JAX-WS IBM客户消费的.Net WS与Active Directory身份验证（NTLM） [英] JAX-WS IBM client consuming .Net WS with Active Directory authentication (NTLM)

问题描述

我想从IBM的WebSphere消耗净WS。

I want to consume .Net WS from IBM WebSphere.

我创建了一个WS-客户端与JAX-WS的IBM实现，它消耗了净WS上的IIS。客户端在SUSE和身份验证是NTLM在Windows Server 2003 Active Directory中。

I created a WS-client with JAX-WS IBM implementation that consumes a .Net WS on IIS. The client is on SUSE and the authentication is by NTLM with Windows Server 2003 Active Directory.

• 如果客户端在命令行中执行的实现调用java.net.Authenticator中获得凭据，并请求是成功的。

• If the client is executed in command line the implementation calls java.net.Authenticator to get the credentials and the request is succesful.

如果客户端内RAD执行身份验证不叫，也未能与401。

If the client is executed inside RAD the Authenticator is not called and it fails with 401.

如果客户端在WebSphere执行身份验证不叫，也未能与401。

If the client is executed inside WebSphere the Authenticator is not called and it fails with 401.

如果我直接创建的HttpConnection到.NET WS URL验证者打来电话，请求是成功的。

If I create an HttpConnection directly to the .Net WS URL the Authenticator is called and the request is succesful.

如果代替JAX-WS IBM实现我用Axis2的（直接，而不是IBM Axis2的JAX-WS实现）我可以传递给Axis2的客户端身份验证对象，该请求是成功的。这仅适用于在Windows Server 2003 NTLM协议当我们迁移到Windows Server 2008中的身份验证协议的NTLMv2（每个人都移动到NTLMv2的，因为使用NTLM安全问题），因为NTLMv2的是不支持HTTP客户端3，请求失败。 X中是在Axis2的依赖性。而一段时间他们都不会迁移。

If instead of JAX-WS IBM implementation I use the Axis2 (directly, not IBM Axis2 JAX-WS implementation) I could pass to the Axis2 client the Authenticator object and the request is succesful. This only works for NTLM protocol with Windows Server 2003. When we migrate to Windows Server 2008 the auth protocol is NTLMv2 (everybody is moving to NTLMv2 because security issues with NTLM) and the request fails because NTLMv2 is not supported by the HTTP Client 3.X that is the dependency of Axis2. And for some time they are not going to migrate.

如果我用JAX-WS的其他实现比IBM我松散的控制台管理和自动标注的阅读，再加上从IBM失去支持。

If I use other implemetation of JAX-WS than IBM I loose the console administration and the automatic annotation reading, plus to loose support from IBM.

问题

我不明白为什么RAD它didn't里面工作，是通过命令行的工作原理相同的程序。

I don´t get why inside of RAD it didn´t work, is the same program that works from command line.

你如何与特定凭证的NTLMv2协议支持JAX-WS IBM实现身份验证？ （java.net.Authenticator中为您提供了这一点，它应该被称为......事实并非如此）

How do you make JAX-WS IBM implementation authenticate with NTLMv2 protocol support with specific credentials? (java.net.Authenticator provides you with this, and it should be called ... it does not)

是什么办法，使IBM JAX-WS实现使用其他的HTTP客户端比标准？

Is the any way to make IBM JAX-WS implemetation to use another HTTP client than the standard one?

即使是IBM JVM实现提供NTLM身份验证（这就是为什么在命令行和直接的HttpConnection执行工作的原因），所以我不知道为什么他们鸵鸟政策使用它的IBM WS堆栈。

Even the IBM JVM implementation provides NTLM auth (this is the reason why the command line and the direct HttpConnection executions works) so I don´t get why they don´t use it for the IBM WS stack.

加分

有没有什么好办法，提供消费WS与ActiveDirectory的双向认证的能力？

Is there any good way to provide bidirectional ability to consume WS with the ActiveDirectory authentication?

注释

春季WS使用HttpClient的支持NTLMv2的权威性4.X，但我需要一个JAX-WS的实现，它的应该是IBM之一。 IBM的JAX-WS似乎只支持基本身份验证。我不弄了Microsoft WS互操作并不对IBM非常重要的。

Spring WS uses HttpClient 4.X that supports NTLMv2 auth, but I need a JAX-WS implementation and it should be the IBM one. The IBM JAX-WS only seems to support Basic AUTH. I don´t get how the Microsoft WS interop is not important for IBM.

引用

验证器CONF：的

<一个href="http://docs.oracle.com/javase/6/docs/api/java/net/Authenticator.html#setDefault%28java.net.Authenticator%29">http://docs.oracle.com/javase/6/docs/api/java/net/Authenticator.html#setDefault%28java.net.Authenticator%29

http://stackoverflow.com/a/5994706/14811

在此先感谢！

推荐答案

最后，这是我做的。

我创建JAXB与RAD插件创建一个JAX-WS客户端对象。我使用生成的DTO为我传递给春WS库的消息。春天WS 2.1自带的HTTP客户端4.2带来NTLMv2的支持。

I create the JAXB objects with the RAD plugin to create a JAX-WS client. I use the generated DTOs as the messages that I pass to the Spring WS library. Spring WS 2.1 comes with Http Client 4.2 that brings NTLMv2 support.

我创建了一个小型图书馆，使这个过程变得更容易，但程序的想法是：

I created an small library to make this process easier, but the procedure idea is:

1. 生成的JAX-WS客户端与RAD
2. 创建一个实现由RAD生成的服务接口的类
3. 对于每一个接口的方法：
4. 3.1注入接口方法的参数到JAXB对象
5. 3.2传递这个对象的 WebServiceTemplate （春对象）的Web服务调用。
6. 3.3演员呼叫响应JAXB方法响应对象
7. 3.4返回响应对象的内在价值

1. Generate the JAX-WS client with RAD
2. Create a class that implements the service interface generated by RAD
3. For each interface method:
4. 3.1 Inject the interface method's parameters to the JAXB object
5. 3.2 Pass this object to the WebServiceTemplate (Spring object) web service call.
6. 3.3 Cast the call response to the JAXB method response object
7. 3.4 Return the inner value of the response object

所以，你最终要做的是重新使用对象生成的JAX-WS客户包裹服务方法的参数，成春WS需要拨打电话的对象。

So, what you finally do is reuse the object generation for a JAX-WS client to wrap the service method's parameters into the object that Spring WS needs to make the call.

有关NTLM身份验证设置 NTCredentials 到 WebServiceTemplate 发件人。

For NTLM authentication set NTCredentials to the WebServiceTemplate sender.

的Axis2 1.7 将支持NTLMv2身份与HttpClient的4.2.x版的升级版本，但没有发布日期还没有。

Axis2 1.7 will have support for NTLMv2 with updated version of the HttpClient 4.2.X, but there is no release date yet.

请参阅：

• WebServiceTemplate WS通话

• WebServiceTemplate WS call

<一个href="http://static.springsource.org/spring-ws/sites/2.0/apidocs/org/springframework/ws/client/core/WebServiceTemplate.html#marshalSendAndReceive%28java.lang.Object%29" rel="nofollow">http://static.springsource.org/spring-ws/sites/2.0/apidocs/org/springframework/ws/client/core/WebServiceTemplate.html#marshalSendAndReceive%28java.lang.Object%29

• WebServiceTemplate 发件人

<一个href="http://static.springsource.org/spring-ws/sites/2.0/apidocs/org/springframework/ws/client/support/WebServiceAccessor.html#getMessageSenders%28%29" rel="nofollow">http://static.springsource.org/spring-ws/sites/2.0/apidocs/org/springframework/ws/client/support/WebServiceAccessor.html#getMessageSenders%28%29

• NTCredentials

<一个href="http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/auth/NTCredentials.html" rel="nofollow">http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/auth/NTCredentials.html

更新：我测试轴1.7和NTLM身份验证效果很好

Update: I tested Axis 1.7 and the NTLM auth works well.

这篇关于JAX-WS IBM客户消费的.Net WS与Active Directory身份验证（NTLM）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！