JAX-WS IBM 客户端使用具有 Active Directory 身份验证 (NTLM) 的 .Net WS [英] JAX-WS IBM client consuming .Net WS with Active Directory authentication (NTLM)
问题描述
我想使用来自 IBM WebSphere 的 .Net WS.
I want to consume .Net WS from IBM WebSphere.
我使用 JAX-WS IBM 实现创建了一个 WS 客户端,该客户端在 IIS 上使用 .Net WS.客户端在 SUSE 上,通过 NTLM 与 Windows Server 2003 Active Directory 进行身份验证.
I created a WS-client with JAX-WS IBM implementation that consumes a .Net WS on IIS. The client is on SUSE and the authentication is by NTLM with Windows Server 2003 Active Directory.
如果客户端在命令行中执行,则实现调用 java.net.Authenticator 以获取凭据并且请求成功.
If the client is executed in command line the implementation calls java.net.Authenticator to get the credentials and the request is succesful.
如果客户端在 RAD 中执行,则不会调用 Authenticator 并且失败并返回 401.
If the client is executed inside RAD the Authenticator is not called and it fails with 401.
如果客户端在 WebSphere 内执行,则不会调用 Authenticator 并且失败并返回 401.
If the client is executed inside WebSphere the Authenticator is not called and it fails with 401.
如果我直接创建一个到 .Net WS URL 的 HttpConnection,则会调用 Authenticator 并且请求成功.
If I create an HttpConnection directly to the .Net WS URL the Authenticator is called and the request is succesful.
如果我使用 Axis2(直接,而不是 IBM Axis2 JAX-WS 实现)而不是 JAX-WS IBM 实现,我可以将 Authenticator 对象传递给 Axis2 客户端并且请求成功.这仅适用于 Windows Server 2003 的 NTLM 协议.当我们迁移到 Windows Server 2008 时,身份验证协议是 NTLMv2(由于 NTLM 的安全问题,每个人都在迁移到 NTLMv2)并且请求失败,因为 HTTP 客户端 3 不支持 NTLMv2.X 是 Axis2 的依赖项.并且有一段时间他们不会迁移.
If instead of JAX-WS IBM implementation I use the Axis2 (directly, not IBM Axis2 JAX-WS implementation) I could pass to the Axis2 client the Authenticator object and the request is succesful. This only works for NTLM protocol with Windows Server 2003. When we migrate to Windows Server 2008 the auth protocol is NTLMv2 (everybody is moving to NTLMv2 because security issues with NTLM) and the request fails because NTLMv2 is not supported by the HTTP Client 3.X that is the dependency of Axis2. And for some time they are not going to migrate.
如果我使用 IBM 以外的其他 JAX-WS 实现,我会失去控制台管理和自动注释读取,以及来自 IBM 的支持.
If I use other implemetation of JAX-WS than IBM I loose the console administration and the automatic annotation reading, plus to loose support from IBM.
问题
我不明白为什么在 RAD 内部它不起作用,是从命令行运行的同一个程序.
I don´t get why inside of RAD it didn´t work, is the same program that works from command line.
您如何使用特定凭据通过 NTLMv2 协议支持使 JAX-WS IBM 实现进行身份验证?(java.net.Authenticator 为您提供了这个,它应该被称为......它没有)
How do you make JAX-WS IBM implementation authenticate with NTLMv2 protocol support with specific credentials? (java.net.Authenticator provides you with this, and it should be called ... it does not)
有没有办法让 IBM JAX-WS 实现使用标准客户端之外的其他 HTTP 客户端?
Is the any way to make IBM JAX-WS implemetation to use another HTTP client than the standard one?
即使是 IBM JVM 实现也提供 NTLM 身份验证(这就是命令行和直接 HttpConnection 执行有效的原因),所以我不明白他们为什么不将它用于 IBM WS 堆栈.
Even the IBM JVM implementation provides NTLM auth (this is the reason why the command line and the direct HttpConnection executions works) so I don´t get why they don´t use it for the IBM WS stack.
加分
有没有什么好的方法可以通过 ActiveDirectory 身份验证提供双向使用 WS 的能力?
Is there any good way to provide bidirectional ability to consume WS with the ActiveDirectory authentication?
评论
Spring WS 使用支持 NTLMv2 身份验证的 HttpClient 4.X,但我需要一个 JAX-WS 实现,它应该是 IBM 的.IBM JAX-WS 似乎只支持 Basic AUTH.我不明白 Microsoft WS 互操作对 IBM 来说不重要.
Spring WS uses HttpClient 4.X that supports NTLMv2 auth, but I need a JAX-WS implementation and it should be the IBM one. The IBM JAX-WS only seems to support Basic AUTH. I don´t get how the Microsoft WS interop is not important for IBM.
参考资料
身份验证器配置:
https://stackoverflow.com/a/5994706/14811
提前致谢!
推荐答案
最后,这就是我所做的.
Finally, this is what I did.
我使用 RAD 插件创建 JAXB 对象以创建 JAX-WS 客户端.我使用生成的 DTO 作为传递给 Spring WS 库的消息.Spring WS 2.1 随附提供 NTLMv2 支持的 Http Client 4.2.
I create the JAXB objects with the RAD plugin to create a JAX-WS client. I use the generated DTOs as the messages that I pass to the Spring WS library. Spring WS 2.1 comes with Http Client 4.2 that brings NTLMv2 support.
我创建了一个小库来简化这个过程,但程序的想法是:
I created an small library to make this process easier, but the procedure idea is:
- 使用 RAD 生成 JAX-WS 客户端
- 创建一个实现RAD生成的服务接口的类
- 对于每个接口方法:
- 3.1 将接口方法的参数注入 JAXB 对象
- 3.2 将此对象传递给
WebServiceTemplate(Spring 对象)Web 服务调用. - 3.3 将调用响应转换为 JAXB 方法响应对象
- 3.4 返回响应对象的内部值
- Generate the JAX-WS client with RAD
- Create a class that implements the service interface generated by RAD
- For each interface method:
- 3.1 Inject the interface method's parameters to the JAXB object
- 3.2 Pass this object to the
WebServiceTemplate(Spring object) web service call. - 3.3 Cast the call response to the JAXB method response object
- 3.4 Return the inner value of the response object
因此,您最终要做的是重用 JAX-WS 客户端的对象生成,将服务方法的参数包装到 Spring WS 需要进行调用的对象中.
So, what you finally do is reuse the object generation for a JAX-WS client to wrap the service method's parameters into the object that Spring WS needs to make the call.
对于 NTLM 身份验证,将 NTCredentials 设置为 WebServiceTemplate 发送方.
For NTLM authentication set NTCredentials to the WebServiceTemplate sender.
Axis2 1.7 将通过 HttpClient 4.2.X 的更新版本支持 NTLMv2,但尚无发布日期.
Axis2 1.7 will have support for NTLMv2 with updated version of the HttpClient 4.2.X, but there is no release date yet.
见:
WebServiceTemplateWS 调用
WebServiceTemplateWS call
WebServiceTemplate发送方
NTCredentials
更新:我测试了 Axis 1.7,NTLM 身份验证运行良好.
Update: I tested Axis 1.7 and the NTLM auth works well.
这篇关于JAX-WS IBM 客户端使用具有 Active Directory 身份验证 (NTLM) 的 .Net WS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
