You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2011/04/22 13:26:50 UTC
svn commit: r1095921 - in /httpcomponents/httpclient/trunk/src/site:
apt/ntlm.apt site.xml
Author: olegk
Date: Fri Apr 22 11:26:49 2011
New Revision: 1095921
URL: http://svn.apache.org/viewvc?rev=1095921&view=rev
Log:
Updated NTLM guide based in input provided by Ron Jacobs <Ron.Jacobs at Reardencommerce.com>
Added:
httpcomponents/httpclient/trunk/src/site/apt/ntlm.apt (contents, props changed)
- copied, changed from r1095795, httpcomponents/httpclient/branches/4.0.x/src/site/apt/ntlm.apt
Modified:
httpcomponents/httpclient/trunk/src/site/site.xml
Copied: httpcomponents/httpclient/trunk/src/site/apt/ntlm.apt (from r1095795, httpcomponents/httpclient/branches/4.0.x/src/site/apt/ntlm.apt)
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/src/site/apt/ntlm.apt?p2=httpcomponents/httpclient/trunk/src/site/apt/ntlm.apt&p1=httpcomponents/httpclient/branches/4.0.x/src/site/apt/ntlm.apt&r1=1095795&r2=1095921&rev=1095921&view=diff
==============================================================================
--- httpcomponents/httpclient/branches/4.0.x/src/site/apt/ntlm.apt (original)
+++ httpcomponents/httpclient/trunk/src/site/apt/ntlm.apt Fri Apr 22 11:26:49 2011
@@ -30,10 +30,6 @@
NTLM support in HttpClient
- Currently HttpClient 4.0 does not provide support for the NTLM authentication scheme
- out of the box and probably never will. The reasons for that are legal rather than
- technical.
-
* {Background}
NTLM is a proprietary authentication scheme developed by Microsoft and optimized for
@@ -49,48 +45,30 @@ NTLM support in HttpClient
and {{{http://download.microsoft.com/download/a/e/6/ae6e4142-aa58-45c6-8dcf-a657e5900cd3/%5BMS-NTHT%5D.pdf}MS-NTHT}}
specifications in February 2008 as a part of its
{{{http://www.microsoft.com/interop/principles/default.mspx}Interoperability
- Principles initiative}}. Unfortunately, it is still not entirely clear whether NTLM
- encryption algorithms are covered by any patents held by Microsoft, which would make
- commercial users of open-source NTLM implementations liable for the use of Microsoft
- intellectual property.
-
-* {Enabling NTLM support in HttpClient 4.x}
-
- The good news is HttpClient is fully NTLM capable right out of the box.
- HttpClient ships with the NTLM authentication scheme, which, if configured
- to use an external NTLM engine, can handle NTLM challenges and authenticate
- against NTLM servers.
-
-----------------------------------------
-public interface NTLMEngine {
-
- String generateType1Msg(
- String domain,
- String workstation) throws NTLMEngineException;
-
- String generateType3Msg(
- String username,
- String password,
- String domain,
- String workstation,
- String challenge) throws NTLMEngineException;
+ Principles initiative}}.
-}
-----------------------------------------
+ HttpClient as of version 4.1 supports NTLMv1 and NTLMv2 authentication protocols out
+ of the box using a custom authentication engine. However, there can still be compatibility
+ issues with newer Microsoft products as the default NTLM engine implementation is still
+ relatively new. One can also use {{{http://jcifs.samba.org/}JCIFS}} as an alternative, more
+ established and mature NTLM engine developed by Samba project.
-* {Using Samba JCIFS as an NTLM engine}
+* {Using Samba JCIFS as an alternative NTLM engine}
Follow these instructions to build an NTLMEngine implementation using JCIFS library
<<!!!!DISCLAIMER !!!! HttpComponents project DOES _NOT_ SUPPORT the code provided below.
Use it as is at your own discretion>>.
- * Download the latest release of the JCIFS library from the
+ * Download version 1.3.14 or newer of the JCIFS library from the
{{{http://jcifs.samba.org/}Samba}} web site
* Implement NTLMEngine interface
----------------------------------------
+import java.io.IOException;
+
+import jcifs.ntlmssp.NtlmFlags;
import jcifs.ntlmssp.Type1Message;
import jcifs.ntlmssp.Type2Message;
import jcifs.ntlmssp.Type3Message;
@@ -99,38 +77,36 @@ import jcifs.util.Base64;
import org.apache.http.impl.auth.NTLMEngine;
import org.apache.http.impl.auth.NTLMEngineException;
-public class JCIFSEngine implements NTLMEngine {
+public final class JCIFSEngine implements NTLMEngine {
- public String generateType1Msg(
- String domain,
- String workstation) throws NTLMEngineException {
-
- Type1Message t1m = new Type1Message(
- Type1Message.getDefaultFlags(),
- domain,
- workstation);
- return Base64.encode(t1m.toByteArray());
+ private static final int TYPE_1_FLAGS =
+ NtlmFlags.NTLMSSP_NEGOTIATE_56 |
+ NtlmFlags.NTLMSSP_NEGOTIATE_128 |
+ NtlmFlags.NTLMSSP_NEGOTIATE_NTLM2 |
+ NtlmFlags.NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
+ NtlmFlags.NTLMSSP_REQUEST_TARGET;
+
+ public String generateType1Msg(final String domain, final String workstation)
+ throws NTLMEngineException {
+ final Type1Message type1Message = new Type1Message(TYPE_1_FLAGS, domain, workstation);
+ return Base64.encode(type1Message.toByteArray());
}
- public String generateType3Msg(
- String username,
- String password,
- String domain,
- String workstation,
- String challenge) throws NTLMEngineException {
- Type2Message t2m;
+ public String generateType3Msg(final String username, final String password,
+ final String domain, final String workstation, final String challenge)
+ throws NTLMEngineException {
+ Type2Message type2Message;
try {
- t2m = new Type2Message(Base64.decode(challenge));
- } catch (IOException ex) {
- throw new NTLMEngineException("Invalid Type2 message", ex);
+ type2Message = new Type2Message(Base64.decode(challenge));
+ } catch (final IOException exception) {
+ throw new NTLMEngineException("Invalid NTLM type 2 message", exception);
}
- Type3Message t3m = new Type3Message(
- t2m,
- password,
- domain,
- username,
- workstation);
- return Base64.encode(t3m.toByteArray());
+ final int type2Flags = type2Message.getFlags();
+ final int type3Flags = type2Flags
+ & (0xffffffff ^ (NtlmFlags.NTLMSSP_TARGET_TYPE_DOMAIN | NtlmFlags.NTLMSSP_TARGET_TYPE_SERVER));
+ final Type3Message type3Message = new Type3Message(type2Message, password, domain,
+ username, workstation, type3Flags);
+ return Base64.encode(type3Message.toByteArray());
}
}
Propchange: httpcomponents/httpclient/trunk/src/site/apt/ntlm.apt
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: httpcomponents/httpclient/trunk/src/site/apt/ntlm.apt
------------------------------------------------------------------------------
svn:keywords = Date Author Id Revision HeadURL
Propchange: httpcomponents/httpclient/trunk/src/site/apt/ntlm.apt
------------------------------------------------------------------------------
--- svn:mergeinfo (added)
+++ svn:mergeinfo Fri Apr 22 11:26:49 2011
@@ -0,0 +1 @@
+/httpcomponents/httpclient/trunk/src/site/apt/ntlm.apt:825864-828185,954258,956989-957002
Propchange: httpcomponents/httpclient/trunk/src/site/apt/ntlm.apt
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: httpcomponents/httpclient/trunk/src/site/site.xml
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/src/site/site.xml?rev=1095921&r1=1095920&r2=1095921&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/src/site/site.xml (original)
+++ httpcomponents/httpclient/trunk/src/site/site.xml Fri Apr 22 11:26:49 2011
@@ -36,6 +36,7 @@
<item name="Tutorial" href="tutorial/html/index.html"/>
<item name="Examples" href="examples.html"/>
<item name="Client HTTP Programming Primer" href="primer.html"/>
+ <item name="NTLM Guide" href="ntlm.html"/>
<item name="Logging" href="logging.html"/>
</menu>
<menu name="Modules">