On Jan 17, 2013, at 5:02 AM, Andrei Shakirin <[email protected]> wrote:
> Hi, > > I don't find configuration regarding authorization cache in CXFAuthenticator > and URLConnectionHTTPConduit, but would like to ask Dan to be 100% sure. > Patch from you is also always welcome. I certainly would not advocate going down any route of modifying or replacing the behavior of any of the sun.* packages. For one, not all JDK's even have all of those classes or they may be completely different. For this particular case, I'd recommend: 1) Log a bug with Oracle about the NTLM cache thing and connections. That seems like a security problem to me. 2) You can fix it by forcing a close after the request by turning off the keep-alives. Performance will suck though, particularly with NTLM + SSL which requires a LOT of back and forth to setup the connection. :-( 3) WIth CXF 2.7.x, you can try using the Async http client. I think we use the Principal as part of the cache for that. Dan > > Regards, > Andrei. > > From: wanglilai [mailto:[email protected]] > Sent: Dienstag, 15. Januar 2013 17:41 > To: Andrei Shakirin > Subject: Re:RE: CXF client to support multi-user > > > Hi Andrei, > > > > Thanks for looking into this. I just found the root cause, this is NTLM > specific problem, since it's connection based, Authorization header is not > used at all, instead HTTPUrlConnections delegates connection to > sun.net.www.protocol.https.HttpsURLConnectionImpl which is getting > serverAuthorization via java.net.Authenticator. > requestPasswordAuthentication(), and then maintain authorization info in > sun.net.www.protocol.http.AuthCacheValue.cache, however the cacheKey > comprises of host/port/protocol/realm which is the same for two of my > requests. > > My workaround is to disable the cache by overriding > sun.net.www.protocol.http.AuthCacheValue.cache, if CXF can provide some > configuration ability regarding the auth cache, it would be great. > > > > Thanks, > > -Roger > > > At 2013-01-14 17:25:40,"Andrei Shakirin" > <[email protected]<mailto:[email protected]>> wrote: > >> Hi, > >> > >> Cannot reproduce your problem under CXF 2.7.X. > >> > >> The code: > >> JaxWsProxyFactoryBean factory1 = new JaxWsProxyFactoryBean(); > >> factory1.getInInterceptors().add(new LoggingInInterceptor()); > >> factory1.getOutInterceptors().add(new LoggingOutInterceptor()); > >> factory1.setAddress("http://localhost:9001/helloWorld";); > >> HelloWorld hello1 = factory1.create(HelloWorld.class); > >> org.apache.cxf.endpoint.Client client1 = ClientProxy.getClient(hello1); > >> HTTPConduit conduit1 = (HTTPConduit)client1.getConduit(); > >> conduit1.getAuthorization().setAuthorizationType("NTLM"); > >> conduit1.getAuthorization().setUserName("XXXuser12"); > >> conduit1.getAuthorization().setPassword("XXXpwd12"); > >> > >> JaxWsProxyFactoryBean factory2 = new JaxWsProxyFactoryBean(); > >> factory2.getInInterceptors().add(new LoggingInInterceptor()); > >> factory2.getOutInterceptors().add(new LoggingOutInterceptor()); > >> factory2.setAddress("http://localhost:9001/helloWorld";); > >> HelloWorld hello2 = factory2.create(HelloWorld.class); > >> org.apache.cxf.endpoint.Client client2 = ClientProxy.getClient(hello2); > >> HTTPConduit conduit2 = (HTTPConduit)client2.getConduit(); > >> conduit2.getAuthorization().setAuthorizationType("NTLM"); > >> conduit2.getAuthorization().setUserName("YYYuser22"); > >> conduit2.getAuthorization().setPassword("YYYpwd22"); > >> > >> System.out.println(hello1.sayHi("World")); > >> System.out.println(hello2.sayHi("World")); > >> > >> Sends different Authorization header for each request and use different >> conduits as well as HTTPUrlConnections. > >> Which CXF version do you use? > >> > >> Cheers, > >> Andrei. > >> > >>> -----Original Message----- > >>> From: wanglilai [mailto:[email protected]] > >>> Sent: Freitag, 11. Januar 2013 17:01 > >>> To: [email protected]<mailto:[email protected]> > >>> Subject: CXF client to support multi-user > >>> > >>> Hi, > >>> > >>> I am using CXF client to connect to Exchange WebService, and I need to > >>> support multiple users in the runtime. > >>> > >>> I did something like this: > >>> > >>> .... > >>> > >>> JaxWsProxyfactoryBean factory1 = new JaxWsProxyfactoryBean(); > >>> > >>> factory1.setServiceClass(exchangeServicePortType.class); > >>> > >>> factory1.setAddress(url); > >>> > >>> exchangeServicePortType exchangeService1 = > >>> (exchangeServicePortType) factory1 > >>> > >>> .create(); > >>> > >>> Client proxy = ClientProxy.getClient(exchangeService1); > >>> > >>> HTTPconduit conduit1 = (HTTPconduit) proxy.getconduit(); > >>> > >>> ...... > >>> > >>> conduit1.getAuthorization().setAuthorizationType("NTLM"); > >>> > >>> conduit1.getAuthorization().setUserName(userName1); > >>> > >>> conduit1.getAuthorization().setPassword(password1); > >>> > >>> exchangeService1.getItem(....); > >>> > >>> > >>> > >>> > >>> > >>> JaxWsProxyfactoryBean factory2 = new >>> JaxWsProxyfactoryBean(); > >>> > >>> factory2.setServiceClass(exchangeServicePortType.class); > >>> > >>> factory2.setAddress(url); > >>> > >>> exchangeServicePortType exchangeService2 = > >>> (exchangeServicePortType) factory2 > >>> > >>> .create(); > >>> > >>> Client proxy = ClientProxy.getClient(exchangeService2); > >>> > >>> HTTPconduit conduit2 = (HTTPconduit) proxy.getconduit(); > >>> > >>> > >>> > >>> ...... > >>> > >>> conduit2.getAuthorization().setAuthorizationType("NTLM"); > >>> > >>> conduit2.getAuthorization().setUserName(userName2); > >>> > >>> conduit2.getAuthorization().setPassword(password2); > >>> > >>> exchangeService2.getItem(....); > >>> > >>> > >>> > >>> Basically I created 2 services with different username/password, I am > >>> expecting the CXF client to use different credentials for 2 requests, but I > >>> found out it's always using the same credential(userName1/password1), > >>> even on 2nd request. As I know NTLM is connection based, the CXF will > >>> create a new HttpURLConnection per request. However HttpURLConnection > >>> instances could share the underlying network connection. > >>> > >>> Much appreciated if there is any workaround to solve my multi-user case. > >>> > >>> > >>> > >>> Thanks, > >>> > >>> -Roger -- Daniel Kulp [email protected] - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com
