hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: NTLM Authentication for currently logged in Windows user
Date Mon, 15 May 2006 13:38:55 GMT
On Mon, 2006-05-15 at 08:22 -0500, John.M.Corro-EXT@jci.com wrote: 
> Thanks, Oleg.  I thought that might be the case, but was looking for 
> wiser/more experienced minds to verify my suspicion. 
> 
> One last inquiry - is there a way to manually create a HttpUrlConnection 
> then inject it into a PostMethod or HttpClient? 

No, there's not. 

Consider trying out the idea suggested by Roland

Oleg

>  In this way, I could 
> benefit from Java's ability to do transparent NTLM negotiation, but also 
> from HTTPClient's easy to work w/ interfaces. 
> 
> 
> John M. Corro
> (414) 524-7118
> 
> 
> 
> olegk@apache.org 
> 05/15/2006 08:11 AM
> Please respond to
> httpclient-user@jakarta.apache.org
> 
> 
> To
> httpclient-user@jakarta.apache.org
> cc
> 
> Subject
> Re: NTLM Authentication for currently logged in Windows user
> 
> 
> 
> 
> 
> 
> On Mon, 2006-05-15 at 07:43 -0500, John.M.Corro-EXT@jci.com wrote: 
> > I was doing some playing around and opening a connection to the server 
> > (from the applet) using the plain java.net.URL object.  When watching 
> the 
> > traffic go back and forth across (using Ethereal), it appeared the 
> native 
> > URL object was negotiating w/ the server (w/o requiring any special 
> steps 
> > from the developer) and actually sending back an authentication response 
> 
> > to the server w/ what "appeared" to be a correct NTLM hashed value. 
> > 
> > Would anyone be able to verify if what I was seeing was correct?
> 
> I believe as of Java 1.4 HttpUrlConnection can leverage some platform
> specific code to obtain NT user credentials when running on Microsoft
> Windows. This, obviously, renders the whole application Windows specific
> as a result. If your application is not meant to be portable across
> multiple platforms, you should probably stick with HttpUrlConnection.
> NTLM support in HttpClient is fully portable across platforms but is
> limited to NTLMv1 and is unable to interact with the Windows security
> context.
> 
> Hope this helps,
> 
> Oleg
> 
> > 
> > *NOTE: I opted not to use the native URL object because I was having 
> > issues streaming info back and forth that I was hopeful HTTPClient could 
> 
> > alleviate. 
> > 
> > John M. Corro
> > (414) 524-7118
> > 
> > 
> > 
> > olegk@apache.org 
> > 05/14/2006 02:34 PM
> > Please respond to
> > httpclient-user@jakarta.apache.org
> > 
> > 
> > To
> > httpclient-user@jakarta.apache.org
> > cc
> > 
> > Subject
> > Re: NTLM Authentication for currently logged in Windows user
> > 
> > 
> > 
> > 
> > 
> > 
> > On Fri, 2006-05-12 at 15:30 -0500, John.M.Corro-EXT@jci.com wrote:
> > > I'm attempting to invoke an Integrated Authenticated protected web 
> > service 
> > > from an applet in a Windows environment.  I'd like to make it such 
> that 
> > > the protected web services are invoked under the currently logged in 
> > > user's credentials.  I understand that I have to supply an 
> NTCredentials 
> > 
> > > instance, but how can I do that dynamically and without explicitly 
> > asking 
> > > the user or using hardcoded values?  That is, I'd like to dynamically 
> > get 
> > > an instance of NTCredentials w/ the currently logged in user's 
> > > username/password.
> > > 
> > > An additional challenge is that only *some* of the web services are 
> > > Integrated Authentication protected.  It'd be much preferred if I 
> could 
> > > delegate the handling of whether a WS is protected or not to the 
> > > HTTPClient instance.  In other words, I'd like to always invoke a 
> given 
> > > web service the same way and let HTTPClient figure out the rest.  Is 
> > this 
> > > possible?
> > > 
> > 
> > This is not possible with the stock version of HttpClient. Theoretically
> > one could use the JNI interface to call a Windows Specific service in
> > order to retrieve the NT credentials of the actual user from the Windows
> > security context. Please Windows experts out there correct me if am
> > wrong. At this point of time we have no plans to include platform
> > specific code into the stock version of HttpClient 
> > 
> > Oleg
> > 
> > 
> > > Here's some of the code I've been trying to get working:
> > > 
> > > // Configure connection settings
> > > HttpClient httpClient = new HttpClient();
> > > String host = ...;
> > > httpClient.getHostConfiguration().setHost(host);
> > > 
> > > // Configure actual WS call
> > > String webServicePath = ...;
> > > PostMethod postMethod = new PostMethod(webServicePath);
> > > postMethod.getHostAuthState().setAuthScheme(new NTLMScheme());
> > > postMethod.setDoAuthentication(true);
> > > byte[] xmlPayload = ...;
> > > postMethod.setRequestEntity(new ByteArrayRequestEntity(xmlPayload));
> > > 
> > > try {
> > >         httpClient.executeMethod(postMethod);
> > >         if(postMethod.getStatusCode() == HttpStatus.SC_OK) {
> > >                 // Unmarshall returned XML
> > >                 ...
> > >                 ...
> > >         }
> > > } finally {
> > >         postMethod.releaseConnection();
> > > }
> > > 
> > > 
> > > John M. Corro
> > > (414) 524-7118
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> > 
> > 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message