hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject RE: Issue with NTLM proxy authentication over Https
Date Fri, 12 Oct 2012 15:43:59 GMT
On Thu, 2012-10-11 at 11:53 -0500, Godbey, David J. (HQ-LM020)[DIGITAL
MANAGEMENT INC.] wrote:
> Oleg,
> Wow, you have a proxy client? I should give that a look.
> 
> Anirban:
> My problem was this:
> 1. My JAXWS client for the EWS service does not manage authentication because JAXWS itself
does not manage authentication.
> 2. To authenticate, I used java.net.Authenticator. However, the Authenticator does not
support NTLMv2.
> 
> My solution was this:
> 1. Created a local endpoint (servlet) for the JAXWS client instead of the EWS service
(EWS endpoint is SSL with NTLMv2).
> 2. The servlet (using HttpClient 4.2) received the raw SOAP request and the list of headers.
> 3. Using httpclient (4.2) pack up a post with the SOAP request, bring over the relevant
headers, and send the post to the EWS endpoint. 
> 4. The servlet succeeds and receives the SOAP response that it then returns to the JAXWS
client.
> 
> With that, I am back in business.
> 
> Oleg,
> Can I remove my local endpoint servlet, return the JAXWS client to point directly to
the EWS SSL NTLMv2 service, and set java -D directives to specify an authenticating proxy
that I will build from HttpClient ProxyClient? Can this work?
> Dave
> 

Dave,

ProxyClient is probably not a very good name. SSL tunnel client should
be descriptive. The purpose of this client is to create a tunnel through
an HTTP proxy for non-HTTP protocols such as SSH or SMTP. Naturally, it
could also be used for tunneling HTTP messages though an SSL tunnel but
I see very little sense in doing so, as that would give you no advantage
over HttpClient.

What you have is a very reasonable solution based on a reverse proxy
pattern. You should probably stick to it.

Oleg



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message