Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / General / December 2005

Tip: Looking for answers? Try searching our database.

Java - Integrated Windows Authentication - NTLM Authentication Forwarding

Thread view: 
Enable EMail AlertsStart New Thread
Will - 01 Dec 2005 01:01 GMT
We have a java web application that calls web services on other
machines (SOA). The browser authenticates to IIS using Integrated
Windows Authentication (IWA) using the NTLM protocol to the web
application. The web services require the same type of authentication,
but we are unable to forward the credetials from the web application
(received from the browser) to the web service calls. The calls fail
with a HTTP 401 error.

We are using Apache Jakarta Commons HttpClient. It has parameters to
forward the NTLM info, however the password is required... and that is
unattainable, without prompting the user... which we do not wish to do.
.NET has the ability to forward the credentials via the
System.Net.CredentialCache.DefaultCredentials object, without actually
needing access to the password.

The customer will not change the authentication architecture. Can this
nut be cracked with Java. They do not wish to run IIS or the Java
Application Server as a valid domain user either.
Reply to this Message
buunguyen@psv.com.vn - 01 Dec 2005 15:35 GMT
Does NTLM require a password to be sent along? Anyway, I think you need
to do some JNI to obtain the current Windows credential.
Reply to this Message
Will - 02 Dec 2005 02:20 GMT
The interface to the Java HTTP clients that can authenticate via
IWA/NTLM to IIS require a password to be passed into the API unless
there is a Java HTTP client that doesn't. Do you know of one?

How would the windows credentials be propogated to Java into an HTTP
client via JNI? I don't think there is a way to query LDAP/Active
Directory for a user password. The passwords are stored as a one-way
hash.
Reply to this Message
gtcc2009@yahoo.com - 02 Dec 2005 19:07 GMT
Will, you will need to use JNI to get the Windows credential via the
SSPI Windows APIs. I've never worked with it to give you more insight
advices.

Hope it helps.
Reply to this Message
buunguyen@psv.com.vn - 02 Dec 2005 19:12 GMT
I meant you use JNI to get all the necessary Windows credentials, then
pass them as parameters to the HTTP request of your HTTP client.
Reply to this Message
Will - 03 Dec 2005 01:00 GMT
Thanks. I'll check out the SSPI API.
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.