Chemistry
  1. Chemistry
  2. CMIS-423

Open CMIS Client Framework Not initializing after enabling security on web services

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Critical Critical
    • Resolution: Not a Problem
    • Affects Version/s: OpenCMIS 0.4.0
    • Fix Version/s: None
    • Component/s: opencmis-client
    • Labels:
      None
    • Environment:

      IBM Websphere 7,0,13

      Description

      After enabling HTTP Authentication on webservices opencmis client API not Initzializing. we are getting following Exception:

      Aug 23, 2011 9:32:42 AM com.thrivent.cmis.commons.logging.Logger error
      SEVERE: $1$ Current User Id :n050767
      Aug 23, 2011 9:32:42 AM com.thrivent.cmis.commons.logging.Logger error
      SEVERE: $1$ Query:SELECT this,DocumentTitle,amtPaid,acctNbr,doc_Typ_Code,cust_Id_Nbr_ FROM Document WHERE DocumentTitle LIKE '%GCS%'
      Aug 23, 2011 9:32:42 AM com.thrivent.cmis.commons.logging.Logger error
      SEVERE: $1$ com.thrivent.cms.client.exception.ServiceClientException: org.apache.chemistry.opencmis.commons.exceptions.CmisConnectionException: Cannot initalize Web Services service object [org.apache.chemistry.opencmis.binding.webservices.RepositoryService]: Failed to access the WSDL at: http://10.83.4.223:9080/ThriventCmisServiceWeb/services/RepositoryService?wsdl. It failed with:
      Server returned HTTP response code: 401 for URL: http://10.83.4.223:9080/ThriventCmisServiceWeb/services/RepositoryService?wsdl.
      at com.thrivent.cms.client.provider.ClientSessionProvider.intiialize(ClientSessionProvider.java:112)
      at com.thrivent.cms.client.provider.ClientSessionProvider.<init>(ClientSessionProvider.java:43)
      at com.thrivent.cms.client.provider.ClientSessionProvider.getInstance(ClientSessionProvider.java:54)
      at com.thrivent.cms.client.handler.ClientRequestHandler.query(ClientRequestHandler.java:88)
      at com.thrivent.cms.client.helper.ServiceClientHelper.invokeQuery(ServiceClientHelper.java:81)
      at TestApp.invokeQueryCall(TestApp.java:74)
      at TestApp.main(TestApp.java:328)

      Caused by: java.io.IOException: Server returned HTTP response code: 401 for URL: http://10.83.4.223:9080/ThriventCmisServiceWeb/services/RepositoryService?wsdl
      at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1285)
      at java.net.URL.openStream(URL.java:1009)
      at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:804)
      at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDLParser.java:262)
      at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:129)
      ... 21 more

        Activity

        Hide
        Florian Müller added a comment -

        You have to exclude all 9 CMIS WSDLs.

        Show
        Florian Müller added a comment - You have to exclude all 9 CMIS WSDLs.
        Hide
        Krishna Penugonda added a comment -

        Please let us know if we can execlude the WSDL from Security Constraints?
        We tried the below option but didnt work: we are having two security constraints:

        To Enable Security For Users:

        <security-constraint>
        <display-name>Servlet</display-name>
        <web-resource-collection>
        <web-resource-name>ServiceServlet</web-resource-name>
        <url-pattern>/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
        <description>Authorized User</description>
        <role-name>User</role-name>
        </auth-constraint>
        </security-constraint>

        For Excluding WSDL:

        <security-constraint>

        <display-name>Excluded</display-name>
        <web-resource-collection>
        <web-resource-name>ExcludedWSDL</web-resource-name>
        <url-pattern>/services/DiscoveryService?wsdl</url-pattern>
        <http-method>DELETE</http-method>
        <http-method>PUT</http-method>
        <http-method>HEAD</http-method>
        <http-method>OPTIONS</http-method>
        <http-method>TRACE</http-method>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
        </web-resource-collection>
        <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
        </security-constraint>

        Show
        Krishna Penugonda added a comment - Please let us know if we can execlude the WSDL from Security Constraints? We tried the below option but didnt work: we are having two security constraints: To Enable Security For Users: <security-constraint> <display-name>Servlet</display-name> <web-resource-collection> <web-resource-name>ServiceServlet</web-resource-name> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <description>Authorized User</description> <role-name>User</role-name> </auth-constraint> </security-constraint> For Excluding WSDL: <security-constraint> <display-name>Excluded</display-name> <web-resource-collection> <web-resource-name>ExcludedWSDL</web-resource-name> <url-pattern>/services/DiscoveryService?wsdl</url-pattern> <http-method>DELETE</http-method> <http-method>PUT</http-method> <http-method>HEAD</http-method> <http-method>OPTIONS</http-method> <http-method>TRACE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint>
        Hide
        Florian Müller added a comment - - edited

        First of all, there is no good reason to hide the CMIS WSDLs. They are not containing any information that have to be protected and many CMIS Web Services clients cannot handle HTTP authentication.

        The workaround for OpenCMIS is to install an Authenticator [1] before the first call is made.
        A simple implementation of an Authenticator could look like this:

         
        public class BasicAuthenticator extends Authenticator {
            private PasswordAuthentication passwordAuthentication;
        
            public BasicAuthenticator(String user, String password) {
                passwordAuthentication = new PasswordAuthentication(user, password.toCharArray());
            }
        
            @Override
            protected synchronized PasswordAuthentication getPasswordAuthentication() {
                return passwordAuthentication;
            }
        }
        

        [1] http://download.oracle.com/javase/6/docs/api/java/net/Authenticator.html

        Show
        Florian Müller added a comment - - edited First of all, there is no good reason to hide the CMIS WSDLs. They are not containing any information that have to be protected and many CMIS Web Services clients cannot handle HTTP authentication. The workaround for OpenCMIS is to install an Authenticator [1] before the first call is made. A simple implementation of an Authenticator could look like this: public class BasicAuthenticator extends Authenticator { private PasswordAuthentication passwordAuthentication; public BasicAuthenticator( String user, String password) { passwordAuthentication = new PasswordAuthentication(user, password.toCharArray()); } @Override protected synchronized PasswordAuthentication getPasswordAuthentication() { return passwordAuthentication; } } [1] http://download.oracle.com/javase/6/docs/api/java/net/Authenticator.html

          People

          • Assignee:
            Unassigned
            Reporter:
            Krishna Penugonda
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - 12h
              12h
              Remaining:
              Remaining Estimate - 12h
              12h
              Logged:
              Time Spent - Not Specified
              Not Specified

                Development