CXF Endpoint using Windows Credentials in Mule ESB

Question

i have a working mule to C# service endpoint that i use.

Service is hosted on WCF/C# - mule is openning a client to that service using a set of classes generated by apache cxf (Wsdl2java). However, up until now all i used is a basichttpbinding on the service - meaning there is no security/credentials validation.

Now - i would like to change that. I want to set the binding of the c# service to WSHttpBinding.

Is there a way i can consume the c# service using NTLM Credentials??

Current endpoint is defined as:

<cxf:jaxws-client serviceClass="com.TimeLineListener.IBusListeningService" 
            operation="getMessage" /> 
                <outbound-endpoint address="${TMSService.host}"
            exchange-pattern="one-way" />

From Apache CXF'S DOcumentation:

NTLM Authentication

 //Set the jcifs properties
    jcifs.Config.setProperty("jcifs.smb.client.domain", "ben.com");
    jcifs.Config.setProperty("jcifs.netbios.wins", "xxx.xxx.xxx.xxx");
    jcifs.Config.setProperty("jcifs.smb.client.soTimeout", "300000"); //5
    minutes
    jcifs.Config.setProperty("jcifs.netbios.cachePolicy", "1200"); //20 minutes
    //jcifs.Config.setProperty("jcifs.smb.client.username", "myNTLogin");
    //jcifs.Config.setProperty("jcifs.smb.client.password", "secret");

    //Register the jcifs URL handler to enable NTLM
    jcifs.Config.registerSmbURLHandler();

Finally, you need to setup the CXF client to turn off chunking. The reason is that the NTLM authentication requires a 3 part handshake which breaks the streaming. 

//Turn off chunking so that NTLM can occur
Client client = ClientProxy.getClient(port);
HTTPConduit http = (HTTPConduit) client.getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnectionTimeout(36000);
httpClientPolicy.setAllowChunking(false);
http.setClient(httpClientPolicy);

So, how can i define these items in the XML's above??? i havent seen any such examples....

And addtionaly, even if i try to set up the connection without security (WSHttpBinding with Security =none) - i still cant make it work as the content types doesnt match (suppose to be application/xml and it is text/xml or something of the like)

I would really like some sort of example as to how to make this happen.

Thanks (Again) !

Answer 1

I'm not sure you can. I've recently tried to get Mule to talk to a Microsoft (Dynamics 2011) web service using Kerberos authentication without success. I believe this is due to the fact that Mule uses CXF 2.3.1, which doesn't support this form of authentication.

Upon contacting Mulesoft about a solution or a workaround, I got this response:

We do not support Kerberos authentication, and upgrading to cxf 2.5.0 wouldn't fix the problem because of the way we are using this library. The only solution would be to extend the functionality of the Http transort to handle this.

Our solution right now is to have a separate CXF 2.5.0 adapter, that Mule communicates with via JMS.