[Axis2] - Problem with authentication Negotiate
Hi,
I’m having a problem upgrading one application that uses axis2 version 1.6.0 to
the 1.8.2 version.
The situation is that I’m trying to connect to one IIS webservice from a linux
server, and the IIS use in the authentication Negotiate. In version 1.6.0 its
working using a custom class to handle the request.
I try to upgrade the client part to use axis2 1.8.2 but there are changes on
axis in HttpTransportProperties class that now doesn’t have Authenticator. I’m
trying to use the HttpTransportPropertiesImpl class but it’s not working.
Using HttpTransportPropertiesImpl I can’t use the custom class that handles the
Negotiate authentication. I’m going to expose the situation using the code.
This is the code using axis2 1.6.0, and using wsdl2java to create the stub
ProfilesStub stub = new ProfilesStub(wsURL); // Stub created by wsdl2java
System.setProperty("java.security.auth.login.config", kbr5LoginConfigFile);
System.setProperty("java.security.krb5.conf", kbr5ConfigFile);
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
System.setProperty("sun.security.krb5.debug", "true");
System.setProperty("sun.security.jgss.debug", "true");
System.setProperty("java.security.debug",
"logincontext,policy,scl,gssloginconfig");
AuthPolicy.unregisterAuthScheme("BASIC");
AuthPolicy.unregisterAuthScheme("DIGEST");
AuthPolicy.unregisterAuthScheme("NTLM");
ArrayList authSchemes = new ArrayList();
if ( AuthSchemeId.equals("Negotiate") ) // <-- I’m using AuthSchemeId=Negotiate
{
AuthPolicy.registerAuthScheme("Negotiate", NegotiateSchemeCustom.class);
//<-- the custom class that handles the Negotiate authentication
authSchemes.add("Negotiate");
}
else
{
if ( AuthSchemeId.equals("Kerberos") )
{
AuthPolicy.registerAuthScheme("Kerberos", KerberosSchemeCustom.class);
authSchemes.add("Kerberos");}
else
throw new Exception("Invalid authentication scheme '" +
(AuthSchemeId == null ? "(null)" : AuthSchemeId) + "'");
}
HttpTransportProperties.Authenticator auth = new
HttpTransportProperties.Authenticator();
auth.setDomain(userDomain);
auth.setHost((new URL(wsURL)).getHost());
java.util.Properties properties = new java.util.Properties();
// absolute from the classpath
String configFileName = "wsURL.config";
try
{
properties.load(new java.io.FileInputStream(configFileName));
}
catch ( Exception exception )
{
System.out.println("ERROR oppening file " + configFileName + "--");
System.out.println("EX:" + exception.getMessage() +"--");
}
String username = properties.getProperty("username");
String password = properties.getProperty("password");
auth.setUsername(username);
auth.setPassword(password);
auth.setAuthSchemes(authSchemes);
HttpParams params = DefaultHttpParams.getDefaultParams();
params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authSchemes);
Options options = stub._getServiceClient().getOptions();
options.setProperty(org.apache.axis2.transport.http.HTTPConstants.AUTHENTICATE,
auth);
options.setProperty(org.apache.axis2.transport.http.HTTPConstants.CHUNKED,
Boolean.FALSE);
options.setProperty(org.apache.axis2.transport.http.HTTPConstants.REUSE_HTTP_CLIENT,
"true");
stub._getServiceClient().setOptions(options);
GetUserInfo userInfo = GetUserInfo.Factory.newInstance(); // GetUserInfo
class created by wsdl2java
userInfo.setSUserName(userName);
userInfo.setSDomain(domain);
userInfo.setSApplication(application);
GetUserInfoDocument getUserInfoDocument =
GetUserInfoDocument.Factory.newInstance();// GetUserInfoDocument class created
by wsdl2java
getUserInfoDocument.setGetUserInfo(userInfo);
GetUserInfoResponseDocument response =
stub.getUserInfo(getUserInfoDocument); // getUserInfo method to invoke,
GetUserInfoResponseDocument class created by wsdl2java
String userData =
response.getGetUserInfoResponse().getGetUserInfoResult().toString();
And using trace on the NegotiateSchemeCustom.class I confirm that this class is
used
In the class
public NegotiateSchemeCustom () {
super();
state = UNINITIATED;
System.out.println("Created NegotiateSchemeCustom()");
}
The output
Jan 31, 2024 5:09:09 PM
org.apache.commons.httpclient.auth.AuthChallengeProcessor selectAuthScheme
INFO: negotiate authentication scheme selected
Created NegotiateSchemeCustom()
And the invocation is successful.
But when I try using 1.8.2 version
ProfilesStub stub = new ProfilesStub(wsURL); // Stub created by wsdl2java
version 1.8.2
System.setProperty("java.security.auth.login.config", kbr5LoginConfigFile);
System.setProperty("java.security.krb5.conf", kbr5ConfigFile);
System.setProperty("javax.security.auth.useSubjectCredsOnly", "fals
Re: [Axis2] - Problem with authentication Negotiate
It might take me a few days to look at this but I can probably help.
I'm about to make commits that upgrade Axis2 from httpclient 4.x to 5.x for
the next release and this feature will need to be fixed for that too.
On Wed, Feb 7, 2024 at 4:32 AM Luis Silva
wrote:
> Hi,
>
>
>
> I’m having a problem upgrading one application that uses axis2 version
> 1.6.0 to the 1.8.2 version.
>
> The situation is that I’m trying to connect to one IIS webservice from a
> linux server, and the IIS use in the authentication Negotiate. In version
> 1.6.0 its working using a custom class to handle the request.
>
> I try to upgrade the client part to use axis2 1.8.2 but there are changes
> on axis in HttpTransportProperties class that now doesn’t have
> Authenticator. I’m trying to use the HttpTransportPropertiesImpl class but
> it’s not working.
>
> Using HttpTransportPropertiesImpl I can’t use the custom class that
> handles the Negotiate authentication. I’m going to expose the situation
> using the code.
>
>
>
> This is the code using axis2 1.6.0, and using wsdl2java to create the stub
>
>
>
> *ProfilesStub stub = new ProfilesStub(wsURL); // Stub created by
> wsdl2java*
>
> *System.setProperty("java.security.auth.login.config",
> kbr5LoginConfigFile); *
>
> *System.setProperty("java.security.krb5.conf", kbr5ConfigFile);*
>
> *System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");*
>
>
>
> *System.setProperty("sun.security.krb5.debug", "true");*
>
> *System.setProperty("sun.security.jgss.debug", "true");*
>
> *System.setProperty("java.security.debug",
> "logincontext,policy,scl,gssloginconfig");*
>
>
>
> *AuthPolicy.unregisterAuthScheme("BASIC");*
>
> *AuthPolicy.unregisterAuthScheme("DIGEST");*
>
> *AuthPolicy.unregisterAuthScheme("NTLM");*
>
>
>
> *ArrayList authSchemes = new ArrayList();*
>
> *if ( AuthSchemeId.equals("Negotiate") ) // **ß** I’m using
> AuthSchemeId=Negotiate*
>
> *{*
>
> * AuthPolicy.registerAuthScheme("Negotiate",
> NegotiateSchemeCustom.class); //**ß** the custom class that handles the
> Negotiate authentication*
>
> * authSchemes.add("Negotiate");*
>
> *}*
>
> *else*
>
> *{*
>
> * if ( AuthSchemeId.equals("Kerberos") )*
>
> * {*
>
> *AuthPolicy.registerAuthScheme("Kerberos",
> KerberosSchemeCustom.class);*
>
> *authSchemes.add("Kerberos");}*
>
> *else*
>
> * throw new Exception("Invalid authentication scheme '" +
> (AuthSchemeId == null ? "(null)" : AuthSchemeId) + "'");*
>
> * }*
>
>
>
> * HttpTransportProperties.Authenticator auth = new
> HttpTransportProperties.Authenticator();*
>
> *auth.setDomain(userDomain);*
>
> *auth.setHost((new URL(wsURL)).getHost());*
>
> *java.util.Properties properties = new java.util.Properties();*
>
> *// absolute from the classpath*
>
> *String configFileName = "wsURL.config";*
>
> *try*
>
> *{*
>
> *properties.load(new java.io.FileInputStream(configFileName));*
>
> *}*
>
> *catch ( Exception exception )*
>
> *{*
>
> *System.out.println("ERROR oppening file " + configFileName +
> "--");*
>
> *System.out.println("EX:" + exception.getMessage() +"--");*
>
> *}*
>
> *String username = properties.getProperty("username");*
>
> *String password = properties.getProperty("password");*
>
>
>
> *auth.setUsername(username);*
>
> *auth.setPassword(password);*
>
>
>
> *auth.setAuthSchemes(authSchemes);*
>
>
>
> *HttpParams params = DefaultHttpParams.getDefaultParams();*
>
> *params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY,
> authSchemes);*
>
>
>
> *Options options = stub._getServiceClient().getOptions();*
>
> *
> options.setProperty(org.apache.axis2.transport.http.HTTPConstants.AUTHENTICATE,
> auth);*
>
> *
> options.setProperty(org.apache.axis2.transport.http.HTTPConstants.CHUNKED,
> Boolean.FALSE);*
>
> *
> options.setProperty(org.apache.axis2.transport.http.HTTPConstants.REUSE_HTTP_CLIENT,
> "true");*
>
>
>
> *stub._getServiceClient().setOptions(options);*
>
>
>
> * GetUserInfo userInfo = GetUserInfo.Factory.newInstance(); //
> GetUserInfo class created by wsdl2java*
>
> *userInfo.setSUserName(userName);*
>
> *userInfo.setSDomain(domain);*
>
> *userInfo.setSApplication(application);*
>
>
>
> *GetUserInfoDocument getUserInfoDocument =
> GetUserInfoDocument.Factory.newInstance();// GetUserInfoDocument class
> created by wsdl2java*
>
>
>
> * getUserInfoDocument.setGetUserInfo(userInfo); *
>
>
>
> *GetUserInfoResponseDocument response =
> stub.getUserInfo(getUserInfoDocument); // getUserInfo method to invoke,
> GetUserInfoResponseDocument class created by wsdl2java*
>
> *String userData =
> response.getGetUserInfoResponse().getGetUserInfoResult().toString();*
>
>
>
> And using trace on the NegotiateSchemeCustom.class I confirm that this
> clas
RE: [Axis2] - Problem with authentication Negotiate
Hi Robert,
All help is welcome. If necessary, I’m available to help with testing.
Best Regard’s,
Luis Silva
From: robertlazarski
Sent: Wednesday, 7 February 2024 15:29
To: java-user@axis.apache.org
Subject: Re: [Axis2] - Problem with authentication Negotiate
It might take me a few days to look at this but I can probably help.
I'm about to make commits that upgrade Axis2 from httpclient 4.x to 5.x for the
next release and this feature will need to be fixed for that too.
On Wed, Feb 7, 2024 at 4:32 AM Luis Silva
mailto:luis.gc.si...@redshift.pt.invalid>>
wrote:
Hi,
I’m having a problem upgrading one application that uses axis2 version 1.6.0 to
the 1.8.2 version.
The situation is that I’m trying to connect to one IIS webservice from a linux
server, and the IIS use in the authentication Negotiate. In version 1.6.0 its
working using a custom class to handle the request.
I try to upgrade the client part to use axis2 1.8.2 but there are changes on
axis in HttpTransportProperties class that now doesn’t have Authenticator. I’m
trying to use the HttpTransportPropertiesImpl class but it’s not working.
Using HttpTransportPropertiesImpl I can’t use the custom class that handles the
Negotiate authentication. I’m going to expose the situation using the code.
This is the code using axis2 1.6.0, and using wsdl2java to create the stub
ProfilesStub stub = new ProfilesStub(wsURL); // Stub created by wsdl2java
System.setProperty("java.security.auth.login.config", kbr5LoginConfigFile);
System.setProperty("java.security.krb5.conf", kbr5ConfigFile);
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
System.setProperty("sun.security.krb5.debug", "true");
System.setProperty("sun.security.jgss.debug", "true");
System.setProperty("java.security.debug",
"logincontext,policy,scl,gssloginconfig");
AuthPolicy.unregisterAuthScheme("BASIC");
AuthPolicy.unregisterAuthScheme("DIGEST");
AuthPolicy.unregisterAuthScheme("NTLM");
ArrayList authSchemes = new ArrayList();
if ( AuthSchemeId.equals("Negotiate") ) // <-- I’m using AuthSchemeId=Negotiate
{
AuthPolicy.registerAuthScheme("Negotiate", NegotiateSchemeCustom.class);
//<-- the custom class that handles the Negotiate authentication
authSchemes.add("Negotiate");
}
else
{
if ( AuthSchemeId.equals("Kerberos") )
{
AuthPolicy.registerAuthScheme("Kerberos", KerberosSchemeCustom.class);
authSchemes.add("Kerberos");}
else
throw new Exception("Invalid authentication scheme '" +
(AuthSchemeId == null ? "(null)" : AuthSchemeId) + "'");
}
HttpTransportProperties.Authenticator auth = new
HttpTransportProperties.Authenticator();
auth.setDomain(userDomain);
auth.setHost((new URL(wsURL)).getHost());
java.util.Properties properties = new java.util.Properties();
// absolute from the classpath
String configFileName = "wsURL.config";
try
{
properties.load(new java.io.FileInputStream(configFileName));
}
catch ( Exception exception )
{
System.out.println("ERROR oppening file " + configFileName + "--");
System.out.println("EX:" + exception.getMessage() +"--");
}
String username = properties.getProperty("username");
String password = properties.getProperty("password");
auth.setUsername(username);
auth.setPassword(password);
auth.setAuthSchemes(authSchemes);
HttpParams params = DefaultHttpParams.getDefaultParams();
params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authSchemes);
Options options = stub._getServiceClient().getOptions();
options.setProperty(org.apache.axis2.transport.http.HTTPConstants.AUTHENTICATE,
auth);
options.setProperty(org.apache.axis2.transport.http.HTTPConstants.CHUNKED,
Boolean.FALSE);
options.setProperty(org.apache.axis2.transport.http.HTTPConstants.REUSE_HTTP_CLIENT,
"true");
stub._getServiceClient().setOptions(options);
GetUserInfo userInfo = GetUserInfo.Factory.newInstance(); // GetUserInfo
class created by wsdl2java
userInfo.setSUserName(userName);
userInfo.setSDomain(domain);
userInfo.setSApplication(application);
GetUserInfoDocument getUserInfoDocument =
GetUserInfoDocument.Factory.newInstance();// GetUserInfoDocument class created
by wsdl2java
getUserInfoDocument.setGetUserInfo(userInfo);
GetUserInfoResponseDocument response =
stub.getUserInfo(getUserInfoDocument); // getUserInfo method to invoke,
GetUserInfoResponseDocument class created by wsdl2java
String userData =
response.getGetUserInfoResponse().getGetUserInfoResult().toString();
And using trace on the NegotiateSchemeCustom.class I confirm that this class is
used
In the class
public NegotiateSchemeCustom () {
super();
state = UNINITIATED;
System.out.println("Created NegotiateSchem
