[jboss-user] [JBossWS] - JAX-WS Web Service Authentication (NTLM) against a MS CRM Se

ivan.stefanov do-not-reply at jboss.com
Wed Aug 19 11:54:26 EDT 2009

Hello everybody,

I am currently developing a jboss web service client, which is supposed to connect to a web service on a Microsoft CRM Dynamics (I hope I've got the name right) instance, running on an Internet Information Server. The service itself and the relevant data types are defined in a what appears to be a standard CrmServiceWsdl.aspx file.

I've generated the Java classes with the /bin/wsconsume.bat tool in the JBoss folder. We have many times used this tool successfully, when programming JBoss web services and clients for them. Everything seemed nice and well, the client easily connected (including HTTP BASIC authentication) and sent what looked like a correct request to a dummy JBoss web service which I wrote for testing purposes. The problems appeared when we tried the real thing, namely connecting to the MS CRM web service. The IIS Server has the "Windows Intergrated Security" authentication activated, which is supposed to be NTLM. 

First I have tried doing HTTP Basic, as the IIS was also supposed to support it:

  | url = new java.net.URL(InfondsParameter.CRMWebServiceUrlCreateUpdateTask.get(em));
  | CrmTaskServiceSoap port = (new CrmTaskService(url, new QName("http://schemas.microsoft.com/crm/2007/WebServices", "CrmService")))
  | .getCrmTaskServiceSoap();
  | ((BindingProvider)port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "username");
  | ((BindingProvider)port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "password");

This didn't work and I kept getting the "javax.xml.ws.WebServiceException: org.jboss.ws.WSException: Target endpoint address not set" error message plus debug messages (my own) telling me the WSDL could not be reached.

Then I decided to aim for the NTLM authentication. Following advice I found on many (non official) sources in Internet, I wrote the following:

  | static class MyAuthenticator extends Authenticator {
  |     	private String user;
  |     	private String pass;
  |     	public MyAuthenticator(String user, String pass) {
  |     		this.user = user;
  |     		this.pass = pass;
  |     	}
  |     	public PasswordAuthentication getPasswordAuthentication() {
  |             return (new PasswordAuthentication(kuser, kpass.toCharArray()));
  |         }
  |     }
  | public static void callCreateTask()
  |     	Authenticator.setDefault(new MyAuthenticator("username",  "password"));
  |     	url = new java.net.URL(InfondsParameter.CRMWebServiceUrlCreateUpdateTask.get(em));
  |     	CrmTaskServiceSoap port = (new CrmTaskService(url, new QName("http://schemas.microsoft.com/crm/2007/WebServices", "CrmService")))
  | .getCrmTaskServiceSoap();
  | ...
  |     	String ret = port.create(ent);
  | }

Now the WSDL seems to get reached and consumed, but at the last row I still get a "org.jboss.ws.WSException: Invalid HTTP server response [401] - Unauthorized". The port.create(ent) statement is just calling the "create" operation, defined in the WSDL, with the argument being an entity, also as defined in the WSDL.

I really fail to grasp what is going wrong. As far as I know, Java is supposed to support NTLM Authentication "off the shelf" through the Authenticator class and it obviously does some work, as the WSDL residing on the IIS could be opened and read. However, the call to the service itself could not be authorised. I've found some references to a CrmAuthenticationToken having to be set, but neither my CrmTaskService (which is the standard CrmService), nor CrmTaskServiceSoap (which is the proxy of the service) has been generated with a possibility to set Credentials or AuthenticationToken.

Has anyone had exprience with interfacing the Microsoft CRM Web Services? Any advice, insight or ideas are welcome!

Thank you in advance!

Best regards,
Ivan Stefanov

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4250438#4250438

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4250438

More information about the jboss-user mailing list