitly on
Linux
Cheers, Sergey
I'm using JDK 1.6.0_24 that have support of NTLM.
Here is configuration of http:conduit element.
<http:conduit name="*.http-conduit">
<http:proxyAuthorization>
<sec:UserName>${proxy.user}</sec:UserName>
<sec:Password>${proxy.pass}</sec:Password>
<sec:AuthorizationType>NTLM</sec:AuthorizationType>
</http:proxyAuthorization>
<http:client
ProxyServerType="HTTP"
ProxyServer="${proxy.host}"
ProxyServerPort="${proxy.port}"
AutoRedirect="true"
AllowChunking="false"
Connection="Keep-Alive"
ContentType="application/x-www-form-urlencoded"/>
</http:conduit>
Is it possible to configure CXF on a linux machine to call external
services throuth NTLM proxies?
Best Regards,
Sergey Zhemzhitsky
_______________________________________________________
The information contained in this message may be privileged and
conf idential and protected from disclosure. If you are not the
original intended recipient, you are hereby notified that any
review, retransmission, dissemination, or other use of, or taking
of any action in reliance upon, this information is prohibited. If
you have received this communication in error, please notify the
sender immediately by replying to this message and delete it from
your computer. Thank you for your cooperation. Troika Dialog, Russia.
If you need assistance please contact our Contact Center (+7495) 258
0500 or go to www.troika.ru/eng/Contacts/system.wbp
_______________________________________________________
The information contained in this message may be privileged and conf
idential and protected from disclosure. If you are not the original
intended recipient, you are hereby notified that any review,
retransmission, dissemination, or other use of, or taking of any
action in reliance upon, this information is prohibited. If you have
received this communication in error, please notify the sender
immediately by replying to this message and delete it from your
computer. Thank you for your cooperation. Troika Dialog, Russia.
If you need assistance please contact our Contact Center (+7495)
258 0500 or go to www.troika.ru/eng/Contacts/system.wbp
---------------------------------------------
Freeman Fang
FuseSource
Email:[email protected]
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
Connect at CamelOne May 24-26
The Open Source Integration Conference
