netbeans web service client kerberos impersonation

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

netbeans web service client kerberos impersonation

nettercy
This post has NOT been accepted by the mailing list yet.
I have a web service on glass fish 4.1 (server B) secured with symmetric kerberos tokens. That works fine.

I have a web service client created from netbeans 8.1. I have defined the login.conf module and krb.conf and wsit xml file and the client can call the web service on server B. The client is deployed on a different glass fish server again 4.1 - and used by a servlet in this server B. That works fine.

But, I need to get the web service client - on server A - to impersonate a user when calling server B - for example like so:

Subject.doAs( call web service operation )

The subject passed to doAs() has proper kerberos credentials (delegated to server A from SPNEGO auth - that works fine and other non relevant calls with subject doAs on server A work as expected).

The issue is that the web service client uses its own login module and I end up with a prompt (from the default call back handlers no doubt) to enter a user name and password instead of using the credentials as described above.

How can the web service client be configured or what other way is there, to get it to use the delegated credentials as described above?

Thanks
Reply | Threaded
Open this post in threaded view
|

Re: netbeans web service client kerberos impersonation

nettercy
This post has NOT been accepted by the mailing list yet.
apologies, typo in paragraph 2. It should read

I have a web service client created from netbeans 8.1. I have defined the login.conf module and krb.conf and wsit xml file and the client can call the web service on server B. The client is deployed on a different glass fish server again 4.1 - and used by a servlet in this server A. That works fine.