Transparent Ntlm authentication

[Rob Goodberry <ro...@gmail.com>]

Hey there,

I am trying to send http requests to the sharepoint site at our work. Using
Javascript everything automatically worked. When I first tried to use Java
I learned our Sharepoint uses NTLM authentication as I got a 401 response.
I was able to get ntlm authentication to work using both the default and
jcifs ntlmengine from the examples here. However, I do not want my users to
have to enter their sharepoint password as it is the same as their windows
credentials.

After some further research I have found that the java.net.urlconnection
implementation automatically attempts to provide the currently logged in
Windows user credentials (since 1.5_08). Is there some way to emulate the
same behaviour with HttpClient? Has anyone else come across this and been
able to find the part of Suns code that provides that functionality? I want
to use HttpClient instead of URLConnection but I just haven't been able to
figure it out yet!

Funnily enough in my search I am finding endless amounts of people with the
exact opposite problem, trying to provide specific credentials but
urlconnection is automatically using their windows credentials and people
advise them to use HttpClient instead because it doesn't do that by
default. If only that was my problem!

Thanks,
Rob

Re: Transparent Ntlm authentication

[Rob Goodberry <ro...@gmail.com>]

Hello again,

I was able to build the jars in Maven which was pretty cool (java is my
first compiled language and I'm still quite new to it), but I will be
unable to test them however as the environment where I have access to a
NTLM server to test against is limited to JRE 1.5 :(.

I need to find out how java.net.urlconnection performs ntlm authentication
transparently in 1.5 I guess and try to work that into a custom ntlm
authentication scheme that I can use with httpclient 4.3.1..somehow! I
think I understand ntlm itself well enough at this point, just need to find
out exactly where the credentials come from.

Thanks again for your help
Rob
On 2013-12-30 11:05 AM, "Oleg Kalnichevski" <ol...@apache.org> wrote:

> On Mon, 2013-12-30 at 10:15 -0500, Rob Goodberry wrote:
> > Hello Oleg,
> >
> > Thank you for your quick reply.
> >
> > I am excited to hear about the feature coming to 4.4. I just started
> using
> > the mailing lists this morning and was reading that in 4.4 the minimum
> > required JRE version may change from 1.5 to 1.6 or even to 1.7, is this
> > still the case?
> >
>
> Yes, it still is. HttpClient trunk will get switched to 1.6 after 4.3.2
> release.
>
> > Also, I've never built anything with Maven before. I tried to set it up
> at
> > work but was unable to as I could not set the $JAVA_HOME environment
> > variable. Is maven actually required to build Httpclient or is there some
> > other way?
>
> It is certainly not required but recommended. Maven is well supported by
> all popular IDEs, so generally it should be a (relatively) simple matter
> of configuring Maven support in your IDE of choice.
>
> > I don't have a lot of experience with building from other
> > peoples source and I keep getting a
> java.lang.UnsupportedClassVersionError
> > whenever I try to run the code using the new Auth scheme factory. I am
> > sorry for the somewhat unrelated question.
> >
>
> JNI libraries used by Win specific auth schemes require Java 1.6. This
> is one of the reasons why 4.4 will no longer be 1.5 compatible. Make
> sure you are not trying to execute your code with JRE 1.5.
>
> Hope this helps
>
> Oleg
>
>
>
> > Thanks again,
> > Rob
> > On 2013-12-30 6:06 AM, "Oleg Kalnichevski" <ol...@apache.org> wrote:
> >
> > > On Mon, 2013-12-30 at 05:51 -0500, Rob Goodberry wrote:
> > > > Hey there,
> > > >
> > > > I am trying to send http requests to the sharepoint site at our work.
> > > Using
> > > > Javascript everything automatically worked. When I first tried to use
> > > Java
> > > > I learned our Sharepoint uses NTLM authentication as I got a 401
> > > response.
> > > > I was able to get ntlm authentication to work using both the default
> and
> > > > jcifs ntlmengine from the examples here. However, I do not want my
> users
> > > to
> > > > have to enter their sharepoint password as it is the same as their
> > > windows
> > > > credentials.
> > > >
> > > > After some further research I have found that the
> java.net.urlconnection
> > > > implementation automatically attempts to provide the currently
> logged in
> > > > Windows user credentials (since 1.5_08). Is there some way to
> emulate the
> > > > same behaviour with HttpClient? Has anyone else come across this and
> been
> > > > able to find the part of Suns code that provides that functionality?
> I
> > > want
> > > > to use HttpClient instead of URLConnection but I just haven't been
> able
> > > to
> > > > figure it out yet!
> > > >
> > > > Funnily enough in my search I am finding endless amounts of people
> with
> > > the
> > > > exact opposite problem, trying to provide specific credentials but
> > > > urlconnection is automatically using their windows credentials and
> people
> > > > advise them to use HttpClient instead because it doesn't do that by
> > > > default. If only that was my problem!
> > > >
> > > > Thanks,
> > > > Rob
> > >
> > > Hi Rob
> > >
> > > As of version 4.4 HttpClient is likely to be able to authenticate
> > > transparently with NTLM when running on a Windows OS
> > >
> > > For the time being you can checkout and build the source of Windows
> > > specific auth schemes from here:
> > >
> > >
> > >
> http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/httpclient-win/
> > >
> > > Please note they are still considered experimental and as such are not
> > > supported. However, I would be very interested to know if you succeed
> in
> > > getting them work.
> > >
> > > Cheers
> > >
> > > Oleg
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> > >
> > >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>

Re: Transparent Ntlm authentication

[Oleg Kalnichevski <ol...@apache.org>]

On Mon, 2013-12-30 at 10:15 -0500, Rob Goodberry wrote:
> Hello Oleg,
> 
> Thank you for your quick reply.
> 
> I am excited to hear about the feature coming to 4.4. I just started using
> the mailing lists this morning and was reading that in 4.4 the minimum
> required JRE version may change from 1.5 to 1.6 or even to 1.7, is this
> still the case?
> 

Yes, it still is. HttpClient trunk will get switched to 1.6 after 4.3.2
release.

> Also, I've never built anything with Maven before. I tried to set it up at
> work but was unable to as I could not set the $JAVA_HOME environment
> variable. Is maven actually required to build Httpclient or is there some
> other way? 

It is certainly not required but recommended. Maven is well supported by
all popular IDEs, so generally it should be a (relatively) simple matter
of configuring Maven support in your IDE of choice. 

> I don't have a lot of experience with building from other
> peoples source and I keep getting a java.lang.UnsupportedClassVersionError
> whenever I try to run the code using the new Auth scheme factory. I am
> sorry for the somewhat unrelated question.
> 

JNI libraries used by Win specific auth schemes require Java 1.6. This
is one of the reasons why 4.4 will no longer be 1.5 compatible. Make
sure you are not trying to execute your code with JRE 1.5.

Hope this helps

Oleg



> Thanks again,
> Rob
> On 2013-12-30 6:06 AM, "Oleg Kalnichevski" <ol...@apache.org> wrote:
> 
> > On Mon, 2013-12-30 at 05:51 -0500, Rob Goodberry wrote:
> > > Hey there,
> > >
> > > I am trying to send http requests to the sharepoint site at our work.
> > Using
> > > Javascript everything automatically worked. When I first tried to use
> > Java
> > > I learned our Sharepoint uses NTLM authentication as I got a 401
> > response.
> > > I was able to get ntlm authentication to work using both the default and
> > > jcifs ntlmengine from the examples here. However, I do not want my users
> > to
> > > have to enter their sharepoint password as it is the same as their
> > windows
> > > credentials.
> > >
> > > After some further research I have found that the java.net.urlconnection
> > > implementation automatically attempts to provide the currently logged in
> > > Windows user credentials (since 1.5_08). Is there some way to emulate the
> > > same behaviour with HttpClient? Has anyone else come across this and been
> > > able to find the part of Suns code that provides that functionality? I
> > want
> > > to use HttpClient instead of URLConnection but I just haven't been able
> > to
> > > figure it out yet!
> > >
> > > Funnily enough in my search I am finding endless amounts of people with
> > the
> > > exact opposite problem, trying to provide specific credentials but
> > > urlconnection is automatically using their windows credentials and people
> > > advise them to use HttpClient instead because it doesn't do that by
> > > default. If only that was my problem!
> > >
> > > Thanks,
> > > Rob
> >
> > Hi Rob
> >
> > As of version 4.4 HttpClient is likely to be able to authenticate
> > transparently with NTLM when running on a Windows OS
> >
> > For the time being you can checkout and build the source of Windows
> > specific auth schemes from here:
> >
> >
> > http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/httpclient-win/
> >
> > Please note they are still considered experimental and as such are not
> > supported. However, I would be very interested to know if you succeed in
> > getting them work.
> >
> > Cheers
> >
> > Oleg
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >
> >



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

Re: Transparent Ntlm authentication

[Rob Goodberry <ro...@gmail.com>]

Hello Oleg,

Thank you for your quick reply.

I am excited to hear about the feature coming to 4.4. I just started using
the mailing lists this morning and was reading that in 4.4 the minimum
required JRE version may change from 1.5 to 1.6 or even to 1.7, is this
still the case?

Also, I've never built anything with Maven before. I tried to set it up at
work but was unable to as I could not set the $JAVA_HOME environment
variable. Is maven actually required to build Httpclient or is there some
other way? I don't have a lot of experience with building from other
peoples source and I keep getting a java.lang.UnsupportedClassVersionError
whenever I try to run the code using the new Auth scheme factory. I am
sorry for the somewhat unrelated question.

Thanks again,
Rob
On 2013-12-30 6:06 AM, "Oleg Kalnichevski" <ol...@apache.org> wrote:

> On Mon, 2013-12-30 at 05:51 -0500, Rob Goodberry wrote:
> > Hey there,
> >
> > I am trying to send http requests to the sharepoint site at our work.
> Using
> > Javascript everything automatically worked. When I first tried to use
> Java
> > I learned our Sharepoint uses NTLM authentication as I got a 401
> response.
> > I was able to get ntlm authentication to work using both the default and
> > jcifs ntlmengine from the examples here. However, I do not want my users
> to
> > have to enter their sharepoint password as it is the same as their
> windows
> > credentials.
> >
> > After some further research I have found that the java.net.urlconnection
> > implementation automatically attempts to provide the currently logged in
> > Windows user credentials (since 1.5_08). Is there some way to emulate the
> > same behaviour with HttpClient? Has anyone else come across this and been
> > able to find the part of Suns code that provides that functionality? I
> want
> > to use HttpClient instead of URLConnection but I just haven't been able
> to
> > figure it out yet!
> >
> > Funnily enough in my search I am finding endless amounts of people with
> the
> > exact opposite problem, trying to provide specific credentials but
> > urlconnection is automatically using their windows credentials and people
> > advise them to use HttpClient instead because it doesn't do that by
> > default. If only that was my problem!
> >
> > Thanks,
> > Rob
>
> Hi Rob
>
> As of version 4.4 HttpClient is likely to be able to authenticate
> transparently with NTLM when running on a Windows OS
>
> For the time being you can checkout and build the source of Windows
> specific auth schemes from here:
>
>
> http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/httpclient-win/
>
> Please note they are still considered experimental and as such are not
> supported. However, I would be very interested to know if you succeed in
> getting them work.
>
> Cheers
>
> Oleg
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>

Re: Transparent Ntlm authentication

[Oleg Kalnichevski <ol...@apache.org>]

On Mon, 2013-12-30 at 05:51 -0500, Rob Goodberry wrote:
> Hey there,
> 
> I am trying to send http requests to the sharepoint site at our work. Using
> Javascript everything automatically worked. When I first tried to use Java
> I learned our Sharepoint uses NTLM authentication as I got a 401 response.
> I was able to get ntlm authentication to work using both the default and
> jcifs ntlmengine from the examples here. However, I do not want my users to
> have to enter their sharepoint password as it is the same as their windows
> credentials.
> 
> After some further research I have found that the java.net.urlconnection
> implementation automatically attempts to provide the currently logged in
> Windows user credentials (since 1.5_08). Is there some way to emulate the
> same behaviour with HttpClient? Has anyone else come across this and been
> able to find the part of Suns code that provides that functionality? I want
> to use HttpClient instead of URLConnection but I just haven't been able to
> figure it out yet!
> 
> Funnily enough in my search I am finding endless amounts of people with the
> exact opposite problem, trying to provide specific credentials but
> urlconnection is automatically using their windows credentials and people
> advise them to use HttpClient instead because it doesn't do that by
> default. If only that was my problem!
> 
> Thanks,
> Rob

Hi Rob

As of version 4.4 HttpClient is likely to be able to authenticate
transparently with NTLM when running on a Windows OS

For the time being you can checkout and build the source of Windows
specific auth schemes from here:

http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/httpclient-win/ 

Please note they are still considered experimental and as such are not
supported. However, I would be very interested to know if you succeed in
getting them work. 

Cheers

Oleg


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org