[jira] [Created] (CXF-6741) Apache CXF - Kerberos Authentication Invocation error:

Mon, 11 Jan 2016 06:11:05 -0800 

Remya Thomas created CXF-6741:
---------------------------------

             Summary: Apache CXF - Kerberos Authentication Invocation error:
                 Key: CXF-6741
                 URL: https://issues.apache.org/jira/browse/CXF-6741
             Project: CXF
          Issue Type: Bug
            Reporter: Remya Thomas


We have a Restful webservice[developed using Apache CXF] which is protected by 
kerberos, below are the cxf configurations, <jaxrs:server id="MYServices" 
address="/">
                <jaxrs:serviceBeans>
                        <ref bean="firstServiceImpl" />
                </jaxrs:serviceBeans>

                <jaxrs:providers>
                         <ref bean="kerberosFilter"/>
                        <ref bean="jsonProvider" />
                        <ref bean="xmlProvider" />
                </jaxrs:providers>

                <jaxrs:extensionMappings>
                        <entry key="json" value="application/json" />
                        <entry key="xml" value="application/xml" />
                </jaxrs:extensionMappings>

                <jaxrs:inInterceptors>
                        <ref bean="restInInterceptor" />
                </jaxrs:inInterceptors>
                <jaxrs:outFaultInterceptors>
                        <ref bean="errorOutFaultInterceptor" />
                </jaxrs:outFaultInterceptors>
        </jaxrs:server>
        
        <bean id="kerberosFilter" 
class="org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter">
   <property name="loginContextName" value="spnego-server"/> </bean> Also 
"spnego-server" from login config which is spnego-client {
        com.sun.security.auth.module.Krb5LoginModule required; };

spnego-server {
        com.sun.security.auth.module.Krb5LoginModule required
        storeKey=true
        useKeyTab=true
        keyTab="FILE:/etc/hellokeytab.keytab"
        principal=HTTP/hostname.india.com
        isInitiator=false;
};
We have a webapplication which is trying to invoke this kerberos protected 
webservices, through org.apache.commons.httpclient.HttpClient , but we are 
getting "401 UnAuthorized Exception" error every time.
HttpClient httpclient = new HttpClient(); GetMethod get = new 
GetMethod(resourceURL);
  get.setRequestHeader(entry.getKey(), value); Since the service is protected 
by kerberos, i found that we need to set the below as headers in client
Authorization: Negotiate "the encrypted service ticket"
But how can we get the "the encrypted service ticket" and set it explicity into 
HTTPclient headers?
We are using thirdparty REST clients(Example: Mozilla REST client & Chrome's 
REST CLIENT) there also , how to set the Authorization Negotiate ?




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to