Do we also have to set AuthorizationPolicy with the type 'Negotiate' for this case ? Christian, what do you think ? Cheers, Sergey
2011/5/31 Zhemzhitsky Sergey <[email protected]>: > It seems that if username is set cxf tries to use basic authentication, at > least there is the following code in the > org.apache.cxf.transport.http.HttpConduit which set HTTP headers for basic > authentication if the username for the proxy is configured. > > private void setHeadersByAuthorizationPolicy( > Message message, > URL url, > Map<String, List<String>> headers > ) { > AuthorizationPolicy authPolicy = getAuthorization(); > ... > AuthorizationPolicy proxyAuthPolicy = getProxyAuthorization(); > if (proxyAuthPolicy != null && proxyAuthPolicy.isSetUserName()) { > userName = proxyAuthPolicy.getUserName(); > if (userName != null) { > passwd = ""; > if (proxyAuthPolicy.isSetPassword()) { > passwd = proxyAuthPolicy.getPassword(); > } > setProxyBasicAuthHeader(userName, passwd, headers); > } else if (proxyAuthPolicy.isSetAuthorizationType() > && proxyAuthPolicy.isSetAuthorization()) { > String type = proxyAuthPolicy.getAuthorizationType(); > type += " "; > type += proxyAuthPolicy.getAuthorization(); > headers.put("Proxy-Authorization", > createMutableList(type)); > } > } > > Here is output from the logging output interceptor: > > Content-Type: application/x-www-form-urlencoded > Headers: {accept-encoding=[gzip,deflate], > org.apache.cxf.request.uri=[/cxf/sms/message/segment/26292604/state], > Host=[linuxHost:8443], CamelCxfRsQueryMap=[{user=XXX, pass=XXX, > action=status}], User-Agent=[Jakarta Commons-HttpClient/3.1], > Accept=[application/xml], > org.apache.cxf.message.Message.ENCODING=[ISO-8859-1], Content-Type=[*/*], > Proxy-Authorization=[Basic bGRhcHNlYXJjaDpsZGFwc2VhcmNo], > Connection=[Keep-Alive]} > > The interesting thing is Proxy-Authorization=[Basic > bGRhcHNlYXJjaDpsZGFwc2VhcmNo]. > > So now I'm quite confused why I was able to run cxf successfully on the > windows host. > > On windows and linux hosts headers are exactly the same, but the interesting > thing is that on the windows host > org.apache.cxf.transport.http.CXFAuthenticator is not called at all, at the > same time on the linux host it is called to get user name and password for > the proxy. > > > Best Regards, > Sergey Zhemzhitsky > > > -----Original Message----- > From: Sergey Beryozkin [mailto:[email protected]] > Sent: Tuesday, May 31, 2011 3:00 PM > To: [email protected] > Subject: Re: Linux box and NTLM proxy authorization > > Hi > > 2011/5/31 Zhemzhitsky Sergey <[email protected]>: >> Hi there, >> >> I need to call an external RESTful service by means of cxf from my local >> area network. The request have to go through the NTLM proxy. >> On my windows machine everything works as expected and I have the external >> service called. At the same time on the linux machine I've got HTTP response >> code 407 every time. >> > > I'm wondering, is it something to do with the fact that the server recognizes > that the request comes in from Windows ? > Perhaps some extra HTTP header is included by default on Win, given that CXF > uses HttpURLConnection... > Can you please capture the headers which CXF sends on Windows and Linux, > using a logging feature or some tcp trace utility ? If it is to do with some > missing header then it can be added explicitly on Linux > > Cheers, Sergey > > >> I'm using JDK 1.6.0_24 that have support of NTLM. >> >> Here is configuration of http:conduit element. >> >> <http:conduit name="*.http-conduit"> >> <http:proxyAuthorization> >> <sec:UserName>${proxy.user}</sec:UserName> >> <sec:Password>${proxy.pass}</sec:Password> >> <sec:AuthorizationType>NTLM</sec:AuthorizationType> >> </http:proxyAuthorization> >> <http:client >> ProxyServerType="HTTP" >> ProxyServer="${proxy.host}" >> ProxyServerPort="${proxy.port}" >> AutoRedirect="true" >> AllowChunking="false" >> Connection="Keep-Alive" >> ContentType="application/x-www-form-urlencoded"/> >> </http:conduit> >> >> Is it possible to configure CXF on a linux machine to call external services >> throuth NTLM proxies? >> >> >> Best Regards, >> Sergey Zhemzhitsky >> >> >> _______________________________________________________ >> >> The information contained in this message may be privileged and conf >> idential and protected from disclosure. If you are not the original intended >> recipient, you are hereby notified that any review, retransmission, >> dissemination, or other use of, or taking of any action in reliance upon, >> this information is prohibited. If you have received this communication in >> error, please notify the sender immediately by replying to this message and >> delete it from your computer. Thank you for your cooperation. Troika Dialog, >> Russia. >> If you need assistance please contact our Contact Center (+7495) 258 >> 0500 or go to www.troika.ru/eng/Contacts/system.wbp >> >> > > _______________________________________________________ > > The information contained in this message may be privileged and conf idential > and protected from disclosure. If you are not the original intended > recipient, you are hereby notified that any review, retransmission, > dissemination, or other use of, or taking of any action in reliance upon, > this information is prohibited. If you have received this communication in > error, please notify the sender immediately by replying to this message and > delete it from your computer. Thank you for your cooperation. Troika Dialog, > Russia. > If you need assistance please contact our Contact Center (+7495) 258 0500 or > go to www.troika.ru/eng/Contacts/system.wbp > > > -- Sergey Beryozkin Application Integration Division of Talend http://sberyozkin.blogspot.com
