Java - Integrated Windows Authentication - NTLM Authentication Forwarding

Discussion in 'Java' started by Will, Dec 1, 2005.

  1. Will

    Will Guest

    We have a java web application that calls web services on other
    machines (SOA). The browser authenticates to IIS using Integrated
    Windows Authentication (IWA) using the NTLM protocol to the web
    application. The web services require the same type of authentication,
    but we are unable to forward the credetials from the web application
    (received from the browser) to the web service calls. The calls fail
    with a HTTP 401 error.

    We are using Apache Jakarta Commons HttpClient. It has parameters to
    forward the NTLM info, however the password is required... and that is
    unattainable, without prompting the user... which we do not wish to do.
    ..NET has the ability to forward the credentials via the
    System.Net.CredentialCache.DefaultCredentials object, without actually
    needing access to the password.

    The customer will not change the authentication architecture. Can this
    nut be cracked with Java. They do not wish to run IIS or the Java
    Application Server as a valid domain user either.
    Will, Dec 1, 2005
    1. Advertisements

  2. Guest

    Does NTLM require a password to be sent along? Anyway, I think you need
    to do some JNI to obtain the current Windows credential.
    , Dec 1, 2005
    1. Advertisements

  3. Will

    Will Guest

    The interface to the Java HTTP clients that can authenticate via
    IWA/NTLM to IIS require a password to be passed into the API unless
    there is a Java HTTP client that doesn't. Do you know of one?

    How would the windows credentials be propogated to Java into an HTTP
    client via JNI? I don't think there is a way to query LDAP/Active
    Directory for a user password. The passwords are stored as a one-way
    Will, Dec 2, 2005
  4. Guest

    Will, you will need to use JNI to get the Windows credential via the
    SSPI Windows APIs. I've never worked with it to give you more insight

    Hope it helps.
    , Dec 2, 2005
  5. Guest

    I meant you use JNI to get all the necessary Windows credentials, then
    pass them as parameters to the HTTP request of your HTTP client.
    , Dec 2, 2005
  6. Will

    Will Guest

    Thanks. I'll check out the SSPI API.
    Will, Dec 3, 2005
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mark
  2. Rob Mayo
    Hernan de Lahitte
    Jan 26, 2004
  3. Matthijs
    Dec 10, 2008
  4. Rob Mayo

    .NET HttpModule & NTLM Integrated Authentication

    Rob Mayo, Jan 23, 2004, in forum: ASP .Net Security
    Hernan de Lahitte
    Jan 26, 2004
  5. Andrew Tomazos

Share This Page