HTTP响应"401:未经授权"，将NTLM与Wildfly一起使用 [英] HTTP response '401: Unauthorized' using NTLM with Wildfly

问题描述

当SOAP请求过长时，我们将在WildFly 11中使用JAX-WS(在后台使用Apache CXF)得到'401: Unauthorized'作为响应.

When the SOAP request is too long we are getting '401: Unauthorized' as a response using JAX-WS in WildFly 11 (Apache CXF under the hood).

我们正在使用NTLM协议从WildFly到SharePoint调用SOAP Web服务.

We are calling a SOAP Web Service from WildFly to SharePoint, using NTLM protocol.

如果请求大小较短，则可以正常工作，但是，如果请求为大"(例如，具有1MB的SOAP消息)，则会失败，并显示错误HTTP401.我们正在使用此Web服务发送图像，但编码为base64二进制.

If the request size is short it works fine, but if the request is "large" (SOAP messages with 1MB for example) it fails with error HTTP 401. We are using this web service to send images, but encoded as base64 binary.

我们尝试使用SOAP UI调用该服务，并且该服务有效，因此在应用程序服务器中似乎是一个问题.可能会发生什么，我们可以使用哪些解决方法?

We tried to call the service using SOAP UI and it worked, so it seems a problem in the application server. What could be happening, and, what workarounds could we use?

更新:吉拉问题 CXF-5890 似乎与此类似.

Update: Jira issue CXF-5890 seems to be somewhat similar to this.

我们的客户端代码非常简单，我们发送一个BASE64字节数组(s:base64Binary):

Our client code is very simple, we send a BASE64 byte array (s:base64Binary):

@Stateless  
public class Client {

    @WebServiceRef(wsdlLocation = "/wsdl/service.wsdl")
    private ServiceRepository service;

    public void send() {
        Repository repository = service.getRepositorySoap();
        Map<String, Object> requestContext = ((BindingProvider) repository).getRequestContext();
        requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "http://customerendpoint/service.asmx");

        // sets standard Java authentication for NTLM
        authtWsSharepoint();

        // This method loads an image in BASE64. We found the problem around 45,000 characters, but it is not exact
        String image = getImage();

        repository.submitFile(image.getBytes());
    }
}

我们正在使用标准的Java身份验证器:

We are using standard Java authenticator:

private void authtWsSharepoint() throws Exception {
        Authenticator sAuthService = new Authenticator() {
            @Override
            protected PasswordAuthentication getPasswordAuthentication() {
                return new PasswordAuthentication("domain\\user", "password".toCharArray());
            }
        };
        Authenticator.setDefault(sAuthService);
    }

这里是个例外:

Caused by: org.apache.cxf.transport.http.HTTPException: HTTP response '401: Unauthorized' when communicating with http://customerendpoint/service.asmx
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1581)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1533)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1336)
    at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:56)
    at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:215)
    at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
    at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:652)
    at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
    at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
    at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:138)
    ... 110 more

推荐答案

魔术发生在这里httpClientPolicy.setAllowChunking(false).将其设置为false可解决问题.

The magic happens here httpClientPolicy.setAllowChunking(false). Setting this to false solved the problem.

代码示例

Client client = ClientProxy.getClient(servicePort);

HTTPConduit http = (HTTPConduit) client.getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();

//This is the magic line. Setting this to false solved the problem
httpClientPolicy.setAllowChunking(false);

http.setClient(httpClientPolicy);

依赖项

<dependency>
    <groupId>org.apache.cxf</groupId>
    <artifactId>cxf-rt-frontend-simple</artifactId>
    <version>3.0.5</version>
    <scope>provided</scope>
</dependency>
<dependency>
    <groupId>org.apache.cxf</groupId>
    <artifactId>cxf-rt-transports-http</artifactId>
    <version>3.0.5</version>
    <scope>provided</scope>
</dependency>

jboss-deployment-structure.xml

<?xml version="1.0" encoding="UTF-8"?>
<jboss-deployment-structure>
    <deployment>
        <dependencies>
            <module name="org.apache.cxf.impl">
                <imports>
                    <include path="META-INF"/>
                    <include path="META-INF/cxf"/>
                </imports>
            </module>
        </dependencies>
    </deployment>
</jboss-deployment-structure>

这篇关于HTTP响应"401:未经授权"，将NTLM与Wildfly一起使用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！