Waffle 1.3 with CXF webservice

Jul 7, 2010 at 3:35 PM
Edited Jul 7, 2010 at 3:41 PM

My aplication gives me this:

HTTP 403
Apache Tomcat/6.0.20

Using the Waffle.1.3 (waffle-jna.jar, commons-logging-1.1.1.jar, jna.jar and platform.jar in Tomcat's lib directory)

The sample waffle-negotiate work's fine..

<?xml version='1.0' encoding='utf-8'?>
<Valve className="waffle.apache.NegotiateAuthenticator" principalFormat="fqn" roleFormat="both" />
<Realm className="waffle.apache.WindowsRealm" />

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">



<display-name>Waffle Security Constraint</display-name>
<web-resource-name>Protected Area</web-resource-name>




Carolina logs:

07-jul-2010 17:20:17 org.apache.catalina.core.AprLifecycleListener init
INFO: La biblioteca nativa de Apache Tomcat basada en ARP que permite un rendimiento óptimo en entornos de desarrollo no ha sido hallada en java.library.path: C:\Program
Files (x86)\Apache Software Foundation\Tomcat 6.0\bin;.;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32
;C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem 07-jul-2010 17:20:17 org.apache.coyote.http11.Http11Protocol init
INFO: Inicializando Coyote HTTP/1.1 en puerto http-8080
07-jul-2010 17:20:17 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1025 ms
07-jul-2010 17:20:17 org.apache.catalina.core.StandardService start
INFO: Arrancando servicio Catalina
07-jul-2010 17:20:17 org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.20
07-jul-2010 17:20:17 waffle.apache.NegotiateAuthenticator <init>
FINA: [waffle.apache.NegotiateAuthenticator] loaded
07-jul-2010 17:20:17 waffle.apache.WaffleAuthenticatorBase setPrincipalFormat
FINA: principal format: fqn
07-jul-2010 17:20:17 waffle.apache.WaffleAuthenticatorBase setRoleFormat
FINA: role format: both
07-jul-2010 17:20:17 waffle.apache.NegotiateAuthenticator start
INFO: [waffle.apache.NegotiateAuthenticator] started
07-jul-2010 17:20:18 org.apache.catalina.startup.HostConfig deployWAR
INFO: Despliegue del archivo FirmaDigital.war de la aplicación web
07-jul-2010 17:20:18 org.apache.catalina.loader.WebappClassLoader validateJarFile
INFO: validateJarFile(C:\Program Files (x86)\Apache Software Foundation\Tomcat 6.0\webapps\FirmaDigital\WEB-INF\lib\geronimo-servlet_2.5_spec-1.2.jar) - jar not loaded. See
Servlet Spec 2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class 07-jul-2010 17:20:22 org.apache.cxf.endpoint.ServerImpl initDestination
INFO: Setting the server's publish address to be /FirmaDigital
07-jul-2010 17:20:22 org.apache.cxf.transport.servlet.CXFServlet updateContext
INFO: Load the bus with application context
07-jul-2010 17:20:22 org.apache.cxf.bus.spring.BusApplicationContext getConfigResources
INFO: No cxf.xml configuration file detected, relying on defaults.
07-jul-2010 17:20:22 org.apache.cxf.transport.servlet.AbstractCXFServlet replaceDestinationFactory
INFO: Servlet transport factory already registered
07-jul-2010 17:20:23 org.apache.coyote.http11.Http11Protocol start
INFO: Arrancando Coyote HTTP/1.1 en puerto http-8080
07-jul-2010 17:20:23 org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /
07-jul-2010 17:20:23 org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/32 config=null
07-jul-2010 17:20:23 org.apache.catalina.startup.Catalina start
INFO: Server startup in 6302 ms

Jul 7, 2010 at 4:02 PM

Since the demo works, it's something in your configuraiton . But I don't see anything here of notable value, except that the filter is loaded. I think Waffle isn't even invoked (yet) and something sends 403 forbidden before it.

Jul 26, 2010 at 9:18 AM
Edited Jul 26, 2010 at 9:18 AM

I also have this in the file web.xml: 

<context-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/applicationContext.xml</param-value> </context-param> <listener> <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class> </listener> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <servlet> <servlet-name>CXFServlet</servlet-name> <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet>

<servlet-mapping> <servlet-name>CXFServlet</servlet-name> <url-pattern>/*</url-pattern> </servlet-mapping>


To iniciate the cxf web services.

But now after I autenticated say:

No service was found.

Whats the problem?  waffle is incompatible with the cxf webservice??


I'm using now the 1.3 final version.

Jul 26, 2010 at 9:46 AM

I'm using the API version of waffle in java.


When I use this:

waffle.windows.auth.impl.WindowsAuthProviderImpl auth = new waffle.windows.auth.impl.WindowsAuthProviderImpl();

 String name1 =auth.getCurrentComputer().getComputerName();

String name2 =auth.getCurrentComputer().getJoinStatus();

String name3 =auth.getCurrentComputer().getMemberOf();

String name4 =auth.getCurrentComputer().getGroups()[0];


Gets the Info of the CurrentComputer, How to get the info of the remote computer.. (I'm inside of a method of CXF webservice)..


Jul 26, 2010 at 11:57 AM

There seems to be several problems in this thread. Did you make it work with CXF (I've never tried)?

To answer the last post, Windows authentication doesn't provide information about the remote user's computer when you're going over HTTP. It's usually something web servers do. The WindowsAuthProvider is for the current computer, so there's no magic, sorry.

Jul 26, 2010 at 12:04 PM

So, with the jar in tomcat and editing the web.xml and context.xml the autenticación work well, but the webservice don't work. Say No service found.


If I remove the <security-constraint> in the web.xml, the webservice work's well, but don't autenticated.

Jul 26, 2010 at 12:15 PM

You would have to look at what's happening on the wire. But my guess is that your web services client doesn't support NTLM.

I think you're on the wrong track. Generally, web-service authentication is not done via the web server and HTTP, but with WS-Security extensions. CXF provides WS-Secuirty (http://cxf.apache.org/docs/ws-security.html). In the example on that page you would have to write a little bit of code if you want the username/password to be a Windows one (call WindowsAuthProvider.logonUser). Doing NTLM would need more work.

Even the above would not be ideal. Distributed services usually rely on a security token service to do logon, then present a SAML token to each service.

Waffle roadmap definitely has all those things as feature requests (I'll file a couple), feel free to contribute ;)

Jul 26, 2010 at 12:17 PM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.