There is a small section on NTLM stuff at the bottom of: http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
The main suggestion is to use Java6 and CXF 2.2.6 (or preferrably 2.2.7 when I build that in the next couple days which fixes a potential bug in this area). With NTLM built into the JDK, it becomes much easier. Just set the username and password like normal basic auth and it pretty much will just work. Dan On Monday 15 March 2010 9:42:54 am Bruno Melloni wrote: > Ron, I've had no problems writing clients for 'normal' web services written > in .NET. > > > > Nate, yes, it is Great Plains, written by Microsoft. It seems to not be > WS-S, but rather NTLM authentication in the headers (captured and included > below). I found the following article discussing HTTP client stacks that > can deal with NTLM authentication: > http://oaklandsoftware.com/papers/ntlm.html. I also found the following > the following thread from 2008 on how somebody managed to make it work > with CXF in a programmatic way: > http://old.nabble.com/NTLM-Support--td16447079.html. It mentions a link > to the CXF wiki, but it has since gone dead. In case it is relevant, I am > using CXF 2.2.2. > > > > The questions that remain are: > > > > - Has CXF evolved since 2008 so that there is a cleaner way to use NTLM > authentication? > > - How to translate the programmatic solution to something that can be > put in the Spring context file, perhaps as properties under the > <jaxws:client> tag? > > > > If the answer to my questions is obvious I apologize for my ignorance. I > am quite comfortable with the Spring-based approach to CXF but I am still > not very familiar with doing CXF without it. > > > > Thanks. > > > > ----- > > HEADERS: > > > > POST http://ddusek1108:88/DynamicsGPWebServices/DynamicsGPService.asmx > HTTP/1.1 > > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client > Protocol 2.0.50727.832) > > VsDebuggerCausalityData: > uIDPo5dDV8l0LwpLmWT/FsojNsYAAAAAHmXIxE8tmEaZBSfNmWFGWEGujufiJq5JoaaQyRTzT2 > gACAAA > > Content-Type: text/xml; charset=utf-8 > > SOAPAction: > "http://schemas.microsoft.com/dynamics/gp/2006/01/GetCustomerList"; > > Authorization: NTLM > TlRMTVNTUAADAAAAGAAYAHwAAAAYABgAlAAAABgAGABIAAAACAAIAGAAAAAUABQAaAAAABAAEA > CsAAAANYKI4gUCzg4AAAAPbgBvAHIAdABoAGEAbQBlAHIAaQBjAGEAcAByAG8AdABEAEQAVQBTA > EUASwAxADEAMAA4AAKY0Sa9Kp9OAAAAAAAAAAAAAAAAAAAAAKvDCPBVwuwaRtfaI/6mTH6Pms+c > gk2JNgmzIC1jRA2cWXofHirtcb0= > > Host: ddusek1108:88 > > Content-Length: 626 > > Expect: 100-continue > > > > <?xml version="1.0" encoding="utf-8"?><soap:Envelope > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:xsd="http://www.w3.org/2001/XMLSchema";><soap:Body><GetCustomerList > xmlns="http://schemas.microsoft.com/dynamics/gp/2006/01";><criteria><Name>< > Like>%</Like></Name><Scope>Return All</Scope></criteria><Context > xmlns="http://schemas.microsoft.com/dynamics/2006/01";><OrganizationKey > xsi:type="CompanyKey"><Id>-1</Id></OrganizationKey><CultureName>en-US</Cul > tureName><CurrencyType>Transactional</CurrencyType></Context></GetCustomerL > ist></soap:Body></soap:Envelope> > > > > ----- > > > > -----Original Message----- > From: Nate Woody [mailto:na...@cac.cornell.edu] > Sent: Thursday, March 11, 2010 8:40 AM > To: users@cxf.apache.org > Subject: RE: Service authentication credentials > > > > I've been forced to write quite a few CXF clients to Microsoft services, > > I think the mailing list is littered with my questions about that. Is > > this a service someone developed using Microsoft tools, or a service > > produced by Microsoft? That's a Great Plains reference? I've often had > > trouble with figuring the security mechanism from a MS wsdl, so I tend > > to go pragmatic and start here: > > > > 1) What does the service reply with when you call it from CXF? If it's > > something as simple as WS-S, you ought to get a complaint about missing > > security headers. > > > > 2) It sounds like you have a functional .NET implementation. Log the > > packets from that implementation and take a look at what's going in. > > > > Best, > > Nate > > > > > > -----Original Message----- > > From: Bruno Melloni [mailto:bruno.mell...@chickasaw.net] > > Sent: Thursday, March 11, 2010 9:20 AM > > To: 'users@cxf.apache.org' > > Subject: Service authentication credentials > > > > I am trying to access a Microsoft-developed service that requires > > authentication. Being Microsoft, they do not document anything at the > > web service level since they want you to use Visual Studio which creates > > a .NET proxy that is capable of using NTLM to supply the > > username/password to the underlying web service. I *think* that they > > are following web services standards for the underlying web service. > > > > Of course, I am trying to use a CXF client to access the underlying web > > service from Java. I used wsdl2java to generate the java classes, but I > > see no credentials-related information (which you do see in the .NET > > proxy). That makes me suspect that they must be in the stored in the > > SOAP headers and that in CXF we access them in a different way. > > > > I could use any clues on how to: > > > > a) Figure out how authentication is being done for this web service. > > > > b) Figure out how to provide the credentials to the web service when > > called. I am using the Spring approach to get the CXF client proxy and > > my current configuration looks like: > > > > <jaxws:client id="gpClient" > > address="http://myServer.myDomain/DynamicsGPWebServices/DynamicsGPServic > > e.asmx" > > > > serviceClass="com.microsoft.schemas.dynamics.gp._2006._01.DynamicsX0020G > > PSoap" /> > > > > Needless to say, my experience with CXF is not too deep (created and > > called a few services via the Spring method - the simplest), and my > > knowledge of web services authentication is zero. Unfortunately CXF's > > documentation isn't very helpful for someone at my stage of learning > > CXF. I'll appreciate any help I can get. > > > > I tried to attach a copy of the WSDL for the service that I'm trying to > > access, but it exceeds the size limits for this mailing list. -- Daniel Kulp dk...@apache.org http://dankulp.com/blog
