Hi cxf gurus, I’m using cxf 2.6.0 and trying to implement something like a proxy between cxf service protected by the basic authentication and sharepoint server that is protected by NTLM authentication. Most of the client of this cxf service support only Basic auth. So the main issue is to pass Basic credentials retrieved by the proxy as NTML credentials to sharepoint service.
As far as I know cxf 2.7 supports async conduits which support setting of the NTLM credentials on the fly [https://cxf.apache.org/docs/asynchronous-client-http-transport.html]. However 2.6.0 – does not. I see the following two ways of resolving this issue: 1. Implement HttpAuthSupplier that implements NTML handshake. 2. Implement interceptor, like the following one public class DelegatingAuthOutInterceptor extends AbstractPhaseInterceptor<Message> { public BasicDelegatingAuthOutInterceptor() { super(Phase.POST_LOGICAL); } @Override public void handleMessage(Message message) throws Fault { @SuppressWarnings("unchecked") Map<String, List<String>> headers = (Map<String, List<String>>) message.get(Message.PROTOCOL_HEADERS); String[] creds = parseCredentials(headers.get("Authorization")); If(creds == null || creds.length != 2) { return; } Exchange exchange = message.getExchange(); Endpoint endpoint = exchange.getEndpoint(); EndpointInfo endpointInfo = endpoint.getEndpointInfo(); Conduit conduit = exchange.getConduit(message); if (conduit instanceof HTTPConduit) { HTTPConduit httpConduit = (HTTPConduit) conduit; AuthorizationPolicy policy = new AuthorizationPolicy(); policy.setUserName(creds[0]); policy.setPassword(creds[1]); HTTPConduit newConduit = new HTTPConduit(exchange.getBus(), endpointInfo, endpointInfo.getTarget()); newConduit.setAuthorization(policy); newConduit.setAuthSupplier(httpConduit.getAuthSupplier()); newConduit.setClient(httpConduit.getClient()); newConduit.setMessageObserver(httpConduit.getMessageObserver()); newConduit.setProxyAuthorization(httpConduit.getProxyAuthorization()); newConduit.setProxyAuthSupplier(httpConduit.getProxyAuthSupplier()); exchange.setConduit(newConduit); } } } So, I’m wondering what is the recommended way of solving the issue like above. Best Regards, Sergey Zhemzhitsky _______________________________________________________ CONFIDENTIALITY NOTICE: This email and any files attached to it may be confidential. If you are not the intended recipient you are notified that using, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error please notify the sender and delete this email.
