You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Jo...@jci.com on 2006/05/12 22:30:45 UTC
NTLM Authentication for currently logged in Windows user
I'm attempting to invoke an Integrated Authenticated protected web service
from an applet in a Windows environment. I'd like to make it such that
the protected web services are invoked under the currently logged in
user's credentials. I understand that I have to supply an NTCredentials
instance, but how can I do that dynamically and without explicitly asking
the user or using hardcoded values? That is, I'd like to dynamically get
an instance of NTCredentials w/ the currently logged in user's
username/password.
An additional challenge is that only *some* of the web services are
Integrated Authentication protected. It'd be much preferred if I could
delegate the handling of whether a WS is protected or not to the
HTTPClient instance. In other words, I'd like to always invoke a given
web service the same way and let HTTPClient figure out the rest. Is this
possible?
Here's some of the code I've been trying to get working:
// Configure connection settings
HttpClient httpClient = new HttpClient();
String host = ...;
httpClient.getHostConfiguration().setHost(host);
// Configure actual WS call
String webServicePath = ...;
PostMethod postMethod = new PostMethod(webServicePath);
postMethod.getHostAuthState().setAuthScheme(new NTLMScheme());
postMethod.setDoAuthentication(true);
byte[] xmlPayload = ...;
postMethod.setRequestEntity(new ByteArrayRequestEntity(xmlPayload));
try {
httpClient.executeMethod(postMethod);
if(postMethod.getStatusCode() == HttpStatus.SC_OK) {
// Unmarshall returned XML
...
...
}
} finally {
postMethod.releaseConnection();
}
John M. Corro
(414) 524-7118
Re: Logging in using HTTPS form-based authentication
Posted by Qiang Zhou <ge...@gmail.com>.
Hello John :
Do you have import certificate into your JDK's keystore? Httpclient
can't auto store SSL certificate as our Browser( IE, FireFoxe). This procees
must did by manual.
2006/5/18, John.M.Corro-EXT@jci.com <Jo...@jci.com>:
>
> Roland,
>
> I had previously reviewed the SSL Guide so that wasn't of any new help w/
> regards to this problem. I did find the wiki article very well written.
> The only suggestion I would make is in section 5.2 to describe how to
> "enable the wire log" in HttpClient (or provide a link to the appropriate
> doc). I wasn't aware of any such facility in HTTPClient and had been
> using a TCP trace tool up till now. Other than that, very well written!
> Thanks!
>
> John M. Corro
> (414) 524-7118
>
>
>
> http-async@dubioso.net
> 05/17/2006 10:21 AM
> Please respond to
> httpclient-user@jakarta.apache.org
>
>
> To
> httpclient-user@jakarta.apache.org
> cc
>
> Subject
> Re: Logging in using HTTPS form-based authentication
>
>
>
>
>
>
> Hello John,
>
> John.M.Corro-EXT@jci.com wrote:
> > I have a situation where I'm trying to log into my bank's website which
> > uses HTTPS form-based authentication. I've tried posting the
> appropriate
> > username/password to the appropriate URL, but the server is not
> > authenticating me (keeps forwarding me to some generic error page). I've
>
> > considered several potential issues causing this failure, but am not
> quite
> > sure what to do:
>
> First, make sure you have basic SSL connectivity with the server:
> http://jakarta.apache.org/commons/httpclient/sslguide.html
>
> Then, follow the instructions in the Client HTTP Programming Primer:
> http://wiki.apache.org/jakarta-httpclient/ForAbsoluteBeginners
>
> Congratulations, you have just volunteered to be the very first
> alpha tester of that document :-) Please let us know whether you
> find it helpful, and how we could improve it.
>
> hope that helps,
> Roland
>
>
> >
> > 1. The website expects/requires you to go to the initial HTTPS protected
>
> > login form page. Potentially the site sets a cookie at that first page
> > and validates on form submission that the cookie is present. I've
> > experimented trying to get past (if it indeed is happening) by setting
> the
> > cookie policy on an HttpClient to BROWSER_COMPATIBLE, using that
> > HttpClient to execute a GetMethod to the login form page, then using the
>
> > same HttpClient to execute a PostMethod submitting the right
> > username/password. That didn't work. Did the steps I executed make for
>
> > an appropriate test? Is there a way I can confirm what cookie policy I
> > should be using?
> >
> > 2. I thought I heard/read a while back that to securely post data to an
> > HTTPS url, you need to initially come from an HTTPS URL as well. Is
> this
> > true? If so, is using the same HttpClient instance to execute all
> > GetMethods & PostMethods sufficient?
> >
> > 3. Is there any debugging techniques (examining header values, cookies,
> > etc) I can do to verify what exactly is causing my inability to login?
> >
> > John M. Corro
> > (414) 524-7118
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
>
>
Re: Logging in using HTTPS form-based authentication
Posted by Roland Weber <ht...@dubioso.net>.
Hi John,
John.M.Corro-EXT@jci.com wrote:
> I did find the wiki article very well written.
> The only suggestion I would make is in section 5.2 to describe how to
> "enable the wire log" in HttpClient (or provide a link to the appropriate
> doc).
Link added. Thanks for the suggestion and the compliments :-)
cheers,
Roland
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: Logging in using HTTPS form-based authentication
Posted by Jo...@jci.com.
Roland,
I had previously reviewed the SSL Guide so that wasn't of any new help w/
regards to this problem. I did find the wiki article very well written.
The only suggestion I would make is in section 5.2 to describe how to
"enable the wire log" in HttpClient (or provide a link to the appropriate
doc). I wasn't aware of any such facility in HTTPClient and had been
using a TCP trace tool up till now. Other than that, very well written!
Thanks!
John M. Corro
(414) 524-7118
http-async@dubioso.net
05/17/2006 10:21 AM
Please respond to
httpclient-user@jakarta.apache.org
To
httpclient-user@jakarta.apache.org
cc
Subject
Re: Logging in using HTTPS form-based authentication
Hello John,
John.M.Corro-EXT@jci.com wrote:
> I have a situation where I'm trying to log into my bank's website which
> uses HTTPS form-based authentication. I've tried posting the
appropriate
> username/password to the appropriate URL, but the server is not
> authenticating me (keeps forwarding me to some generic error page). I've
> considered several potential issues causing this failure, but am not
quite
> sure what to do:
First, make sure you have basic SSL connectivity with the server:
http://jakarta.apache.org/commons/httpclient/sslguide.html
Then, follow the instructions in the Client HTTP Programming Primer:
http://wiki.apache.org/jakarta-httpclient/ForAbsoluteBeginners
Congratulations, you have just volunteered to be the very first
alpha tester of that document :-) Please let us know whether you
find it helpful, and how we could improve it.
hope that helps,
Roland
>
> 1. The website expects/requires you to go to the initial HTTPS protected
> login form page. Potentially the site sets a cookie at that first page
> and validates on form submission that the cookie is present. I've
> experimented trying to get past (if it indeed is happening) by setting
the
> cookie policy on an HttpClient to BROWSER_COMPATIBLE, using that
> HttpClient to execute a GetMethod to the login form page, then using the
> same HttpClient to execute a PostMethod submitting the right
> username/password. That didn't work. Did the steps I executed make for
> an appropriate test? Is there a way I can confirm what cookie policy I
> should be using?
>
> 2. I thought I heard/read a while back that to securely post data to an
> HTTPS url, you need to initially come from an HTTPS URL as well. Is
this
> true? If so, is using the same HttpClient instance to execute all
> GetMethods & PostMethods sufficient?
>
> 3. Is there any debugging techniques (examining header values, cookies,
> etc) I can do to verify what exactly is causing my inability to login?
>
> John M. Corro
> (414) 524-7118
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: Logging in using HTTPS form-based authentication
Posted by Roland Weber <ht...@dubioso.net>.
Hello John,
John.M.Corro-EXT@jci.com wrote:
> I have a situation where I'm trying to log into my bank's website which
> uses HTTPS form-based authentication. I've tried posting the appropriate
> username/password to the appropriate URL, but the server is not
> authenticating me (keeps forwarding me to some generic error page). I've
> considered several potential issues causing this failure, but am not quite
> sure what to do:
First, make sure you have basic SSL connectivity with the server:
http://jakarta.apache.org/commons/httpclient/sslguide.html
Then, follow the instructions in the Client HTTP Programming Primer:
http://wiki.apache.org/jakarta-httpclient/ForAbsoluteBeginners
Congratulations, you have just volunteered to be the very first
alpha tester of that document :-) Please let us know whether you
find it helpful, and how we could improve it.
hope that helps,
Roland
>
> 1. The website expects/requires you to go to the initial HTTPS protected
> login form page. Potentially the site sets a cookie at that first page
> and validates on form submission that the cookie is present. I've
> experimented trying to get past (if it indeed is happening) by setting the
> cookie policy on an HttpClient to BROWSER_COMPATIBLE, using that
> HttpClient to execute a GetMethod to the login form page, then using the
> same HttpClient to execute a PostMethod submitting the right
> username/password. That didn't work. Did the steps I executed make for
> an appropriate test? Is there a way I can confirm what cookie policy I
> should be using?
>
> 2. I thought I heard/read a while back that to securely post data to an
> HTTPS url, you need to initially come from an HTTPS URL as well. Is this
> true? If so, is using the same HttpClient instance to execute all
> GetMethods & PostMethods sufficient?
>
> 3. Is there any debugging techniques (examining header values, cookies,
> etc) I can do to verify what exactly is causing my inability to login?
>
> John M. Corro
> (414) 524-7118
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Logging in using HTTPS form-based authentication
Posted by Jo...@jci.com.
I have a situation where I'm trying to log into my bank's website which
uses HTTPS form-based authentication. I've tried posting the appropriate
username/password to the appropriate URL, but the server is not
authenticating me (keeps forwarding me to some generic error page). I've
considered several potential issues causing this failure, but am not quite
sure what to do:
1. The website expects/requires you to go to the initial HTTPS protected
login form page. Potentially the site sets a cookie at that first page
and validates on form submission that the cookie is present. I've
experimented trying to get past (if it indeed is happening) by setting the
cookie policy on an HttpClient to BROWSER_COMPATIBLE, using that
HttpClient to execute a GetMethod to the login form page, then using the
same HttpClient to execute a PostMethod submitting the right
username/password. That didn't work. Did the steps I executed make for
an appropriate test? Is there a way I can confirm what cookie policy I
should be using?
2. I thought I heard/read a while back that to securely post data to an
HTTPS url, you need to initially come from an HTTPS URL as well. Is this
true? If so, is using the same HttpClient instance to execute all
GetMethods & PostMethods sufficient?
3. Is there any debugging techniques (examining header values, cookies,
etc) I can do to verify what exactly is causing my inability to login?
John M. Corro
(414) 524-7118
Re: NTLM Authentication for currently logged in Windows user
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Mon, 2006-05-15 at 08:22 -0500, John.M.Corro-EXT@jci.com wrote:
> Thanks, Oleg. I thought that might be the case, but was looking for
> wiser/more experienced minds to verify my suspicion.
>
> One last inquiry - is there a way to manually create a HttpUrlConnection
> then inject it into a PostMethod or HttpClient?
No, there's not.
Consider trying out the idea suggested by Roland
Oleg
> In this way, I could
> benefit from Java's ability to do transparent NTLM negotiation, but also
> from HTTPClient's easy to work w/ interfaces.
>
>
> John M. Corro
> (414) 524-7118
>
>
>
> olegk@apache.org
> 05/15/2006 08:11 AM
> Please respond to
> httpclient-user@jakarta.apache.org
>
>
> To
> httpclient-user@jakarta.apache.org
> cc
>
> Subject
> Re: NTLM Authentication for currently logged in Windows user
>
>
>
>
>
>
> On Mon, 2006-05-15 at 07:43 -0500, John.M.Corro-EXT@jci.com wrote:
> > I was doing some playing around and opening a connection to the server
> > (from the applet) using the plain java.net.URL object. When watching
> the
> > traffic go back and forth across (using Ethereal), it appeared the
> native
> > URL object was negotiating w/ the server (w/o requiring any special
> steps
> > from the developer) and actually sending back an authentication response
>
> > to the server w/ what "appeared" to be a correct NTLM hashed value.
> >
> > Would anyone be able to verify if what I was seeing was correct?
>
> I believe as of Java 1.4 HttpUrlConnection can leverage some platform
> specific code to obtain NT user credentials when running on Microsoft
> Windows. This, obviously, renders the whole application Windows specific
> as a result. If your application is not meant to be portable across
> multiple platforms, you should probably stick with HttpUrlConnection.
> NTLM support in HttpClient is fully portable across platforms but is
> limited to NTLMv1 and is unable to interact with the Windows security
> context.
>
> Hope this helps,
>
> Oleg
>
> >
> > *NOTE: I opted not to use the native URL object because I was having
> > issues streaming info back and forth that I was hopeful HTTPClient could
>
> > alleviate.
> >
> > John M. Corro
> > (414) 524-7118
> >
> >
> >
> > olegk@apache.org
> > 05/14/2006 02:34 PM
> > Please respond to
> > httpclient-user@jakarta.apache.org
> >
> >
> > To
> > httpclient-user@jakarta.apache.org
> > cc
> >
> > Subject
> > Re: NTLM Authentication for currently logged in Windows user
> >
> >
> >
> >
> >
> >
> > On Fri, 2006-05-12 at 15:30 -0500, John.M.Corro-EXT@jci.com wrote:
> > > I'm attempting to invoke an Integrated Authenticated protected web
> > service
> > > from an applet in a Windows environment. I'd like to make it such
> that
> > > the protected web services are invoked under the currently logged in
> > > user's credentials. I understand that I have to supply an
> NTCredentials
> >
> > > instance, but how can I do that dynamically and without explicitly
> > asking
> > > the user or using hardcoded values? That is, I'd like to dynamically
> > get
> > > an instance of NTCredentials w/ the currently logged in user's
> > > username/password.
> > >
> > > An additional challenge is that only *some* of the web services are
> > > Integrated Authentication protected. It'd be much preferred if I
> could
> > > delegate the handling of whether a WS is protected or not to the
> > > HTTPClient instance. In other words, I'd like to always invoke a
> given
> > > web service the same way and let HTTPClient figure out the rest. Is
> > this
> > > possible?
> > >
> >
> > This is not possible with the stock version of HttpClient. Theoretically
> > one could use the JNI interface to call a Windows Specific service in
> > order to retrieve the NT credentials of the actual user from the Windows
> > security context. Please Windows experts out there correct me if am
> > wrong. At this point of time we have no plans to include platform
> > specific code into the stock version of HttpClient
> >
> > Oleg
> >
> >
> > > Here's some of the code I've been trying to get working:
> > >
> > > // Configure connection settings
> > > HttpClient httpClient = new HttpClient();
> > > String host = ...;
> > > httpClient.getHostConfiguration().setHost(host);
> > >
> > > // Configure actual WS call
> > > String webServicePath = ...;
> > > PostMethod postMethod = new PostMethod(webServicePath);
> > > postMethod.getHostAuthState().setAuthScheme(new NTLMScheme());
> > > postMethod.setDoAuthentication(true);
> > > byte[] xmlPayload = ...;
> > > postMethod.setRequestEntity(new ByteArrayRequestEntity(xmlPayload));
> > >
> > > try {
> > > httpClient.executeMethod(postMethod);
> > > if(postMethod.getStatusCode() == HttpStatus.SC_OK) {
> > > // Unmarshall returned XML
> > > ...
> > > ...
> > > }
> > > } finally {
> > > postMethod.releaseConnection();
> > > }
> > >
> > >
> > > John M. Corro
> > > (414) 524-7118
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: NTLM Authentication for currently logged in Windows user
Posted by Jo...@jci.com.
Thanks, Oleg. I thought that might be the case, but was looking for
wiser/more experienced minds to verify my suspicion.
One last inquiry - is there a way to manually create a HttpUrlConnection
then inject it into a PostMethod or HttpClient? In this way, I could
benefit from Java's ability to do transparent NTLM negotiation, but also
from HTTPClient's easy to work w/ interfaces.
John M. Corro
(414) 524-7118
olegk@apache.org
05/15/2006 08:11 AM
Please respond to
httpclient-user@jakarta.apache.org
To
httpclient-user@jakarta.apache.org
cc
Subject
Re: NTLM Authentication for currently logged in Windows user
On Mon, 2006-05-15 at 07:43 -0500, John.M.Corro-EXT@jci.com wrote:
> I was doing some playing around and opening a connection to the server
> (from the applet) using the plain java.net.URL object. When watching
the
> traffic go back and forth across (using Ethereal), it appeared the
native
> URL object was negotiating w/ the server (w/o requiring any special
steps
> from the developer) and actually sending back an authentication response
> to the server w/ what "appeared" to be a correct NTLM hashed value.
>
> Would anyone be able to verify if what I was seeing was correct?
I believe as of Java 1.4 HttpUrlConnection can leverage some platform
specific code to obtain NT user credentials when running on Microsoft
Windows. This, obviously, renders the whole application Windows specific
as a result. If your application is not meant to be portable across
multiple platforms, you should probably stick with HttpUrlConnection.
NTLM support in HttpClient is fully portable across platforms but is
limited to NTLMv1 and is unable to interact with the Windows security
context.
Hope this helps,
Oleg
>
> *NOTE: I opted not to use the native URL object because I was having
> issues streaming info back and forth that I was hopeful HTTPClient could
> alleviate.
>
> John M. Corro
> (414) 524-7118
>
>
>
> olegk@apache.org
> 05/14/2006 02:34 PM
> Please respond to
> httpclient-user@jakarta.apache.org
>
>
> To
> httpclient-user@jakarta.apache.org
> cc
>
> Subject
> Re: NTLM Authentication for currently logged in Windows user
>
>
>
>
>
>
> On Fri, 2006-05-12 at 15:30 -0500, John.M.Corro-EXT@jci.com wrote:
> > I'm attempting to invoke an Integrated Authenticated protected web
> service
> > from an applet in a Windows environment. I'd like to make it such
that
> > the protected web services are invoked under the currently logged in
> > user's credentials. I understand that I have to supply an
NTCredentials
>
> > instance, but how can I do that dynamically and without explicitly
> asking
> > the user or using hardcoded values? That is, I'd like to dynamically
> get
> > an instance of NTCredentials w/ the currently logged in user's
> > username/password.
> >
> > An additional challenge is that only *some* of the web services are
> > Integrated Authentication protected. It'd be much preferred if I
could
> > delegate the handling of whether a WS is protected or not to the
> > HTTPClient instance. In other words, I'd like to always invoke a
given
> > web service the same way and let HTTPClient figure out the rest. Is
> this
> > possible?
> >
>
> This is not possible with the stock version of HttpClient. Theoretically
> one could use the JNI interface to call a Windows Specific service in
> order to retrieve the NT credentials of the actual user from the Windows
> security context. Please Windows experts out there correct me if am
> wrong. At this point of time we have no plans to include platform
> specific code into the stock version of HttpClient
>
> Oleg
>
>
> > Here's some of the code I've been trying to get working:
> >
> > // Configure connection settings
> > HttpClient httpClient = new HttpClient();
> > String host = ...;
> > httpClient.getHostConfiguration().setHost(host);
> >
> > // Configure actual WS call
> > String webServicePath = ...;
> > PostMethod postMethod = new PostMethod(webServicePath);
> > postMethod.getHostAuthState().setAuthScheme(new NTLMScheme());
> > postMethod.setDoAuthentication(true);
> > byte[] xmlPayload = ...;
> > postMethod.setRequestEntity(new ByteArrayRequestEntity(xmlPayload));
> >
> > try {
> > httpClient.executeMethod(postMethod);
> > if(postMethod.getStatusCode() == HttpStatus.SC_OK) {
> > // Unmarshall returned XML
> > ...
> > ...
> > }
> > } finally {
> > postMethod.releaseConnection();
> > }
> >
> >
> > John M. Corro
> > (414) 524-7118
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: NTLM Authentication for currently logged in Windows user
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Mon, 2006-05-15 at 07:43 -0500, John.M.Corro-EXT@jci.com wrote:
> I was doing some playing around and opening a connection to the server
> (from the applet) using the plain java.net.URL object. When watching the
> traffic go back and forth across (using Ethereal), it appeared the native
> URL object was negotiating w/ the server (w/o requiring any special steps
> from the developer) and actually sending back an authentication response
> to the server w/ what "appeared" to be a correct NTLM hashed value.
>
> Would anyone be able to verify if what I was seeing was correct?
I believe as of Java 1.4 HttpUrlConnection can leverage some platform
specific code to obtain NT user credentials when running on Microsoft
Windows. This, obviously, renders the whole application Windows specific
as a result. If your application is not meant to be portable across
multiple platforms, you should probably stick with HttpUrlConnection.
NTLM support in HttpClient is fully portable across platforms but is
limited to NTLMv1 and is unable to interact with the Windows security
context.
Hope this helps,
Oleg
>
> *NOTE: I opted not to use the native URL object because I was having
> issues streaming info back and forth that I was hopeful HTTPClient could
> alleviate.
>
> John M. Corro
> (414) 524-7118
>
>
>
> olegk@apache.org
> 05/14/2006 02:34 PM
> Please respond to
> httpclient-user@jakarta.apache.org
>
>
> To
> httpclient-user@jakarta.apache.org
> cc
>
> Subject
> Re: NTLM Authentication for currently logged in Windows user
>
>
>
>
>
>
> On Fri, 2006-05-12 at 15:30 -0500, John.M.Corro-EXT@jci.com wrote:
> > I'm attempting to invoke an Integrated Authenticated protected web
> service
> > from an applet in a Windows environment. I'd like to make it such that
> > the protected web services are invoked under the currently logged in
> > user's credentials. I understand that I have to supply an NTCredentials
>
> > instance, but how can I do that dynamically and without explicitly
> asking
> > the user or using hardcoded values? That is, I'd like to dynamically
> get
> > an instance of NTCredentials w/ the currently logged in user's
> > username/password.
> >
> > An additional challenge is that only *some* of the web services are
> > Integrated Authentication protected. It'd be much preferred if I could
> > delegate the handling of whether a WS is protected or not to the
> > HTTPClient instance. In other words, I'd like to always invoke a given
> > web service the same way and let HTTPClient figure out the rest. Is
> this
> > possible?
> >
>
> This is not possible with the stock version of HttpClient. Theoretically
> one could use the JNI interface to call a Windows Specific service in
> order to retrieve the NT credentials of the actual user from the Windows
> security context. Please Windows experts out there correct me if am
> wrong. At this point of time we have no plans to include platform
> specific code into the stock version of HttpClient
>
> Oleg
>
>
> > Here's some of the code I've been trying to get working:
> >
> > // Configure connection settings
> > HttpClient httpClient = new HttpClient();
> > String host = ...;
> > httpClient.getHostConfiguration().setHost(host);
> >
> > // Configure actual WS call
> > String webServicePath = ...;
> > PostMethod postMethod = new PostMethod(webServicePath);
> > postMethod.getHostAuthState().setAuthScheme(new NTLMScheme());
> > postMethod.setDoAuthentication(true);
> > byte[] xmlPayload = ...;
> > postMethod.setRequestEntity(new ByteArrayRequestEntity(xmlPayload));
> >
> > try {
> > httpClient.executeMethod(postMethod);
> > if(postMethod.getStatusCode() == HttpStatus.SC_OK) {
> > // Unmarshall returned XML
> > ...
> > ...
> > }
> > } finally {
> > postMethod.releaseConnection();
> > }
> >
> >
> > John M. Corro
> > (414) 524-7118
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: NTLM Authentication for currently logged in Windows user
Posted by Roland Weber <RO...@de.ibm.com>.
Hello John,
You can try to implement the HttpClient credentials provider by
using the Authenticator class, maybe that solves your problem:
http://jakarta.apache.org/commons/httpclient/apidocs/org/apache/commons/httpclient/auth/CredentialsProvider.html
http://java.sun.com/j2se/1.5.0/docs/api/java/net/Authenticator.html
See also "http.auth.ntlm.domain" here:
http://java.sun.com/j2se/1.5.0/docs/guide/net/properties.html
cheers,
Roland
John.M.Corro-EXT@jci.com
15.05.2006 14:43
Please respond to
"HttpClient User Discussion" <ht...@jakarta.apache.org>
To
httpclient-user@jakarta.apache.org
cc
Subject
Re: NTLM Authentication for currently logged in Windows user
I was doing some playing around and opening a connection to the server
(from the applet) using the plain java.net.URL object. When watching the
traffic go back and forth across (using Ethereal), it appeared the native
URL object was negotiating w/ the server (w/o requiring any special steps
from the developer) and actually sending back an authentication response
to the server w/ what "appeared" to be a correct NTLM hashed value.
Would anyone be able to verify if what I was seeing was correct?
*NOTE: I opted not to use the native URL object because I was having
issues streaming info back and forth that I was hopeful HTTPClient could
alleviate.
John M. Corro
(414) 524-7118
olegk@apache.org
05/14/2006 02:34 PM
Please respond to
httpclient-user@jakarta.apache.org
To
httpclient-user@jakarta.apache.org
cc
Subject
Re: NTLM Authentication for currently logged in Windows user
On Fri, 2006-05-12 at 15:30 -0500, John.M.Corro-EXT@jci.com wrote:
> I'm attempting to invoke an Integrated Authenticated protected web
service
> from an applet in a Windows environment. I'd like to make it such that
> the protected web services are invoked under the currently logged in
> user's credentials. I understand that I have to supply an NTCredentials
> instance, but how can I do that dynamically and without explicitly
asking
> the user or using hardcoded values? That is, I'd like to dynamically
get
> an instance of NTCredentials w/ the currently logged in user's
> username/password.
>
> An additional challenge is that only *some* of the web services are
> Integrated Authentication protected. It'd be much preferred if I could
> delegate the handling of whether a WS is protected or not to the
> HTTPClient instance. In other words, I'd like to always invoke a given
> web service the same way and let HTTPClient figure out the rest. Is
this
> possible?
>
This is not possible with the stock version of HttpClient. Theoretically
one could use the JNI interface to call a Windows Specific service in
order to retrieve the NT credentials of the actual user from the Windows
security context. Please Windows experts out there correct me if am
wrong. At this point of time we have no plans to include platform
specific code into the stock version of HttpClient
Oleg
> Here's some of the code I've been trying to get working:
>
> // Configure connection settings
> HttpClient httpClient = new HttpClient();
> String host = ...;
> httpClient.getHostConfiguration().setHost(host);
>
> // Configure actual WS call
> String webServicePath = ...;
> PostMethod postMethod = new PostMethod(webServicePath);
> postMethod.getHostAuthState().setAuthScheme(new NTLMScheme());
> postMethod.setDoAuthentication(true);
> byte[] xmlPayload = ...;
> postMethod.setRequestEntity(new ByteArrayRequestEntity(xmlPayload));
>
> try {
> httpClient.executeMethod(postMethod);
> if(postMethod.getStatusCode() == HttpStatus.SC_OK) {
> // Unmarshall returned XML
> ...
> ...
> }
> } finally {
> postMethod.releaseConnection();
> }
>
>
> John M. Corro
> (414) 524-7118
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: NTLM Authentication for currently logged in Windows user
Posted by Jo...@jci.com.
I was doing some playing around and opening a connection to the server
(from the applet) using the plain java.net.URL object. When watching the
traffic go back and forth across (using Ethereal), it appeared the native
URL object was negotiating w/ the server (w/o requiring any special steps
from the developer) and actually sending back an authentication response
to the server w/ what "appeared" to be a correct NTLM hashed value.
Would anyone be able to verify if what I was seeing was correct?
*NOTE: I opted not to use the native URL object because I was having
issues streaming info back and forth that I was hopeful HTTPClient could
alleviate.
John M. Corro
(414) 524-7118
olegk@apache.org
05/14/2006 02:34 PM
Please respond to
httpclient-user@jakarta.apache.org
To
httpclient-user@jakarta.apache.org
cc
Subject
Re: NTLM Authentication for currently logged in Windows user
On Fri, 2006-05-12 at 15:30 -0500, John.M.Corro-EXT@jci.com wrote:
> I'm attempting to invoke an Integrated Authenticated protected web
service
> from an applet in a Windows environment. I'd like to make it such that
> the protected web services are invoked under the currently logged in
> user's credentials. I understand that I have to supply an NTCredentials
> instance, but how can I do that dynamically and without explicitly
asking
> the user or using hardcoded values? That is, I'd like to dynamically
get
> an instance of NTCredentials w/ the currently logged in user's
> username/password.
>
> An additional challenge is that only *some* of the web services are
> Integrated Authentication protected. It'd be much preferred if I could
> delegate the handling of whether a WS is protected or not to the
> HTTPClient instance. In other words, I'd like to always invoke a given
> web service the same way and let HTTPClient figure out the rest. Is
this
> possible?
>
This is not possible with the stock version of HttpClient. Theoretically
one could use the JNI interface to call a Windows Specific service in
order to retrieve the NT credentials of the actual user from the Windows
security context. Please Windows experts out there correct me if am
wrong. At this point of time we have no plans to include platform
specific code into the stock version of HttpClient
Oleg
> Here's some of the code I've been trying to get working:
>
> // Configure connection settings
> HttpClient httpClient = new HttpClient();
> String host = ...;
> httpClient.getHostConfiguration().setHost(host);
>
> // Configure actual WS call
> String webServicePath = ...;
> PostMethod postMethod = new PostMethod(webServicePath);
> postMethod.getHostAuthState().setAuthScheme(new NTLMScheme());
> postMethod.setDoAuthentication(true);
> byte[] xmlPayload = ...;
> postMethod.setRequestEntity(new ByteArrayRequestEntity(xmlPayload));
>
> try {
> httpClient.executeMethod(postMethod);
> if(postMethod.getStatusCode() == HttpStatus.SC_OK) {
> // Unmarshall returned XML
> ...
> ...
> }
> } finally {
> postMethod.releaseConnection();
> }
>
>
> John M. Corro
> (414) 524-7118
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: NTLM Authentication for currently logged in Windows user
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Fri, 2006-05-12 at 15:30 -0500, John.M.Corro-EXT@jci.com wrote:
> I'm attempting to invoke an Integrated Authenticated protected web service
> from an applet in a Windows environment. I'd like to make it such that
> the protected web services are invoked under the currently logged in
> user's credentials. I understand that I have to supply an NTCredentials
> instance, but how can I do that dynamically and without explicitly asking
> the user or using hardcoded values? That is, I'd like to dynamically get
> an instance of NTCredentials w/ the currently logged in user's
> username/password.
>
> An additional challenge is that only *some* of the web services are
> Integrated Authentication protected. It'd be much preferred if I could
> delegate the handling of whether a WS is protected or not to the
> HTTPClient instance. In other words, I'd like to always invoke a given
> web service the same way and let HTTPClient figure out the rest. Is this
> possible?
>
This is not possible with the stock version of HttpClient. Theoretically
one could use the JNI interface to call a Windows Specific service in
order to retrieve the NT credentials of the actual user from the Windows
security context. Please Windows experts out there correct me if am
wrong. At this point of time we have no plans to include platform
specific code into the stock version of HttpClient
Oleg
> Here's some of the code I've been trying to get working:
>
> // Configure connection settings
> HttpClient httpClient = new HttpClient();
> String host = ...;
> httpClient.getHostConfiguration().setHost(host);
>
> // Configure actual WS call
> String webServicePath = ...;
> PostMethod postMethod = new PostMethod(webServicePath);
> postMethod.getHostAuthState().setAuthScheme(new NTLMScheme());
> postMethod.setDoAuthentication(true);
> byte[] xmlPayload = ...;
> postMethod.setRequestEntity(new ByteArrayRequestEntity(xmlPayload));
>
> try {
> httpClient.executeMethod(postMethod);
> if(postMethod.getStatusCode() == HttpStatus.SC_OK) {
> // Unmarshall returned XML
> ...
> ...
> }
> } finally {
> postMethod.releaseConnection();
> }
>
>
> John M. Corro
> (414) 524-7118
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org