On Wednesday, September 07, 2011 11:16:47 AM samyem wrote: > Hi Daniel, > I had not thought about that and now viola - with the policy element taken > out of the WSDL manually, the NTLM works even without a > "jcifs.Config.registerSmbURLHandler()" under JDK 1.5. So is there a way to > get CXF to work with the Policy tags as is in the WSDL?
You would need to write the WS-Policy support for it for CXF. If interested, this is something that you could submit back to CXF once you get it work. Some overview: http://cxf.apache.org/docs/ws-policy-framework-overview.html (although some of that may be out of date) Basically, you would write a NTLMToken object and an NTLMTokenBuilder. You could use the Https versions in: http://svn.apache.org/repos/asf/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/ http://svn.apache.org/repos/asf/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ as starting points. They write an InterceptorProvider for it that would provide an interceptor that would verify that NTLM was being used and such and assert the policies. Example again would be HTTPS: http://svn.apache.org/repos/asf/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors Dan > I got the following > test code on the WCF side: > > public static void Main(){ > Uri baseAddress = new Uri("http://localhost/cxfTest";); > > using (ServiceHost host = new ServiceHost(typeof(Service1), baseAddress)) > { > ServiceMetadataBehavior smb = new ServiceMetadataBehavior(); > smb.HttpGetEnabled = true; > smb.MetadataExporter.PolicyVersion = PolicyVersion.Policy15; > host.Description.Behaviors.Add(smb); > > BasicHttpBinding httpBinding = new BasicHttpBinding(); > httpBinding.Security.Mode = > BasicHttpSecurityMode.TransportCredentialOnly; > httpBinding.Security.Transport.ClientCredentialType = > HttpClientCredentialType.Windows; > host.AddServiceEndpoint(typeof(IService1), httpBinding, baseAddress); > > host.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = > UserNamePasswordValidationMode.Windows; > > host.Open(); > > Console.WriteLine("Service running at {0}", baseAddress); > Application.Run(); > host.Close(); > } > } > > Which adds the policy tags in WSDL as: > > <wsp:Policy wsu:Id="BasicHttpBinding_IService1_policy"> > <wsp:ExactlyOne> > <wsp:All> > <http:NegotiateAuthentication > xmlns:http="http://schemas.microsoft.com/ws/06/2004/policy/http"; /> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > > When this tag is manually commented out and the references to it removed, > then CXF was happy and the WCF service was also able to pick up the NTLM > context at OperationContext.Current.ServiceSecurityContext.WindowsIdentity. > But keeping the WSDL with the Policy tag produces the original exception. > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/NTLM-security-between-WCF-and-CXF-tp4763671 > p4779559.html Sent from the cxf-user mailing list archive at Nabble.com. -- Daniel Kulp [email protected] http://dankulp.com/blog Talend - http://www.talend.com
