NTLM authentication in axis2 client return error 401

axis2

10,008

Solution 1

As far as I know, the standard release of Axis2 1.6 still uses HTTPClient 3.1 and thus NTLMv1, which most Windows servers have disabled by default. Changing this requires either patching Axis2 or changing the registry settings on the server.

Here's a link to the development thread with a patch as recent as 25-05-2012:
https://issues.apache.org/jira/browse/AXIS2-4318

Solution 2

Not sure if you have figured out a way to access WCF via NTLM authentication.. but this is what I did to fix this issue..

HttpClient doesnt support NTLM v2 hence I use JCIFS library to return NTLM v1,2,3 message type as described in this website

http://devsac.blogspot.com/2010/10/supoprt-for-ntlmv2-with-apache.html

I just used the JCIFS_NTLMScheme.java file from the above website to register the auth scheme and it worked !!!!

Sample client:

    List authSchema = new ArrayList();
    AuthPolicy.registerAuthScheme(AuthPolicy.NTLM, org.tempuri.JCIFS_NTLMScheme.class);
    HttpTransportProperties.Authenticator auth = new HttpTransportProperties.Authenticator();
    auth.setUsername("");
    auth.setPassword("");
    auth.setDomain("");
    auth.setHost("");
    auth.setPort();
    List authPrefs = new ArrayList(1);
    authPrefs.add(AuthPolicy.NTLM);
    auth.setAuthSchemes(authPrefs);
    stub._getServiceClient().getOptions().setProperty(org.apache.axis2.transport.http.HTTPConstants.AUTHENTICATE, auth);

10,008

Author by

Murali

Updated on June 04, 2022

Comments

Murali almost 2 years

I am using axis2 to create client code and access the wcf webservice with NTLM authentication. My client code is

    Service1Stub stub = new Service1Stub();             
    Options options = stub._getServiceClient().getOptions();    
    HttpTransportProperties.Authenticator   auth = new HttpTransportProperties.Authenticator();
    auth.setUsername("administrator");
    auth.setPassword("passwrd");
    auth.setHost("172.16.12.25"); 
    auth.setDomain("MY-PC");        
    List<String> authSchemes = new ArrayList<String>();         
    authSchemes.add(HttpTransportProperties.Authenticator.NTLM);        
    auth.setAuthSchemes(authSchemes); 

    options.setProperty(HTTPConstants.AUTHENTICATE, auth); 
    options.setProperty(HTTPConstants.CHUNKED, Boolean.FALSE); 
    stub._getServiceClient().setOptions(options);

when I run my client code it returns the following error

    org.apache.axis2.AxisFault: Transport error: 401 Error: Unauthorized
        at org.apache.axis2.transport.http.HTTPSender.handleResponse(HTTPSender.java:310)
        at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:194)
        at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)
        at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:404)
        at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:231)
        at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:443)
        at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:406)
        at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
        at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
        at org.tempuri.Service1Stub.welcomeData(Service1Stub.java:473)
        at ws.client.Client.myservice(Client.java:159)
        at ws.client.Client.main(Client.java:50)

my header log is

     >> "POST /Service1/Service1.svc HTTP/1.1[\r][\n]"
     >> "Content-Type: text/xml; charset=UTF-8[\r][\n]"
     >> "SOAPAction: "http://tempuri.org/IService1/WelcomeData"[\r][\n]"
     >> "User-Agent: Axis2[\r][\n]"
     >> "Content-Length: 278[\r][\n]"
     >> "Authorization: NTLM TlRMTVNTUAADAAAAGAAYAGMAAAAAAAAAewAAAAkACQBAAAAADQANAEkAAAANAA0AVgAAAAAAAAB7AAAABlIAAFZJTk9USC1QQ0FETUlOSVNUUkFUT1IxNzIuMTYuMTIuMjQ11kmkEIwyUVitHBvTPwhExpcylZ9vkdwd[\r][\n]"
     >> "Host: 172.16.12.25[\r][\n]"
     >> "[\r][\n]"
     >> "<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Body><ns1:WelcomeData xmlns:ns1="http://tempuri.org/"><ns1:helloservice>Hello Servie</ns1:helloservice></ns1:WelcomeData></soapenv:Body></soapenv:Envelope>"
     << "HTTP/1.1 401 Unauthorized[\r][\n]"
     << "HTTP/1.1 401 Unauthorized[\r][\n]"
     << "Content-Type: text/html[\r][\n]"
     << "Server: Microsoft-IIS/7.5[\r][\n]"
     << "WWW-Authenticate: NTLM[\r][\n]"
     << "X-Powered-By: ASP.NET[\r][\n]"
     << "Date: Thu, 10 May 2012 19:30:20 GMT[\r][\n]"
     << "Content-Length: 1293[\r][\n]"
     << "[\r][\n]"
     << "<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">[\r][\n]"
     << "<html xmlns="http://www.w3.org/1999/xhtml">[\r][\n]"
     << "<head>[\r][\n]"
     << "<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>[\r][\n]"
     << "<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>[\r][\n]"
     << "<style type="text/css">[\r][\n]"
     << "<!--[\r][\n]"
     << "body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}[\r][\n]"
     << "fieldset{padding:0 15px 10px 15px;} [\r][\n]"
     << "h1{font-size:2.4em;margin:0;color:#FFF;}[\r][\n]"
     << "h2{font-size:1.7em;margin:0;color:#CC0000;} [\r][\n]"
     << "h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} [\r][\n]"
     << "#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;[\r][\n]"
     << "background-color:#555555;}[\r][\n]"
     << "#content{margin:0 0 0 2%;position:relative;}[\r][\n]"
     << ".content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}[\r][\n]"
     << "-->[\r][\n]"
     << "</style>[\r][\n]"
     << "</head>[\r][\n]"
     << "<body>[\r][\n]"
     << "<div id="header"><h1>Server Error</h1></div>[\r][\n]"
     << "<div id="content">[\r][\n]"
     << " <div cla"
     << "ss="content-container"><fieldset>[\r][\n]"
     << "  <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>[\r][\n]"
     << "  <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>[\r][\n]"
     << " </fieldset></div>[\r][\n]"
     << "</div>[\r][\n]"
     << "</body>[\r][\n]"
     << "</html>[\r][\n]

I don't know where I made mistake.

Haobo over 9 years

Hi, I'm facing the same issue, where should I put this class or how can I integrate Apache HTTPComponents 4 with AXIS? Thanks
Ben Hutchison over 9 years

@Haobo I've expanded the Usage section. You can put the class anywhere in your project, as long as your refer to it in AuthPolicy.registerAuthScheme() before making SOAP requests.
Haobo over 9 years

Thanks a lot! I've tried to apply code you posted, the only problem is in "MyAxisClient myAxisClient = new MyAxisClientStub();", eclipse could not resolve MyAxisClientStub, do you have any idea? Thanks!
Haobo over 9 years

I assume that MyAxisClient is your class for AXIS client, tried mine, still could not resolve _getServiceClient()
Ben Hutchison over 9 years

Sorry, it should have been MyAxisClientStub._getServiceClient() because_getServiceClient() is a method on the Stub class but the interface hides it. I have updated the Usage.