Ravings of an Intermittent Fool - Using Apache Axis with Integrated Windows Security

Using Apache Axis with Integrated Windows Security

2005-11-21T23:43:53-05:00

I haven't seen a single place that describes everything that you need to do in order to use Apache Axis to access web services that are protected using IIS's Integrated Windows Authentication (or NTLM) scheme. Its not very hard to get the product to support it, but the documentation isn't all in one place. In order for Axis to support Integrated Windows Authentication, you need to tell the Axis client to use a different class for HTTP communications. In Axis parlance, these classes are called Handlers, that is they are subclasses of Handler. By default, the Axis client uses the HTTPSender for its communications. The CommonsHTTPSender however is the one that supports Integrated Windows Authentication. The easiest way to use to instruct the Axis client to use this class for HTTP communications is to create a custom client-config.wsdd file. Here is a simple one that enables using the CommonsHTTPSender class for HTTP communication: One easy way to make sure that Axis notices your configuration file is to store this file in the classpath at the location org/apache/axis/client. The client will find this configuration file dynamically at runtime. There are several other ways configure the Axis client that may be more appropriate to your situation. Lastly, make sure your classpath includes Apache Jakarta Commons Http Client and Apache Jakarta Commons Codec. If you are using Apache Axis 1.3, you must use the 3.x series of Http Client. Once you have done this, you should be able to use Apache Axis against web services that are protected by Integrated Windows Authentication. Update: To answer Yuhua's question from below, specifing usernames and passwords is no different than any other Axis based webservice. For whatever generated class implements the Stub interface, you can call the setUsername(String) and setPassword(String) methods. The username component would consist of your domain name as well as your username, seperated by a backslash.

Chandra Sekhar Tondepu comments on Using Apache Axis with Integrated Windows Security

2007-03-03T23:59:13-05:00

Greetings Everyone! I'm trying to give an attempt to understand and solve the problem of accessing secured webservice under windows iis by asking few questions. 1) There are request play back tools to identify how the request is hitting the webservice under windows security zone? It might give some clues as to how does the basic vs. IWA requests being received and processed. 2) Can credential information be sent through SOAP headers to perform customer authentication? There is a concept called composite web services which allows to access the target web service (secured one) through an intermediary web service (unsecured one / basic one). Is there an option to explore this? 3) Okay when the web service is running in basic mode which I assume that the authentication requirement is made as anonymous. I guess to force the authentication, ACL on the webservice itself can be set like this. I dont have knowledge on windows, but if these questions are guiding to get a resolution, you can share your experiences with me at chandrasekhar.tondepu@gmail.com. Wish you happy resolution & successful integration!

Steven Hines comments on Using Apache Axis with Integrated Windows Security

2007-04-17T12:11:12-05:00

Mark, First of all, thanks for the incredibly easy to read guide. I've been struggling through web services for a few weeks now and I think it's fair to say that "easy to read" cannot usually be used to describe most of the documentation out there. I had a problem using Commons HttpClient with NTLMv2 which Apache admit here. I found my solution at Oakland Software - pricey, but cheaper than me buying a whole new head of hair... ;-) Hope this helps anyone out there who's been scratching their heads.

Cullan comments on Using Apache Axis with Integrated Windows Security

2007-04-18T18:31:57-05:00

You are the man! There is no way I could have figured this out without your article. Thanks very much Cullan

DT comments on Using Apache Axis with Integrated Windows Security

2007-06-21T09:13:11-05:00

Does this apply to Axis 2.0 also?

Kapil comments on Using Apache Axis with Integrated Windows Security

2007-07-11T00:14:49-05:00

I am trying to use axis to consume the .NET Web Services in java. The problem i am facing is that the time i restart my machine, the Web Service works fine for the first time. Subsequently there is error Access Denied(401) Please help. Thanks in advance Kapil

Kapil comments on Using Apache Axis with Integrated Windows Security

2007-07-11T00:30:55-05:00

I am trying to use axis to consume the .NET Web Services hosted on IIS in java. If i turn on Basic Authentication, i am able to consume web services. But when i turn on Integrated Windows Authentication; The problem i face is that the time i restart my machine, the Web Service works fine for the first time. Subsequently there is error Access Denied(401) Please help. Thanks in advance Kapil

Santosh comments on Using Apache Axis with Integrated Windows Security

2007-09-20T02:27:14-05:00

Hi Mark, I am agree with your point that "I haven't seen a single place that describes everything that you need to do in order to use Apache Axis to access web services that are protected using IIS's Integrated Windows Authentication (or NTLM) scheme" But sorry for that Again you have done same thing. you have not describe it clearly. please put example with it. that make more sense.

san comments on Using Apache Axis with Integrated Windows Security

2007-09-26T11:50:02-05:00

Hi all, I am trying to use axis1.2RC to consume the .NET Web Services hosted on IIS with Integrated Windows Authentication. I have to set responseBean object in their service method like - objStub.updateStatus(responseBean); i have tryied it in two different way to consume the .NET web service : 1. setting the UserName and Password in stub - try { Booking responseBean = objBean.bookingResponse(response); // getting populate bean values String url = "https://san.vie.ca/order/travel.asmx"; SampleOrderUpdateSoapStub objStub = new SampleOrderUpdateSoapStub(); objStub._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY, "svc_san-verinf"); // also used "DOMAIN\\svc_san-verinf" objStub._setProperty(javax.xml.rpc.Stub.PASSWORD_PROPERTY, "password123"); // i have also tested Call.USERNAME_PROPERTY and //Call.PASSWORD_PROPERTY not working objStub._setProperty(javax.xml.rpc.Stub.ENDPOINT_ADDRESS_PROPERTY, url); objStub.updateStatus(responseBean); // response Bean is assigned in Stub method updateStatus. } Without security setting it's working fine, no problem But when security enabled in IIS then below exception is thrown : AxisFault (401)Unauthorized You are not authorized to view this page You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept. ------------------------------------ HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration.Internet Information Services (IIS) 2. So, i tried this using HTTPClient it's working only to connect service but i have to populate the responseBean object in their service method like - objStub.updateStatus(responseBean). Here it's failure. 1st it's authenticate when using HTTPClient but when try to invoke Stub method then it's again throwing exception : AxisFault (401)Unauthorized You are not authorized to view this page You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept. ------------------------------------ HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration.Internet Information Services (IIS) HTTPClient Code : HttpClient httpClient = new HttpClient(); List authPrefs = new ArrayList(2); authPrefs.add(AuthPolicy.NTLM); String secProviderName = "com.sun.crypto.provider.SunJCE"; java.security.Provider secProvider = (java.security.Provider) Class.forName(secProviderName).newInstance(); Security.addProvider(secProvider); //authPrefs.add(AuthPolicy.BASIC); // This will exclude the NTLM authentication scheme httpClient.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPrefs); Credentials credentials = new NTCredentials("svc_san-verinf", "password123", "ip address", "DOMAINNAME"); httpClient.getState().setCredentials(AuthScope.ANY, credentials); HttpMethodBase method = new GetMethod("https://san.vie.ca/order/travel.asmx"); try { method.setDoAuthentication(true); int returnCode = httpClient.executeMethod(method); } catch (HttpException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } This code is working fine only to connect the service, however when i invoke their service method like - objStub.updateStatus(responseBean) after ....int returnCode = httpClient.executeMethod(method); it gives (401)Unauthorized AND HTTP Error 401.2. i am googling for this more than one week. Help me...... How to solve this problem................... Thanx in advance.

PradeepSM comments on Using Apache Axis with Integrated Windows Security

2007-10-13T03:46:58-05:00

Hi, I want to call .net web service from java swings application through apache axis. The wsdl file exposing the .net web service is already built. I want to know how the java client can call the web service using this wsdl file. Response with code samples would be greatly appriciated.

Ryan comments on Using Apache Axis with Integrated Windows Security

2007-12-12T12:22:07-05:00

I also am getting the 401 Unauthorized error. It seems to stem from the fact that Commons HttpClient only supports NTLMv1, and not NTLMv2 which is much more common in corporate environments. Is there any way any one has been able to circumvent this problem?

Arivazhagan comments on Using Apache Axis with Integrated Windows Security

2008-01-24T14:16:29-05:00

Mark, How to get the credentials in the server side that is sent through HTTPClient. Thanks, Arivu

Kaushik Sen comments on Using Apache Axis with Integrated Windows Security

2008-04-04T03:10:38-05:00

I am tring the access the deployed Siebel component extract (done using the Web UI DDK) in weblogic 8.1 workshop. The code gets compiled successfully but once trying to login (using SADMIN/SADMIN) through login.jsp, its throws AxisFault faultCode: unauthrorized access faultSubcode: faultString: (401)Access Denied The webservice is hosted in IIS server (we tried both 6.0 and 5.1) Axis version 1.1 Is there any way out from this??? Please help!! Kaushik

Daniel Wayland comments on Using Apache Axis with Integrated Windows Security

2008-04-08T15:21:28-05:00

for all you 401 unauthorized cats - try this System.setProperty("httpclient.authentication.preemptive", "true");

John comments on Using Apache Axis with Integrated Windows Security

2008-08-07T13:51:00-05:00

This does not work for NTLMv2 because HTTPClient does not work with NTLMv2. Use JAX-WS or go here for a fix. http://issues.apache.org/jira/browse/HTTPCLIENT-579

Mário Barbosa comments on Using Apache Axis with Integrated Windows Security

2008-10-02T12:12:30-05:00

Hi! Thanks for the incredibly usefull info, Mark. I'm able to invoke a NTLM-protected WebService both through Tomcat and a pure-Java stand-alone client, both using JAVA 1.5. It so happens that when I change to JAVA 1.3, I get the feared "401 Unauthorized" message. I installed JCE (lib\ext) on my JVM and even added a JCE provider for JDK1.3 (bouncycastle) to my classpath, since I got a javax.crypto error first. What could be the cause for this different behaviour? Anyone? thanks in advance