Sorry, my fault. I modified the code to simplify it. It should be:
Client client= ClientProxy.getClient(port);
HTTPConduit conduit = (HTTPConduit) client.getConduit();
HTTPClientPolicy policy= new HTTPClientPolicy();
policy.setAllowChunking(false);
conduit .setClient(policy);
AuthorizationPolicy auth = new AuthorizationPolicy();
auth.setAuthorizationType("Negotiate");
conduit.setAuthorization(auth);
#####
here is the original:
Dms3SystemWebServiceService systemWebService;
systemWebService = new Dms3SystemWebServiceService(null);
systemWebService.addPort(
Dms3SystemWebServiceService.Dms3SystemWebService,
SOAPBinding.SOAP11HTTP_BINDING,
systemEndpoint);
Dms3SystemWebService systemPort =
systemWebService.getDms3SystemWebService();
((BindingProvider) systemPort).getRequestContext().put(
BindingProvider.SESSION_MAINTAIN_PROPERTY,
true);
Client systemClient = ClientProxy.getClient(systemPort);
systemClient.getInInterceptors().add(new
LoggingInInterceptor());
systemClient.getOutInterceptors().add(new
LoggingOutInterceptor());
HTTPConduit systemConduit = (HTTPConduit)
systemClient.getConduit();
HTTPClientPolicy systemPolicy = new HTTPClientPolicy();
systemPolicy.setAllowChunking(true);
systemConduit.setClient(systemPolicy);
AuthorizationPolicy systemAuthPol = new
AuthorizationPolicy();
systemAuthPol.setAuthorizationType("Negotiate");
systemConduit.setAuthorization(systemAuthPol);
this.sessionId = systemPort.connect(this.mainMandator);
System.out.println("Session: "+sessionId);
#####
Like I said. I got a working code, that works with 2.2.6 but doesnt with
2.4.0. It does the same but is not as clean as your changes:
## KerberosConnectorTest.Java
@Test
public void testKerberos() throws KerberosTicketForwardingException{
Dms3SystemWebServiceService systemWebService;
systemWebService = new Dms3SystemWebServiceService(null);
systemWebService.addPort(
Dms3SystemWebServiceService.Dms3SystemWebService,
SOAPBinding.SOAP11HTTP_BINDING,
systemEndpoint);
Dms3SystemWebService systemPort =
systemWebService.getDms3SystemWebService();
((BindingProvider) systemPort).getRequestContext().put(
BindingProvider.SESSION_MAINTAIN_PROPERTY,
true);
TicketProvider provider = new KerberosServiceTicketProvider(
targetPrincipal);
KerberosAuthenticationHelper.setupKerberosAuthentication(provider,
systemPort);
this.sessionId = systemPort.connect(this.mainMandator);
}
## KerberosServiceTicketProvider.java
public class KerberosServiceTicketProvider implements TicketProvider {
protected String targetPrincipal = null;
public KerberosServiceTicketProvider(String targetPrincipal) {
this.targetPrincipal = targetPrincipal;
}
public String getEncodedTicket() throws
KerberosTicketForwardingException {
// Must be set to "false"
if(System.getProperty("javax.security.auth.useSubjectCredsOnly") !=
"false") {
log.warn("The java system property
javax.security.auth.useSubjectCredsOnly should be set to \"false\". You
might have problems with kerberos ticket forwarding");
}
byte[] tokenForEndpoint = new byte[0];
GSSManager manager = GSSManager.getInstance();
GSSContext context = null;
try {
// Kerberos
// Oid mechOid = new Oid("1.2.840.113554.1.2.2");
// SPNEGO
Oid mechOid = new Oid("1.3.6.1.5.5.2");
// now create the spnego token to send to the
endpoint:
// create target server SPN
log.debug("Endpoint: " + targetPrincipal);
GSSName gssServerName =
manager.createName(targetPrincipal,
GSSName.NT_USER_NAME);
// ...and create a new context pretending to be the
caller
context = manager.createContext(gssServerName
.canonicalize(mechOid), mechOid, null,
GSSContext.DEFAULT_LIFETIME);
log.debug("Context Established! ");
log.debug("Server principal is " +
context.getTargName());
// this should be an option: enable GSS credential
delegation
context.requestCredDeleg(true);
// create a SPNEGO token for the target server
tokenForEndpoint =
context.initSecContext(tokenForEndpoint,
0, tokenForEndpoint.length);
} catch(GSSException e) {
throw new KerberosTicketForwardingException("Error
while creating a forwardable ticket for the backend system with principal "
+ targetPrincipal, e);
} finally {
if (context != null)
try { context.dispose(); } catch
(GSSException e) {/* Ignore */}
}
return Base64Utility.encode(tokenForEndpoint);
}
}
## KerberosAuthenticationHelper.java
public class KerberosAuthenticationHelper {
public static void setupKerberosAuthentication(TicketProvider
ticketProvider, Object cxfClientPort) throws
KerberosTicketForwardingException {
String forwardableToken;
try {
forwardableToken = ticketProvider.getEncodedTicket();
log.debug("Got ticket " + forwardableToken + " to
forward");
} catch (Exception e) {
throw new KerberosTicketForwardingException("Error
while acquiring kerberos ticket for calling a web service", e);
}
Client serviceClient = ClientProxy.getClient(cxfClientPort);
HTTPConduit http = (HTTPConduit) serviceClient.getConduit();
String HTTP_HEADER_NEGOTIATE = "Negotiate";
AuthorizationPolicy authPolicy = http.getAuthorization();
authPolicy.setAuthorization(forwardableToken);
authPolicy.setAuthorizationType(HTTP_HEADER_NEGOTIATE);
}
}
