Major Description
We are on Jboss 6.1.0 the version of CXF is 2.6.6 and has a bug when delegation is used:
AbstractSpnegoAuthSupplier (v 2.6.6) has this method call:
[...]
return getToken(delegatedCred == null ? authPolicy : null, context);
[...]
here if we have delegatedCred with a value the statment passes null to the method:
private byte[] getToken(AuthorizationPolicy authPolicy,
final GSSContext context) throws GSSException,
LoginException {
String contextName = authPolicy.getAuthorization();
if (contextName == null)
[...]
}
if authPolicy is null (our case) the method throws a NullPointerException.
So I got the fixed AbstractSpnegoAuthSupplier and SpnegoAuthSupplier from cxf 2.7.1 copied/renamed in my project and programmatically set on HTTPConduit:
[...]
HTTPConduit http = (HTTPConduit) client.getConduit();
http.setAuthorization(authorization);
http.setAuthSupplier(new CustomSpnegoAuthSupplier());
[...]
And now it works fine.