Hi!
On Tuesday 13 September 2011 13:12:47 Freeman Fang wrote:
> Hi,
>
> In this case the "{WSDL Namespace}portName" would never work for
> downloading the wsdl as the portName is unknown at that point.
> You need change your http:conduit like
> <http-conf:conduit name="https://server_ip:port/.*";>
> the "https" prefix here is important.
>
This works nicely, thanks! :)
Also specifying <http-conf:conduit name="*"> works.
Is it possible to configure this in code instead of XML?
> Freeman
>
> > On Monday 12 September 2011 15:03:45 Michael Sliwak wrote:
> >> I successfully logged in with Kerberos using httpcomponents-client as
> >> described here http://hc.apache.org/httpcomponents-client-
> >> ga/tutorial/html/authentication.html#spnego
> >>
> >> After a debugging run it seems that you have to set
> >>
> >> <sec:Authorization/>
> >>
> >> when using <sec:UserName /> and <sec:Password /> in cxf.xml.
> >> Line 104 in SpnegoAuthSupplier.java creates a new LoginContext with
> >> authPolicy.getAuthorization() as the first constructor argument.
> >> Currently
> >> this method returns null as I did not set <sec:Authorization/> in
> >> cxf.xml.
> >> Maybe this sets the name for the login.conf section. SampleClient
> >> in your
> >> example. I'll give it a try.
> >>
> >> On Monday 12 September 2011 14:50:54 Christian Schneider wrote:
> >>> I am not sure if it is the login.conf but you need to specify that
> >>> you
> >>> want to use the tgt cache like this:
> >>>
> >>> SampleClient {
> >>>
> >>> com.sun.security.auth.module.Krb5LoginModule
> >>>
> >>> required*useTicketCache=true* };
> >>>
> >>> I am not sure about the name SampleClient above and what you should
> >>> write
> >>> there but the *useTicketCache=true* is important.
> >>> I currently have no kerberos environment else I would do a test
> >>> and let
> >>> you know what is necessary.
> >>>
> >>> Btw. Have you tried to do a kerberos login without CXF? The config
> >>> you
> >>> need there should be the same as for cxf.
> >>>
> >>> Christian
> >>>
> >>> Am 12.09.2011 14:38, schrieb Michael Sliwak:
> >>>> Hi Christian!
> >>>>
> >>>> Setting the corresponding registry key on windows does not have
> >>>> any
> >>>> effect.
> >>>>
> >>>> Just one quick question before I dive more in to the code of CXF.
> >>>> Do
> >>>> I
> >>>> have to specify a login.conf for JGSS when using CXF?
> >>>>
> >>>> The Javadoc for the LoginContext states
> >>>> (http://download.oracle.com/javase/1,5.0/docs/api/javax/security/
> >>>> aut
> >>>> h/lo gin/LoginContext.html#LoginContext(java.lang.String,
> >>>> %20javax.security.auth.callback.CallbackHandler):
> >>>>
> >>>> Throws:
> >>>> LoginException - if the caller-specified name does not appear in
> >>>> the
> >>>> Configuration and there is no Configuration entry for "other", if
> >>>> the
> >>>> caller- specified subject is null, or if the
> >>>> auth.login.defaultCallbackHandler security property was set, but
> >>>> the
> >>>> implementation class could not be loaded.
> >>>>
> >>>> I have a slight suspicion that I'm still missing some
> >>>> configuration.
> >>>>
> >>>> Michael
> >>>>
> >>>> On Monday 12 September 2011 13:19:16 Christian Schneider wrote:
> >>>>> I am not sure about the first exception. Could you debug into
> >>>>> the
> >>>>> code
> >>>>> and try to find out more about the point where the exception
> >>>>> happens?
> >>>>>
> >>>>> About the second problem when using no username and password on
> >>>>> windows.
> >>>>> Can you check if you have the registry setting that allows java
> >>>>> to
> >>>>> use
> >>>>> the tgt?
> >>>>> See: http://www.javaactivedirectory.com/?page_id=93
> >>>>>
> >>>>> Christian
> >>>>>
> >>>>> Am 12.09.2011 13:07, schrieb Michael Sliwak:
> >>>>>> Hello everyone!
> >>>>>>
> >>>>>> According to
> >>>>>> http://cxf.apache.org/docs/client-http-transport-including-ssl
> >>>>>> -
> >>>>>> support.html#ClientHTTPTransport%28includingSSLsupport%29-
> >>>>>> SpnegoAuthentication%28Kerberos%29 CXF should be able to
> >>>>>> handle
> >>>>>> Kerberos/SPNEGO authentication when accessing web services.
> >>>>>>
> >>>>>> I'm trying to access an ASP.NET Web Service that is secured by
> >>>>>> Kerberos
> >>>>>> (Integrated Windows authentication) using CXF.
> >>>>>>
> >>>>>> I have configured everything as stated in the documentation.
> >>>>>> Here's
> >>>>>> my
> >>>>>> cxf.xml
> >>>>>>
> >>>>>> <?xml version="1.0" encoding="UTF-8"?>
> >>>>>>
> >>>>>> <beans xmlns="http://www.springframework.org/schema/beans";
> >>>>>>
> >>>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> >>>>>>
> >>>>>> xmlns:sec="http://cxf.apache.org/configuration/security";
> >>>>>>
> >>>>>> xmlns:http="http://cxf.apache.org/transports/http/config
> >>>>>> urat
> >>>>>> ion"
> >>>>>> xmlns:jaxws="http://cxf.apache.org/jaxws";
> >>>>>> xsi:schemaLocation="
> >>>>>>
> >>>>>> http://cxf.apache.org/configuration/se
> >>>>>> curi
> >>>>>> ty
> >>>>>> http://cxf.apache.org/schemas/configur
> >>>>>> atio
> >>>>>> n/secu
> >>>>>> rity.xsd
> >>>>>> http://cxf.apache.org/transports/http/
> >>>>>> conf
> >>>>>> igurat
> >>>>>> ion
> >>>>>> http://cxf.apache.org/schemas/configur
> >>>>>> atio
> >>>>>> n/http
> >>>>>> -conf.xsd
> >>>>>> http://cxf.apache.org/jaxws
> >>>>>> http://cxf.apache.org/schemas/jaxws.xs
> >>>>>> d
> >>>>>> http://www.springframework.org/schema/
> >>>>>> bean
> >>>>>> s
> >>>>>> http://www.springframework.org/schema/
> >>>>>> bean
> >>>>>> s/spri
> >>>>>> ng-beans.xsd">>
> >>>>>>
> >>>>>> <http:conduit
> >>>>>> name="{http://some.name.space/}SoapPort.http-conduit";>
> >>>>>>
> >>>>>> <http:client AllowChunking="false" />
> >>>>>> <http:authorization>
> >>>>>>
> >>>>>> <sec:UserName>username</sec:UserName>
> >>>>>> <sec:Password>password</sec:Password>
> >>>>>> <sec:AuthorizationType>Negotiate</sec:Authorizat
> >>>>>> ionT
> >>>>>> ype>
> >>>>>>
> >>>>>> </http:authorization>
> >>>>>>
> >>>>>> </http:conduit>
> >>>>>>
> >>>>>> </beans>
> >>>>>>
> >>>>>> Whenever i run my code, i get the following exception:
> >>>>>>
> >>>>>> Caused by: java.lang.RuntimeException: Invalid null input:
> >>>>>> name
> >>>>>>
> >>>>>> at
> >>>>>>
> >>>>>> org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getAutho
> >>>>>> ri
> >>>>>> zati
> >>>>>> on(S pnegoAuthSupplier.java:80)>
> >>>>>>
> >>>>>> at
> >>>>>>
> >>>>>> org.apache.cxf.transport.http.HTTPConduit.setHeadersByAuthoriz
> >>>>>> at
> >>>>>> ionP
> >>>>>> olic y(HTTPConduit.java:771)>
> >>>>>>
> >>>>>> at
> >>>>>> org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPCondui
> >>>>>> t.
> >>>>>> java
> >>>>>>
> >>>>>> :54
> >>>>>>
> >>>>>> 1) at
> >>>>>>
> >>>>>> org.apache.cxf.interceptor.MessageSenderInterceptor.handleMess
> >>>>>> ag
> >>>>>> e(Me
> >>>>>> ssag eSenderInterceptor.java:46)>
> >>>>>>
> >>>>>> at
> >>>>>>
> >>>>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIn
> >>>>>> te
> >>>>>> rcep
> >>>>>> torC hain.java:263)>
> >>>>>>
> >>>>>> at
> >>>>>> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:
> >>>>>> 51
> >>>>>> 9)
> >>>>>> at
> >>>>>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:44
> >>>>>> 9
> >>>>>> )
> >>>>>> at
> >>>>>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:35
> >>>>>> 2
> >>>>>> )
> >>>>>> at
> >>>>>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:30
> >>>>>> 4
> >>>>>> )
> >>>>>> at
> >>>>>> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.j
> >>>>>> av
> >>>>>> a:8
> >>>>>> 8)
> >>>>>> at
> >>>>>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProx
> >>>>>> y.
> >>>>>> java
> >>>>>>
> >>>>>> :13
> >>>>>>
> >>>>>> 4) ... 2 more
> >>>>>>
> >>>>>> Caused by: javax.security.auth.login.LoginException: Invalid
> >>>>>> null
> >>>>>> input: name>
> >>>>>>
> >>>>>> at
> >>>>>> javax.security.auth.login.LoginContext.init(LoginContext.jav
> >>>>>> a:
> >>>>>> 229
> >>>>>> )
> >>>>>> at
> >>>>>> javax.security.auth.login.LoginContext.<init>(LoginContext.j
> >>>>>> av
> >>>>>> a:40
> >>>>>> 3)
> >>>>>> at
> >>>>>>
> >>>>>> org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getToken
> >>>>>> (S
> >>>>>> pneg
> >>>>>> oAut hSupplier.java:104)>
> >>>>>>
> >>>>>> at
> >>>>>>
> >>>>>> org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getToken
> >>>>>> (S
> >>>>>> pneg
> >>>>>> oAut hSupplier.java:144)>
> >>>>>>
> >>>>>> at
> >>>>>>
> >>>>>> org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getAutho
> >>>>>> ri
> >>>>>> zati
> >>>>>> on(S pnegoAuthSupplier.java:77)>
> >>>>>>
> >>>>>> ... 12 more
> >>>>>>
> >>>>>> This happens on both Windows and Linux.
> >>>>>>
> >>>>>> krb5.conf/krb5.ini is present and found by Java.
> >>>>>>
> >>>>>> On the other hand, when I leave the Username and password
> >>>>>> blank
> >>>>>> i
> >>>>>> get an exception that no TGT could be aquired. Anyhow 'klist'
> >>>>>> on
> >>>>>> both Windows and Linux states that there is a TGT available in
> >>>>>> the
> >>>>>> cache.
> >>>>>>
> >>>>>> Caused by: java.lang.RuntimeException: No valid credentials
> >>>>>> provided
> >>>>>> (Mechanism level: No valid credentials provided (Mechanism
> >>>>>> level:
> >>>>>> Failed to find any Kerberos tgt))
> >>>>>>
> >>>>>> at
> >>>>>>
> >>>>>> org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getAutho
> >>>>>> ri
> >>>>>> zati
> >>>>>> on(S pnegoAuthSupplier.java:82)>
> >>>>>>
> >>>>>> at
> >>>>>>
> >>>>>> org.apache.cxf.transport.http.HTTPConduit.setHeadersByAuthoriz
> >>>>>> at
> >>>>>> ionP
> >>>>>> olic y(HTTPConduit.java:771)>
> >>>>>>
> >>>>>> at
> >>>>>> org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPCondui
> >>>>>> t.
> >>>>>> java
> >>>>>>
> >>>>>> :54
> >>>>>>
> >>>>>> 1) at
> >>>>>>
> >>>>>> org.apache.cxf.interceptor.MessageSenderInterceptor.handleMess
> >>>>>> ag
> >>>>>> e(Me
> >>>>>> ssag eSenderInterceptor.java:46)>
> >>>>>>
> >>>>>> at
> >>>>>>
> >>>>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIn
> >>>>>> te
> >>>>>> rcep
> >>>>>> torC hain.java:263)>
> >>>>>>
> >>>>>> at
> >>>>>> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:
> >>>>>> 51
> >>>>>> 9)
> >>>>>> at
> >>>>>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:44
> >>>>>> 9
> >>>>>> )
> >>>>>> at
> >>>>>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:35
> >>>>>> 2
> >>>>>> )
> >>>>>> at
> >>>>>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:30
> >>>>>> 4
> >>>>>> )
> >>>>>> at
> >>>>>> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.j
> >>>>>> av
> >>>>>> a:8
> >>>>>> 8)
> >>>>>> at
> >>>>>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProx
> >>>>>> y.
> >>>>>> java
> >>>>>>
> >>>>>> :13
> >>>>>>
> >>>>>> 4) ... 2 more
> >>>>>>
> >>>>>> Caused by: GSSException: No valid credentials provided
> >>>>>> (Mechanism
> >>>>>> level: No valid credentials provided (Mechanism level: Failed
> >>>>>> to
> >>>>>> find any Kerberos tgt))>
> >>>>>>
> >>>>>> at
> >>>>>>
> >>>>>> sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoCo
> >>>>>> nt
> >>>>>> ext.
> >>>>>> java>>>
> >>>>>>
> >>>>>> :450)>
> >>>>>> :
> >>>>>> at
> >>>>>> sun.security.jgss.GSSContextImpl.initSecContext(GSSContextIm
> >>>>>> pl
> >>>>>> .jav
> >>>>>> a:2
> >>>>>> 30) at
> >>>>>> sun.security.jgss.GSSContextImpl.initSecContext(GSSContextIm
> >>>>>> pl
> >>>>>> .jav
> >>>>>> a:1
> >>>>>> 62) at
> >>>>>>
> >>>>>> org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getToken
> >>>>>> (S
> >>>>>> pneg
> >>>>>> oAut hSupplier.java:100)>
> >>>>>>
> >>>>>> at
> >>>>>>
> >>>>>> org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getToken
> >>>>>> (S
> >>>>>> pneg
> >>>>>> oAut hSupplier.java:144)>
> >>>>>>
> >>>>>> at
> >>>>>>
> >>>>>> org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getAutho
> >>>>>> ri
> >>>>>> zati
> >>>>>> on(S pnegoAuthSupplier.java:77)>
> >>>>>>
> >>>>>> ... 12 more
> >>>>>>
> >>>>>> Caused by: GSSException: No valid credentials provided
> >>>>>> (Mechanism
> >>>>>> level: Failed to find any Kerberos tgt)
> >>>>>>
> >>>>>> at
> >>>>>>
> >>>>>> sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5Init
> >>>>>> Cr
> >>>>>> eden
> >>>>>> tial .java:130)>
> >>>>>>
> >>>>>> at
> >>>>>>
> >>>>>> sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Kr
> >>>>>> b5
> >>>>>> Mech
> >>>>>> Fact ory.java:106)>
> >>>>>>
> >>>>>> at
> >>>>>>
> >>>>>> sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb
> >>>>>> 5M
> >>>>>> echF
> >>>>>> acto ry.java:172)>
> >>>>>>
> >>>>>> at
> >>>>>>
> >>>>>> sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManage
> >>>>>> rI
> >>>>>> mpl.
> >>>>>> java>>>
> >>>>>>
> >>>>>> :209)>
> >>>>>> :
> >>>>>> at
> >>>>>> sun.security.jgss.GSSContextImpl.initSecContext(GSSContextIm
> >>>>>> pl
> >>>>>> .jav
> >>>>>> a:1
> >>>>>> 95) at
> >>>>>> sun.security.jgss.GSSContextImpl.initSecContext(GSSContextIm
> >>>>>> pl
> >>>>>> .jav
> >>>>>> a:1
> >>>>>> 62) at
> >>>>>>
> >>>>>> sun.security.jgss.spnego.SpNegoContext.GSS_initSecContext(SpNe
> >>>>>> go
> >>>>>> Cont
> >>>>>> ext. java:851)>
> >>>>>>
> >>>>>> at
> >>>>>>
> >>>>>> sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoCo
> >>>>>> nt
> >>>>>> ext.
> >>>>>> java>>>
> >>>>>>
> >>>>>> :309)>
> >>>>>> :
> >>>>>> ... 17 more
> >>>>>>
> >>>>>> Did I miss anything in my configuration?
> >>>>>>
> >>>>>> Thanks in advance!
> >
> > Raytion GmbH
> > Kaiser-Friedrich-Ring 74
> > 40547 Düsseldorf
> >
> > Fon +49-211-550266-0
> > Fax +49-211-550266-19
> >
> > [email protected]
> > http://www.raytion.com
>
> ---------------------------------------------
> Freeman Fang
>
> FuseSource
> Email:[email protected]
> Web: fusesource.com
> Twitter: freemanfang
> Blog: http://freemanfang.blogspot.com
--
Michael Sliwak, M.Sc.
Raytion GmbH
Kaiser-Friedrich-Ring 74
40547 Düsseldorf
Fon +49-211-550266-0
Fax +49-211-550266-19
[email protected]
http://www.raytion.com
