Getting this error while calling the service.
401 - Unauthorized: Access is denied due to invalid credential
I tried creating a NtlmAuthenticator class which extends Authenticator
and passing on the credentials with DOMAIN\USERNAME and PASSWORD format.
Also set Authenticator.setDefault(ntlmAuthenticator). Doesnt't works out.
Any response would be very helpful.
On following the Oracle documentation found out that NTLM can be used with proxies or servers, but not with both at the same time.
Used apache CXF and this time it worked.
Added the below code
Client client = ClientProxy.getClient(port);
HTTPConduit http = (HTTPConduit) client.getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnectionTimeout(36000);
//httpClientPolicy.setAllowChunking(false);
http.setClient(httpClientPolicy);
Related
I'm new to web service. I'm required to consume a WSDL webservice created in SAP PI and send data to it via Dot Net application.
I'm getting the below error
The HTTP request is unauthorized with client authentication scheme 'Basic'. The authentication header received from the server was 'Basic realm="XISOAPApps"'. Pl help.
I expect to get a response from the server. I tested the service in Soap UI tool and it is working fine.
We have a SQuid Proxy setup on Windows Server with NTLM authentication helper (mswin_ntlm_auth).
WinHTTP authentication as described in https://msdn.microsoft.com/en-us/library/windows/desktop/aa383144(v=vs.85).aspx is not getting passed and server is returning 407 even after passing correct credentails.
Setting WINHTTP_OPTION_AUTOLOGON_POLICY as LOW is also not self authenticating.
SQuid logs suggests as:
mswin_ntlm_auth[3384]: sending 'NA Got authentication request instead of negotiate request' to squid
I have some problems consuming an external webservice from a CRM 2013 Online(sandbox) plug in, my problem is with "EnvironmentSecurity". I try to do the same with a console, and everything run fine... I call the webservice like this:
NetworkCredential myCred = new NetworkCredential();
myCred.Domain = "dom";
myCred.UserName = "user";
myCred.Password = "pass";
CredentialCache credsCache = new CredentialCache();
credsCache.Add(new Uri(webAddress), "Basic", myCred);
HttpWebRequest http = (HttpWebRequest)HttpWebRequest.Create(webAddress);
http.PreAuthenticate = false;
http.UseDefaultCredentials = true;
HttpWebResponse response2 = (HttpWebResponse )http.GetResponse();
The error is this:
System.Security.SecurityException: Request for the permission of type
'System.Security.Permissions.EnvironmentPermission, mscorlib, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
I'm afraid, you cannot make a call to local services(hosted in your local server) with a plugin registered in sandbox. Instead, please host the service with a named web address that requires DNS name resolution.
The following web access restrictions apply to this sandbox capability.
Only the HTTP and HTTPS protocols are allowed.
Access to localhost (loopback) is not permitted.
IP addresses cannot be used. You must use a named web address that requires DNS name resolution.
Anonymous authentication is supported and recommended. There is no provision for prompting the logged on user for credentials or saving those credentials.
You could host your service in Azure/ Webserver with valid Website Address.
For more information, Please visit this link.
I am getting the below exception when I invoke a jax ws webservice from my application deployed in WebSphere Application Server 6.1
SSL HANDSHAKE FAILURE: A signer with SubjectDN "CN=yyy.com, OU=For Intranet Use Only, OU=Web Hosting, O=xx, L=xx, ST=xx, C=xx" was sent from target host:port "*:9445". The signer may need to be added to local trust store "F://../trust.p12" . The extended error message from the SSL handshake exception is: "No trusted certificate found".
The enpoint url has https.
With the same enpoint url I am able to get a response from SOAP UI(Tool) without any certificate configuration etc..
Could you help me on this ?
I finally was able to fix this small issue.The Server certificate needs to be added to the websphere appserver truststore.This can be done from the admin console of websphere by providing the server domain and port.
I have a SOAP webservice declared using #WebService in an EJB subproject of an EAR running in GlassFish 3.1.1 using its bundled Metro runtime. It's been annotated with the usual #DeclareRoles and #RolesAllowed, on the class level.
I have a WSIT descriptor for authentication using a simple plaintext-password UsernameToken.
In the EAR's glassfish-application.xml, I specify the realm as the standard file realm that comes with GlassFish. To this realm I have added a user for testing, belonging to a specific group. This group is mapped to the role I specified in glassfish-ejb-jar.xml.
I also enabled the Security Manager in GlassFish, as well as auditing. I restarted the server after doing this.
I have generated a client and set the username and password in callback handlers. I log to make sure the credentials are indeed set. I have also tried to set the credentials like this:
Map<String, Object> requestContext = ((BindingProvider)port).getRequestContext();
requestContext.put(BindingProvider.USERNAME_PROPERTY, "myUsername");
requestContext.put(BindingProvider.PASSWORD_PROPERTY, "myPassword");
When I call the service, I get this on the server:
INFO: SEC5046: Audit: Authentication refused for [myUsername].
INFO: SEC1201: Login failed for user: myUsername
SEVERE: WSS1408: UsernameToken Authentication Failed
SEVERE: WSITPVD0035: Error in Verifying Security in Inbound Message.
com.sun.xml.wss.impl.WssSoapFaultException: Authentication of Username Password Token Failed
at com.sun.xml.ws.security.opt.impl.util.SOAPUtil.newSOAPFaultException(SOAPUtil.java:158)
at com.sun.xml.ws.security.opt.impl.incoming.UsernameTokenHeader.validate(UsernameTokenHeader.java:164)
at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.handleSecurityHeader(SecurityRecipient.java:341)
at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.cacheHeaders(SecurityRecipient.java:275)
at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:225)
at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.verifyInboundMessage(WSITServerAuthContext.java:586)
at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:360)
at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:263)
at com.sun.enterprise.security.webservices.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:173)
at com.sun.enterprise.security.webservices.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:144)
at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:119)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:641)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:600)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:585)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:482)
at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:314)
at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:608)
at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:259)
at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:162)
at org.glassfish.webservices.Ejb3MessageDispatcher.handlePost(Ejb3MessageDispatcher.java:120)
at org.glassfish.webservices.Ejb3MessageDispatcher.invoke(Ejb3MessageDispatcher.java:91)
at org.glassfish.webservices.EjbWebServiceServlet.dispatchToEjbEndpoint(EjbWebServiceServlet.java:200)
at org.glassfish.webservices.EjbWebServiceServlet.service(EjbWebServiceServlet.java:131)
(Rest is snipped away)
and I get this on the client:
Authentication of Username Password Token Failed
javax.xml.ws.soap.SOAPFaultException: Authentication of Username Password Token Failed
at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:189)
at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:189)
at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:122)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:119)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
I then created a simple servlet/JSP project and added a security restriction on the realm. Authentication using the same user works in this case.
The WS-Security policy looks like this:
<ns1:Policy xmlns:ns1="http://schemas.xmlsoap.org/ws/2004/09/policy" wsu:Id="MyServicePortBindingPolicy">
<ns1:ExactlyOne>
<ns1:All>
<ns2:SupportingTokens xmlns:ns2="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<ns1:Policy>
<ns1:ExactlyOne>
<ns1:All>
<ns2:UsernameToken ns2:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<ns1:Policy>
<ns1:ExactlyOne>
<ns1:All>
<ns2:WssUsernameToken10 />
</ns1:All>
</ns1:ExactlyOne>
</ns1:Policy>
</ns2:UsernameToken>
</ns1:All>
</ns1:ExactlyOne>
</ns1:Policy>
</ns2:SupportingTokens>
<ns3:UsingAddressing xmlns:ns3="http://www.w3.org/2006/05/addressing/wsdl" />
</ns1:All>
</ns1:ExactlyOne>
</ns1:Policy>
What's going wrong here? Any suggestions highly appreciated.
This solved itself when I disabled my own homebaked programmatic authentication mechanism, which threw a disruptive exception. Can't believe that didn't strike me before.