Java - Integrated Windows Authentication - NTLM Authentication Forwarding

W

Will

We have a java web application that calls web services on other
machines (SOA). The browser authenticates to IIS using Integrated
Windows Authentication (IWA) using the NTLM protocol to the web
application. The web services require the same type of authentication,
but we are unable to forward the credetials from the web application
(received from the browser) to the web service calls. The calls fail
with a HTTP 401 error.

We are using Apache Jakarta Commons HttpClient. It has parameters to
forward the NTLM info, however the password is required... and that is
unattainable, without prompting the user... which we do not wish to do.
..NET has the ability to forward the credentials via the
System.Net.CredentialCache.DefaultCredentials object, without actually
needing access to the password.

The customer will not change the authentication architecture. Can this
nut be cracked with Java. They do not wish to run IIS or the Java
Application Server as a valid domain user either.
 
B

buunguyen

Does NTLM require a password to be sent along? Anyway, I think you need
to do some JNI to obtain the current Windows credential.
 
W

Will

The interface to the Java HTTP clients that can authenticate via
IWA/NTLM to IIS require a password to be passed into the API unless
there is a Java HTTP client that doesn't. Do you know of one?

How would the windows credentials be propogated to Java into an HTTP
client via JNI? I don't think there is a way to query LDAP/Active
Directory for a user password. The passwords are stored as a one-way
hash.
 
G

gtcc2009

Will, you will need to use JNI to get the Windows credential via the
SSPI Windows APIs. I've never worked with it to give you more insight
advices.

Hope it helps.
 
B

buunguyen

I meant you use JNI to get all the necessary Windows credentials, then
pass them as parameters to the HTTP request of your HTTP client.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top