On Mon, 2006-05-15 at 08:22 -0500, [EMAIL PROTECTED] wrote: > Thanks, Oleg. I thought that might be the case, but was looking for > wiser/more experienced minds to verify my suspicion. > > One last inquiry - is there a way to manually create a HttpUrlConnection > then inject it into a PostMethod or HttpClient?
No, there's not. Consider trying out the idea suggested by Roland Oleg > In this way, I could > benefit from Java's ability to do transparent NTLM negotiation, but also > from HTTPClient's easy to work w/ interfaces. > > > John M. Corro > (414) 524-7118 > > > > [EMAIL PROTECTED] > 05/15/2006 08:11 AM > Please respond to > [email protected] > > > To > [email protected] > cc > > Subject > Re: NTLM Authentication for currently logged in Windows user > > > > > > > On Mon, 2006-05-15 at 07:43 -0500, [EMAIL PROTECTED] wrote: > > I was doing some playing around and opening a connection to the server > > (from the applet) using the plain java.net.URL object. When watching > the > > traffic go back and forth across (using Ethereal), it appeared the > native > > URL object was negotiating w/ the server (w/o requiring any special > steps > > from the developer) and actually sending back an authentication response > > > to the server w/ what "appeared" to be a correct NTLM hashed value. > > > > Would anyone be able to verify if what I was seeing was correct? > > I believe as of Java 1.4 HttpUrlConnection can leverage some platform > specific code to obtain NT user credentials when running on Microsoft > Windows. This, obviously, renders the whole application Windows specific > as a result. If your application is not meant to be portable across > multiple platforms, you should probably stick with HttpUrlConnection. > NTLM support in HttpClient is fully portable across platforms but is > limited to NTLMv1 and is unable to interact with the Windows security > context. > > Hope this helps, > > Oleg > > > > > *NOTE: I opted not to use the native URL object because I was having > > issues streaming info back and forth that I was hopeful HTTPClient could > > > alleviate. > > > > John M. Corro > > (414) 524-7118 > > > > > > > > [EMAIL PROTECTED] > > 05/14/2006 02:34 PM > > Please respond to > > [email protected] > > > > > > To > > [email protected] > > cc > > > > Subject > > Re: NTLM Authentication for currently logged in Windows user > > > > > > > > > > > > > > On Fri, 2006-05-12 at 15:30 -0500, [EMAIL PROTECTED] wrote: > > > I'm attempting to invoke an Integrated Authenticated protected web > > service > > > from an applet in a Windows environment. I'd like to make it such > that > > > the protected web services are invoked under the currently logged in > > > user's credentials. I understand that I have to supply an > NTCredentials > > > > > instance, but how can I do that dynamically and without explicitly > > asking > > > the user or using hardcoded values? That is, I'd like to dynamically > > get > > > an instance of NTCredentials w/ the currently logged in user's > > > username/password. > > > > > > An additional challenge is that only *some* of the web services are > > > Integrated Authentication protected. It'd be much preferred if I > could > > > delegate the handling of whether a WS is protected or not to the > > > HTTPClient instance. In other words, I'd like to always invoke a > given > > > web service the same way and let HTTPClient figure out the rest. Is > > this > > > possible? > > > > > > > This is not possible with the stock version of HttpClient. Theoretically > > one could use the JNI interface to call a Windows Specific service in > > order to retrieve the NT credentials of the actual user from the Windows > > security context. Please Windows experts out there correct me if am > > wrong. At this point of time we have no plans to include platform > > specific code into the stock version of HttpClient > > > > Oleg > > > > > > > Here's some of the code I've been trying to get working: > > > > > > // Configure connection settings > > > HttpClient httpClient = new HttpClient(); > > > String host = ...; > > > httpClient.getHostConfiguration().setHost(host); > > > > > > // Configure actual WS call > > > String webServicePath = ...; > > > PostMethod postMethod = new PostMethod(webServicePath); > > > postMethod.getHostAuthState().setAuthScheme(new NTLMScheme()); > > > postMethod.setDoAuthentication(true); > > > byte[] xmlPayload = ...; > > > postMethod.setRequestEntity(new ByteArrayRequestEntity(xmlPayload)); > > > > > > try { > > > httpClient.executeMethod(postMethod); > > > if(postMethod.getStatusCode() == HttpStatus.SC_OK) { > > > // Unmarshall returned XML > > > ... > > > ... > > > } > > > } finally { > > > postMethod.releaseConnection(); > > > } > > > > > > > > > John M. Corro > > > (414) 524-7118 > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
