On 27.04.2016 10:27, Stéphane Thibaudeau wrote:
Hi,
I'm trying to deploy a webapp on Tomcat 8.0.33 running as a windows service..
The webapp is based on Spring Boot (not sure if relevant).
The webapp calls external SOAP web services that have been published on
another machine (by Navision, Microsft's ERP).
To authenticate and be able to call these web services I've created a class
extending java.net.Authenticator. This class overrides
getPasswordAuthentication() to return the domain, user and password to be
used to call the web services. This class is registered using
Authenticator.setDefault().
The problem I'm struggling with is the following :
- when I run my application in Eclipse using Spring boot's main class
everything is working fine.
- when I deploy the application using jetty-runner, everythin's working
fine too
- but when I deploy my war on Tomcat, my custom Authenticator class is
never called to get the required credentials to call the external Web
services.
The authenticator registration is made during the startup. I've checked
this in debug mode.
Using Wireshark I've been comparing the working and failing cases.
The working cases (Eclipse or Jetty) consist in this conversation :
=> POST /url/to/ws HTTP HTTP/1.1
<= HTTP/1.1 401 Unauthorized
=> POST /url/to/ws HTTP HTTP/1.1 , NTLMSSP_NEGOTIATE
<= HTTP/1.1 401 Unauthorized , NTLMSSP_CHALLENGE
=> POST /url/to/ws HTTP HTTP/1.1 , NTLMSSP_AUTH, User : MYDOMAIN\myuser
<= HTTP/1.1 200 OK
The failing case (Tomcat as windows service) consists in this conversation :
=> GET /url/to/ws HTTP HTTP/1.1
<= HTTP/1.1 401 Unauthorized
=> GET /url/to/ws HTTP HTTP/1.1 , NTLMSSP_NEGOTIATE
<= HTTP/1.1 401 Unauthorized , NTLMSSP_CHALLENGE
=> GET /url/to/ws HTTP HTTP/1.1 , NTLMSSP_AUTH, User : \
<= HTTP/1.1 403 Forbidden
I see 2 differences here. The use of GET instead of POST. I have no clue
why this happens, the code is exactly the same.
And there is no user/password provided, which seems to be consistent as my
authenticator does not get called.
At last, when I try to access the url from my browser I get the same
conversation as with Tomcat, but I can provide my credentials through the
prompt dialog and then access my WSDL.
This leads me to think that the GET vs POST may not be the problem.
Could someone explain what I could do now to be able to call my web
services ?
What other information would be useful ?
Independently of what your Authenticator does (on which I am not qualified to comment), I
do see a big difference above in your testing conditions :
- for the Eclipse and Jetty cases, I presume that you are running these under the Windows
user-id under which you are logged-in (which is a valid Windows Domain account)
- while for Tomcat, it runs as a Service
A question : under which user-id does the Tomcat Service run ?
If it is anything like "LocalSystem" or "LocalService", then it is no wonder that a
Windows Domain authentication doesn't work. These accounts are local, and have no access
to Window "domain resources".
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
