NTLM impersonation or security delegation

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

NTLM impersonation or security delegation

Ilyushonak Barys
Hi, guru.


I would like to implement http web service proxy for Microsoft SharePoint Web Service. In general, the idea looks like Client (IE Web Browser) -> CXF Web Service (linux) -> Microsoft SharePoint Web Service (IIS).



The question is: Is it possible to implement NTLM impersonation in CXF?

The task is very similar to example use-case in http://spnego.sourceforge.net/credential_delegation.html.
Please, advice.

Best Regards,
Barys Ilyushonak

_______________________________________________________

The information contained in this message may be privileged and conf idential and protected from disclosure. If you are not the original intended recipient, you are hereby notified that any review, retransmission, dissemination, or other use of, or taking of any action in reliance upon, this information is prohibited. If you have received this communication in error, please notify the sender immediately by replying to this message and delete it from your computer. Thank you for your cooperation. Troika Dialog, Russia.
If you need assistance please contact our Contact Center  (+7495) 258 0500 or go to www.troika.ru/eng/Contacts/system.wbp  

Reply | Threaded
Open this post in threaded view
|

Re: NTLM impersonation or security delegation

Daniel Kulp
Administrator
On Thursday, September 08, 2011 3:47:27 PM Ilyushonak Barys wrote:
> Hi, guru.
>
>
> I would like to implement http web service proxy for Microsoft SharePoint
> Web Service. In general, the idea looks like Client (IE Web Browser) -> CXF
> Web Service (linux) -> Microsoft SharePoint Web Service (IIS).
 
>
>
> The question is: Is it possible to implement NTLM impersonation in CXF?
>
> The task is very similar to example use-case in
> http://spnego.sourceforge.net/credential_delegation.html.


Honestly, never tried.   :-)

On the service that calls out to the IIS thing, you can configure the
HTTPConduit to use the SpnegoAuthSupplier.   You would need to figure out how
to get the auth information to pass into it, but that may be a starting point
for you.

Dan


 Please, advice.

>
> Best Regards,
> Barys Ilyushonak
>
> _______________________________________________________
>
> The information contained in this message may be privileged and conf
> idential and protected from disclosure. If you are not the original
> intended recipient, you are hereby notified that any review,
> retransmission, dissemination, or other use of, or taking of any action in
> reliance upon, this information is prohibited. If you have received this
> communication in error, please notify the sender immediately by replying to
> this message and delete it from your computer. Thank you for your
> cooperation. Troika Dialog, Russia.
 If you need assistance please contact
> our Contact Center  (+7495) 258 0500 or go to
> www.troika.ru/eng/Contacts/system.wbp
--
Daniel Kulp
[hidden email]
http://dankulp.com/blog