I noticed that there is a CXF supplied AssertionBuilder for KerberosToken at
https://svn.apache.org/repos/asf/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KerberosTokenBuilder.java which gave me a hint to attempt to modify the binding configuration in WCF using the WCF interop express <http://wcf.codeplex.com/releases/view/68276>as: <wso2InteropBinding> <binding name="serviceBinding"> <security pattern="Kerberos" /> </binding> </wso2InteropBinding> which adds the "KerberosToken" policy in the WSDL and this removed the "No assertion builder for type" warning from CXF, but it still failed with "None of the policy alternatives can be satisfied. " Would there be another alternative policy that the WCF interop binding can work with? I've added a new issue on WCF's side as well: http://wcf.codeplex.com/workitem/71 <http://wcf.codeplex.com/workitem/71> On Fri, Sep 9, 2011 at 1:45 PM, Daniel Kulp [via CXF] < [email protected]> wrote: > On Wednesday, September 07, 2011 11:16:47 AM samyem wrote: > > Hi Daniel, > > I had not thought about that and now viola - with the policy element > taken > > out of the WSDL manually, the NTLM works even without a > > "jcifs.Config.registerSmbURLHandler()" under JDK 1.5. So is there a way > to > > get CXF to work with the Policy tags as is in the WSDL? > > You would need to write the WS-Policy support for it for CXF. If > interested, > this is something that you could submit back to CXF once you get it work. > > Some overview: > http://cxf.apache.org/docs/ws-policy-framework-overview.html > (although some of that may be out of date) > > > Basically, you would write a NTLMToken object and an NTLMTokenBuilder. You > > could use the Https versions in: > > > http://svn.apache.org/repos/asf/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/ > > http://svn.apache.org/repos/asf/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ > > as starting points. They write an InterceptorProvider for it that would > provide an interceptor that would verify that NTLM was being used and such > and > assert the policies. Example again would be HTTPS: > > > http://svn.apache.org/repos/asf/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors > > > Dan > > > > > I got the following > > test code on the WCF side: > > > > public static void Main(){ > > Uri baseAddress = new Uri("http://localhost/cxfTest";); > > > > using (ServiceHost host = new ServiceHost(typeof(Service1), > baseAddress)) > > { > > ServiceMetadataBehavior smb = new ServiceMetadataBehavior(); > > smb.HttpGetEnabled = true; > > smb.MetadataExporter.PolicyVersion = PolicyVersion.Policy15; > > host.Description.Behaviors.Add(smb); > > > > BasicHttpBinding httpBinding = new BasicHttpBinding(); > > httpBinding.Security.Mode = > > BasicHttpSecurityMode.TransportCredentialOnly; > > httpBinding.Security.Transport.ClientCredentialType = > > HttpClientCredentialType.Windows; > > host.AddServiceEndpoint(typeof(IService1), httpBinding, baseAddress); > > > > > > host.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = > > UserNamePasswordValidationMode.Windows; > > > > host.Open(); > > > > Console.WriteLine("Service running at {0}", baseAddress); > > Application.Run(); > > host.Close(); > > } > > } > > > > Which adds the policy tags in WSDL as: > > > > <wsp:Policy wsu:Id="BasicHttpBinding_IService1_policy"> > > <wsp:ExactlyOne> > > <wsp:All> > > <http:NegotiateAuthentication > > > xmlns:http="http://schemas.microsoft.com/ws/06/2004/policy/http"; /> > > > </wsp:All> > > </wsp:ExactlyOne> > > </wsp:Policy> > > > > When this tag is manually commented out and the references to it removed, > > > then CXF was happy and the WCF service was also able to pick up the NTLM > > context at > OperationContext.Current.ServiceSecurityContext.WindowsIdentity. > > But keeping the WSDL with the Policy tag produces the original exception. > > > > > -- > > View this message in context: > > > http://cxf.547215.n5.nabble.com/NTLM-security-between-WCF-and-CXF-tp4763671 > > p4779559.html Sent from the cxf-user mailing list archive at Nabble.com. > -- > Daniel Kulp > [hidden email] <http://user/SendEmail.jtp?type=node&node=4787196&i=0> > http://dankulp.com/blog > Talend - http://www.talend.com > > > ------------------------------ > If you reply to this email, your message will be added to the discussion > below: > > http://cxf.547215.n5.nabble.com/NTLM-security-between-WCF-and-CXF-tp4763671p4787196.html > To unsubscribe from NTLM security between WCF and CXF, click > here<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=4763671&code=c2FteWVtQGdtYWlsLmNvbXw0NzYzNjcxfDkxNzMxMjUyMQ==>. > > -- View this message in context: http://cxf.547215.n5.nabble.com/NTLM-security-between-WCF-and-CXF-tp4763671p4787359.html Sent from the cxf-user mailing list archive at Nabble.com.
