THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
CXF doesn't support NTLM authentication "out of the box", but with some additional libraries and configuration, the standard HttpURLConnection objects that we use can do the NTLM authentication.
First, you need a library that will augment the HttpURLConnection to do it. See: http://jcifs.samba.org/src/docs/httpclient.html
Note: jcifs is LGPL licensed, not Apache licensed.
Next, you need to configure jcifs to use the correct domains, wins servers, etc... Notice that the
bit which sets the username/password to use for NTLM is commented out. If credentials are
missing jcifs will use the underlying NT credentials.
| Code Block | ||||
|---|---|---|---|---|
| ||||
//Set the jcifs properties
jcifs.Config.setProperty("jcifs.smb.client.domain", "ben.com");
jcifs.Config.setProperty("jcifs.netbios.wins", "xxx.xxx.xxx.xxx");
jcifs.Config.setProperty("jcifs.smb.client.soTimeout", "300000"); //5
minutes
jcifs.Config.setProperty("jcifs.netbios.cachePolicy", "1200"); //20 minutes
//jcifs.Config.setProperty("jcifs.smb.client.username", "myNTLogin");
//jcifs.Config.setProperty("jcifs.smb.client.password", "secret");
//Register the jcifs URL handler to enable NTLM
jcifs.Config.registerSmbURLHandler();
|
Finally, you need to setup the CXF client to turn off chunking. The reason is that the NTLM authentication requires a 3 part handshake which breaks the streaming.
| Code Block |
|---|
//Turn off chunking so that NTLM can occur
Client client = ClientProxy.getClient(port);
HTTPConduit http = (HTTPConduit) client.getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnectionTimeout(36000);
httpClientPolicy.setAllowChunking(false);
http.setClient(httpClientPolicy);
|