hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John.M.Corro-...@jci.com
Subject Re: NTLM Authentication for currently logged in Windows user
Date Mon, 15 May 2006 12:43:21 GMT
I was doing some playing around and opening a connection to the server 
(from the applet) using the plain java.net.URL object.  When watching the 
traffic go back and forth across (using Ethereal), it appeared the native 
URL object was negotiating w/ the server (w/o requiring any special steps 
from the developer) and actually sending back an authentication response 
to the server w/ what "appeared" to be a correct NTLM hashed value. 

Would anyone be able to verify if what I was seeing was correct?

*NOTE: I opted not to use the native URL object because I was having 
issues streaming info back and forth that I was hopeful HTTPClient could 

John M. Corro
(414) 524-7118

05/14/2006 02:34 PM
Please respond to


Re: NTLM Authentication for currently logged in Windows user

On Fri, 2006-05-12 at 15:30 -0500, John.M.Corro-EXT@jci.com wrote:
> I'm attempting to invoke an Integrated Authenticated protected web 
> from an applet in a Windows environment.  I'd like to make it such that 
> the protected web services are invoked under the currently logged in 
> user's credentials.  I understand that I have to supply an NTCredentials 

> instance, but how can I do that dynamically and without explicitly 
> the user or using hardcoded values?  That is, I'd like to dynamically 
> an instance of NTCredentials w/ the currently logged in user's 
> username/password.
> An additional challenge is that only *some* of the web services are 
> Integrated Authentication protected.  It'd be much preferred if I could 
> delegate the handling of whether a WS is protected or not to the 
> HTTPClient instance.  In other words, I'd like to always invoke a given 
> web service the same way and let HTTPClient figure out the rest.  Is 
> possible?

This is not possible with the stock version of HttpClient. Theoretically
one could use the JNI interface to call a Windows Specific service in
order to retrieve the NT credentials of the actual user from the Windows
security context. Please Windows experts out there correct me if am
wrong. At this point of time we have no plans to include platform
specific code into the stock version of HttpClient 


> Here's some of the code I've been trying to get working:
> // Configure connection settings
> HttpClient httpClient = new HttpClient();
> String host = ...;
> httpClient.getHostConfiguration().setHost(host);
> // Configure actual WS call
> String webServicePath = ...;
> PostMethod postMethod = new PostMethod(webServicePath);
> postMethod.getHostAuthState().setAuthScheme(new NTLMScheme());
> postMethod.setDoAuthentication(true);
> byte[] xmlPayload = ...;
> postMethod.setRequestEntity(new ByteArrayRequestEntity(xmlPayload));
> try {
>         httpClient.executeMethod(postMethod);
>         if(postMethod.getStatusCode() == HttpStatus.SC_OK) {
>                 // Unmarshall returned XML
>                 ...
>                 ...
>         }
> } finally {
>         postMethod.releaseConnection();
> }
> John M. Corro
> (414) 524-7118

To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message