Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apache CXF - Kerberos Authentication Invocation error #4

Open
Remya-Thomas opened this issue Jan 14, 2016 · 0 comments
Open

Apache CXF - Kerberos Authentication Invocation error #4

Remya-Thomas opened this issue Jan 14, 2016 · 0 comments

Comments

@Remya-Thomas
Copy link

We have a Restful webservice[developed using Apache CXF] which is protected by kerberos, below are the cxf configurations,
jaxrs:serviceBeans

/jaxrs:serviceBeans

                        <jaxrs:providers>
                                        <ref bean="kerberosFilter"/>
                                        <ref bean="jsonProvider" />
                                        <ref bean="xmlProvider" />
                        </jaxrs:providers>

                        <jaxrs:extensionMappings>
                                        <entry key="json" value="application/json" />
                                        <entry key="xml" value="application/xml" />
                        </jaxrs:extensionMappings>

                        <jaxrs:inInterceptors>
                                        <ref bean="restInInterceptor" />
                        </jaxrs:inInterceptors>
                        <jaxrs:outFaultInterceptors>
                                        <ref bean="errorOutFaultInterceptor" />
                        </jaxrs:outFaultInterceptors>
        </jaxrs:server>

        <bean id="kerberosFilter" class="org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter">

Also "spnego-server" from login config which is spnego-client {
com.sun.security.auth.module.Krb5LoginModule required; };

spnego-server {
com.sun.security.auth.module.Krb5LoginModule required
storeKey=true
useKeyTab=true
keyTab="FILE:/etc/hellokeytab.keytab"
principal=HTTP/hostname.india.com
isInitiator=false;
};
We have a webapplication which is trying to invoke this kerberos protected webservices, through org.apache.commons.httpclient.HttpClient , but we are getting "401 UnAuthorized Exception" error every time.

HttpClient httpclient = new HttpClient();
GetMethod get = new GetMethod(resourceURL);
get.setRequestHeader(entry.getKey(), value);

Since the service is protected by kerberos, i found that we need to set the below as headers in client - Authorization: Negotiate "the encrypted service ticket"

But how can we get the "the encrypted service ticket" and set it explicity into HTTPclient headers?
We are using thirdparty REST clients(Example: Mozilla REST client & Chrome's REST CLIENT) there also , how to set the Authorization Negotiate ?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Remya-Thomas