Hi Freeman, I'm using JDK 1.6.0_24 on both hosts.
By the way my proxy host requires NTLMv2 authentication. Best Regards, Sergey Zhemzhitsky -----Original Message----- From: Freeman Fang [mailto:[email protected]] Sent: Tuesday, May 31, 2011 5:42 PM To: [email protected] Subject: Re: Linux box and NTLM proxy authorization Hi, Interesting, is there any JDK version difference between windows and linux? Freeman On 2011-5-31, at 下午9:18, Zhemzhitsky Sergey wrote: > It seems that if username is set cxf tries to use basic > authentication, at least there is the following code in the > org.apache.cxf.transport.http.HttpConduit which set HTTP headers for > basic authentication if the username for the proxy is configured. > > private void setHeadersByAuthorizationPolicy( > Message message, > URL url, > Map<String, List<String>> headers > ) { > AuthorizationPolicy authPolicy = getAuthorization(); ... > AuthorizationPolicy proxyAuthPolicy = getProxyAuthorization(); > if (proxyAuthPolicy != null && > proxyAuthPolicy.isSetUserName()) { > userName = proxyAuthPolicy.getUserName(); > if (userName != null) { > passwd = ""; > if (proxyAuthPolicy.isSetPassword()) { > passwd = proxyAuthPolicy.getPassword(); > } > setProxyBasicAuthHeader(userName, passwd, headers); > } else if (proxyAuthPolicy.isSetAuthorizationType() > && proxyAuthPolicy.isSetAuthorization()) { > String type = proxyAuthPolicy.getAuthorizationType(); > type += " "; > type += proxyAuthPolicy.getAuthorization(); > headers.put("Proxy-Authorization", > createMutableList(type)); > } > } > > Here is output from the logging output interceptor: > > Content-Type: application/x-www-form-urlencoded > Headers: {accept-encoding=[gzip,deflate], > org.apache.cxf.request.uri=[/cxf/sms/message/segment/26292604/ > state], Host=[linuxHost:8443], CamelCxfRsQueryMap=[{user=XXX, > pass=XXX, action=status}], User-Agent=[Jakarta Commons-HttpClient/ > 3.1], Accept=[application/xml], > org.apache.cxf.message.Message.ENCODING=[ISO-8859-1], Content- > Type=[*/*], Proxy-Authorization=[Basic bGRhcHNlYXJjaDpsZGFwc2VhcmNo], > Connection=[Keep-Alive]} > > The interesting thing is Proxy-Authorization=[Basic > bGRhcHNlYXJjaDpsZGFwc2VhcmNo]. > > So now I'm quite confused why I was able to run cxf successfully on > the windows host. > > On windows and linux hosts headers are exactly the same, but the > interesting thing is that on the windows host > org.apache.cxf.transport.http.CXFAuthenticator is not called at all, > at the same time on the linux host it is called to get user name and > password for the proxy. > > > Best Regards, > Sergey Zhemzhitsky > > > -----Original Message----- > From: Sergey Beryozkin [mailto:[email protected]] > Sent: Tuesday, May 31, 2011 3:00 PM > To: [email protected] > Subject: Re: Linux box and NTLM proxy authorization > > Hi > > 2011/5/31 Zhemzhitsky Sergey <[email protected]>: >> Hi there, >> >> I need to call an external RESTful service by means of cxf from my >> local area network. The request have to go through the NTLM proxy. >> On my windows machine everything works as expected and I have the >> external service called. At the same time on the linux machine I've >> got HTTP response code 407 every time. >> > > I'm wondering, is it something to do with the fact that the server > recognizes that the request comes in from Windows ? > Perhaps some extra HTTP header is included by default on Win, given > that CXF uses HttpURLConnection... > Can you please capture the headers which CXF sends on Windows and > Linux, using a logging feature or some tcp trace utility ? If it is to > do with some missing header then it can be added explicitly on Linux > > Cheers, Sergey > > >> I'm using JDK 1.6.0_24 that have support of NTLM. >> >> Here is configuration of http:conduit element. >> >> <http:conduit name="*.http-conduit"> >> <http:proxyAuthorization> >> <sec:UserName>${proxy.user}</sec:UserName> >> <sec:Password>${proxy.pass}</sec:Password> >> <sec:AuthorizationType>NTLM</sec:AuthorizationType> >> </http:proxyAuthorization> >> <http:client >> ProxyServerType="HTTP" >> ProxyServer="${proxy.host}" >> ProxyServerPort="${proxy.port}" >> AutoRedirect="true" >> AllowChunking="false" >> Connection="Keep-Alive" >> ContentType="application/x-www-form-urlencoded"/> >> </http:conduit> >> >> Is it possible to configure CXF on a linux machine to call external >> services throuth NTLM proxies? >> >> >> Best Regards, >> Sergey Zhemzhitsky >> >> >> _______________________________________________________ >> >> The information contained in this message may be privileged and conf >> idential and protected from disclosure. If you are not the original >> intended recipient, you are hereby notified that any review, >> retransmission, dissemination, or other use of, or taking of any >> action in reliance upon, this information is prohibited. If you have >> received this communication in error, please notify the sender >> immediately by replying to this message and delete it from your >> computer. Thank you for your cooperation. Troika Dialog, Russia. >> If you need assistance please contact our Contact Center (+7495) 258 >> 0500 or go to www.troika.ru/eng/Contacts/system.wbp >> >> > > _______________________________________________________ > > The information contained in this message may be privileged and conf > idential and protected from disclosure. If you are not the original > intended recipient, you are hereby notified that any review, > retransmission, dissemination, or other use of, or taking of any > action in reliance upon, this information is prohibited. If you have > received this communication in error, please notify the sender > immediately by replying to this message and delete it from your > computer. Thank you for your cooperation. Troika Dialog, Russia. > If you need assistance please contact our Contact Center (+7495) > 258 0500 or go to www.troika.ru/eng/Contacts/system.wbp > > --------------------------------------------- Freeman Fang FuseSource Email:[email protected] Web: fusesource.com Twitter: freemanfang Blog: http://freemanfang.blogspot.com Connect at CamelOne May 24-26 The Open Source Integration Conference _______________________________________________________ The information contained in this message may be privileged and conf idential and protected from disclosure. If you are not the original intended recipient, you are hereby notified that any review, retransmission, dissemination, or other use of, or taking of any action in reliance upon, this information is prohibited. If you have received this communication in error, please notify the sender immediately by replying to this message and delete it from your computer. Thank you for your cooperation. Troika Dialog, Russia. If you need assistance please contact our Contact Center (+7495) 258 0500 or go to www.troika.ru/eng/Contacts/system.wbp
