I was doing some playing around and opening a connection to the server (from the applet) using the plain java.net.URL object. When watching the traffic go back and forth across (using Ethereal), it appeared the native URL object was negotiating w/ the server (w/o requiring any special steps from the developer) and actually sending back an authentication response to the server w/ what "appeared" to be a correct NTLM hashed value.
Would anyone be able to verify if what I was seeing was correct? *NOTE: I opted not to use the native URL object because I was having issues streaming info back and forth that I was hopeful HTTPClient could alleviate. John M. Corro (414) 524-7118 [EMAIL PROTECTED] 05/14/2006 02:34 PM Please respond to [email protected] To [email protected] cc Subject Re: NTLM Authentication for currently logged in Windows user On Fri, 2006-05-12 at 15:30 -0500, [EMAIL PROTECTED] wrote: > I'm attempting to invoke an Integrated Authenticated protected web service > from an applet in a Windows environment. I'd like to make it such that > the protected web services are invoked under the currently logged in > user's credentials. I understand that I have to supply an NTCredentials > instance, but how can I do that dynamically and without explicitly asking > the user or using hardcoded values? That is, I'd like to dynamically get > an instance of NTCredentials w/ the currently logged in user's > username/password. > > An additional challenge is that only *some* of the web services are > Integrated Authentication protected. It'd be much preferred if I could > delegate the handling of whether a WS is protected or not to the > HTTPClient instance. In other words, I'd like to always invoke a given > web service the same way and let HTTPClient figure out the rest. Is this > possible? > This is not possible with the stock version of HttpClient. Theoretically one could use the JNI interface to call a Windows Specific service in order to retrieve the NT credentials of the actual user from the Windows security context. Please Windows experts out there correct me if am wrong. At this point of time we have no plans to include platform specific code into the stock version of HttpClient Oleg > Here's some of the code I've been trying to get working: > > // Configure connection settings > HttpClient httpClient = new HttpClient(); > String host = ...; > httpClient.getHostConfiguration().setHost(host); > > // Configure actual WS call > String webServicePath = ...; > PostMethod postMethod = new PostMethod(webServicePath); > postMethod.getHostAuthState().setAuthScheme(new NTLMScheme()); > postMethod.setDoAuthentication(true); > byte[] xmlPayload = ...; > postMethod.setRequestEntity(new ByteArrayRequestEntity(xmlPayload)); > > try { > httpClient.executeMethod(postMethod); > if(postMethod.getStatusCode() == HttpStatus.SC_OK) { > // Unmarshall returned XML > ... > ... > } > } finally { > postMethod.releaseConnection(); > } > > > John M. Corro > (414) 524-7118 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
