Apache CXF - Kerberos Authentication Invocation error #4
Description
We have a Restful webservice[developed using Apache CXF] which is protected by kerberos, below are the cxf configurations,
jaxrs:serviceBeans
/jaxrs:serviceBeans
<jaxrs:providers>
<ref bean="kerberosFilter"/>
<ref bean="jsonProvider" />
<ref bean="xmlProvider" />
</jaxrs:providers>
<jaxrs:extensionMappings>
<entry key="json" value="application/json" />
<entry key="xml" value="application/xml" />
</jaxrs:extensionMappings>
<jaxrs:inInterceptors>
<ref bean="restInInterceptor" />
</jaxrs:inInterceptors>
<jaxrs:outFaultInterceptors>
<ref bean="errorOutFaultInterceptor" />
</jaxrs:outFaultInterceptors>
</jaxrs:server>
<bean id="kerberosFilter" class="org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter">
Also "spnego-server" from login config which is spnego-client {
com.sun.security.auth.module.Krb5LoginModule required; };
spnego-server {
com.sun.security.auth.module.Krb5LoginModule required
storeKey=true
useKeyTab=true
keyTab="FILE:/etc/hellokeytab.keytab"
principal=HTTP/hostname.india.com
isInitiator=false;
};
We have a webapplication which is trying to invoke this kerberos protected webservices, through org.apache.commons.httpclient.HttpClient , but we are getting "401 UnAuthorized Exception" error every time.
HttpClient httpclient = new HttpClient();
GetMethod get = new GetMethod(resourceURL);
get.setRequestHeader(entry.getKey(), value);
Since the service is protected by kerberos, i found that we need to set the below as headers in client - Authorization: Negotiate "the encrypted service ticket"
But how can we get the "the encrypted service ticket" and set it explicity into HTTPclient headers?
We are using thirdparty REST clients(Example: Mozilla REST client & Chrome's REST CLIENT) there also , how to set the Authorization Negotiate ?