Apache CXF - http-conf:conduit proxy setting - web-services

In my project i have to configure the conduit settings for web services.To communicate with the web services i have to pass through a proxy.Since , http-conf:basicAuthSupplier it's not working due to http://cxf.547215.n5.nabble.com/svn-commit-r1240059-cxf-trunk-rt-transports-http-src-main-resources-schemas-configuration-http-conf-d-td5453353.html does anybody knows how to configure a proxy setting?
<http-conf:conduit name="*.http-conduit">
<http-conf:authorization>
<sec:UserName>username</sec:UserName>
<sec:Password>password</sec:Password>
</http-conf:authorization>
<http-conf:client Connection="Keep-Alive"
AllowChunking="false"
ProxyServer=proxyIp
ProxyServerPort=proxyPort
ProxyServerType="HTTP"/>
</http-conf:conduit>
I also tried with http-conf:proxyAuthorization
but the same 407 proxy authentification error appears.
Does anybody knows how to resolve it?

Authentication supplier has to be configured as described at http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
<http-conf:conduit name="*.http-conduit">
<http-conf:client ProxyServer="proxyIP" ProxyServerPort="proxyPort" NonProxyHosts="nonProxyHost" />
<http-conf:authSupplier class="org.apache.cxf.transport.http.auth.DefaultBasicAuthSupplier"/>
<http-conf:proxyAuthorization>
<sec:UserName>username</sec:UserName>
<sec:Password>password</sec:Password>
</http-conf:proxyAuthorization>
Also enable basic authentication for HTTPS tunneling using the below JVM flags. Details available at http://www.oracle.com/technetwork/java/javase/8u111-relnotes-3124969.html
-Djdk.http.auth.proxying.disabledSchemes="" -Djdk.http.auth.tunneling.disabledSchemes=""

Related

Setup two way ssl for running webservice between wildfly and weblogic

I want to set up two way ssl(self-signed cert) to call a webservice endpoint from wildfly to weblogic. I've tested the weblogic setting, it works fine. Now, the problem is how should I configure the wildfly in order to build the connection with weblogic. I've tried the settings in standalone.xml as below:
<security-realm name="UndertowRealm">
<server-identities>
<ssl>
<keystore path="space2_identity.jks" relative-to="jboss.server.config.dir" keystore-password="password" alias="space2i" key-password="password"/>
</ssl>
</server-identities>
<authentication>
<truststore path="space2_trust.jks" relative-to="jboss.server.config.dir" keystore-password="password"/>
<local default-user="$local" skip-group-loading="true"/>
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
</security-realm>
<https-listener name="https" verify-client="REQUIRED" security-realm="UndertowRealm" socket-binding="https"/>
The above setting is succeeded if I use a browser to run a two way ssl with wildfly. But for my main purpose (call WS between wildfly and weblogic), I keep receiving a bad_certification error, I suspect that wildfly cannot find my keystore and trustkeystore when wildfly is acting as a client role. It's because if I put the self-sign cert into jvm cacerts file, one way ssl can be built with weblogic. However, I've tried many methods to do the two way ssl, it keeps telling me bad_certification error. I've even insert the following lines into standalone.conf.bat:
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.debug=ssl"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStore=D:/Keystore/space2_identity.jks"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStore=D:/Keystore/space2_trust.keystore"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStorePassword=password"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStorePassword=password"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStoreType=jks"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStoreType=jks"
Still, bad_certification received. I've tried many ways, what have I done wrong? Please kindly help. Thank you very much!
In your JAVA_OPTS the truststore is space2_trust.keystorewhile you have space2_trust.jks in your Undertow configuration.

How to make JAX-WS web service secure

I have got a simple 'Helloworld' JAX-WS service deployed in Jboss 5.1.0. It works fine and I am able to invoke my service from SoapUI client/ Java client.
Now I want to have the service secure(SSL enabled) and access using https protocol. I have done changes to my default\deploy\jbossweb.sar\server.xml file in Jboss
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="8443" address="${jboss.bind.address}"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/ws.keystore"
keystorePass="install01" sslProtocol = "TLS" />
But when I try to do
https://machinename:8443/abc/webservice?wsdl
it does not work
any idea?
To make this happen, first, go through some materials those suggests how SSL works. The reason being, when you intends to enable the SSL, then there are rounds of talk that happens between the client and server. On the top of that, there are also terms which are very much specific to SSL. I suggest, go through articles first. Hope this helps.

Mule Service Proxy Issue

I'mm trying to proxy a service but somehow its not working the way other services did, what am I doing wrong?
This is the original service http://webservicesh.sc.gov.br/SEA/Materiais/Fardamento/WS_Materiais_v1.wsdl
What I did was:
<pattern:web-service-proxy name="BiometriaRH"
inboundAddress="http://LocalIP/services/BiometriaRH/WS_BiometriaRH_v1"
outboundAddress="http://webservicesh.sc.gov.br/SEA/RecursosHumanos/biometria/WS_BiometriaRH_v1.asmx"
wsdlFile="BiometriaRH.wsdl"/>
It does access the WSDL file but I can't load the service any place like soapUI or Eclipse...
Why do you configure wsdlFile="BiometriaRH.wsdl"? Did you manually customize it?
If not, and assuming a WSDL is served at this URL http://webservicesh.sc.gov.br/SEA/RecursosHumanos/biometria/WS_BiometriaRH_v1.asmx?wsdl , then you only need:
<pattern:web-service-proxy name="BiometriaRH"
inboundAddress="http://LocalIP/services/BiometriaRH/WS_BiometriaRH_v1"
outboundAddress="http://webservicesh.sc.gov.br/SEA/RecursosHumanos/biometria/WS_BiometriaRH_v1.asmx" />

The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'NTLM'

I am trying to program a VisualWebPart using Visual Studio 2010 which has to do a simple thing: invoke a web service (hosted in a remote server, NOT locally). When I execute within the Sharepoint site (version 2010, which I have published in my IIS) I get this error:
"The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'NTLM'."
Pardon my ignorance, but the only difference here is the case of the Ntlm authentication scheme! I have been all over the web and found many related problems, but none of the solutions worked. Almost ALL solutions i found involve modifications in the webservice security configuration, this is not an option for me.
Looking for a solution, I created a sample windows form and invoked the web service from it: no problems whatsoever.
In order to be able to invoke the webservice correctly this is the necessary security configuration:
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm" proxyCredentialType="Ntlm" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
I believe the problem is that I havenĀ“t been able to properly set this security property to the web.config of my Sharepoint site, since I tried to put it in the security tag that appears in the web.config but still get the same error.
Any further information needed please ask, I am REALLY desperate, for days I have been with the SAME error.
In the end I was given permissions in their server: more precisely in the database which was the one that wouldn't let me create the web part in the server. Once this was done, the call to the webservice worked just fine, because they have the web.config correctly configured.

How can I set the port for an iis hosted wcf svc?

I have a IIS hosted service http://localhost/someProject/services/myservice.svc . Is it possible to somehow make say http://locahost:9705 point to it? How do I set this up? It seems to be pretty straightforward with a Windows Service hosted WCF service, but I cannot figure how to accomplish this when using .svc files and IIS. In the app.config of a Windows Service I just add a host node...
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:9705"/>
</baseAddresses>
</host>
however when I do the same thing in an IIS hosted svc web.config
<host>
<baseAddresses>
<add baseAddress="http://localhost:9705"/>
</baseAddresses>
</host>
I browse to http://localhost:9705 and I get an IE error cannot display the webpage etc... In the windows hosted services I'm able to browse to the page, although not in this example as I'm using net.tcp, but with other services, it works. What am I doing wrong here? Is this even possible? Please point me in the right direction. Thanks for any tips and/or help.
Cheers,
~ck in San Diego
If you host in IIS, it's IIS that controls where the service is located. You cannot override the IIS settings - if your *.svc file is located under http://localhost/someproject/services/myservice.svc, then that's your service address. Any <baseAddress> settings in your web.config file are ignored and useless.
So either you can configure this in IIS, or you have to switch to self-hosting your WCF service in e.g. a Windows Service or a console app or something.