Wow, another HttpClient / Webstart user. Glad to know another one exists! I thought I was the only one.
We don't use NTLM, but we do use certificate based authentication with HttpClient and Webstart. This involves interfacing with Windows to use a hardware device to do the encryption. We didn't stand a chance doing this by ourselves, so we do this by wrapping the native socket factory and then Windows and Webstart deal with the rest. fact = new NativeSSLSocketFactoryWrapper(HttpsURLConnection.getDefaultSSLSocketFactory(),verifier); This works pretty well for us, although this code (with 4.1.3) has not been "in the field" much yet. However, this is similar to what we did using HttpClient 4.0.1 and it worked well for a long time. I can email you the NativeSSLSocketFactoryWrapper directly if you want. (Attachments are generally frowned upon on mailing lists.) Incidentally, in 4.2 a constructor has been added to HttpClient's socket factory to allow wrapping of an javax.net.ssl one. It will do what this will do, but without all the copy/paste work I had to do to make this. Hope this helps, Mark -----Original Message----- From: Olivier Rossel [mailto:[email protected]] Sent: Monday, April 30, 2012 1:00 PM To: [email protected] Subject: HttpClient 4.1, NTLM and Webstart Hi everyone. I wish I could use HttpClient 4.1 through a NTLM proxy, in a Webstart environment. May be you can help me clarify a few things about that. I read that HttpClient 4.1 has out-of-the-box support of NTLM (but I am not sure what it really means). The doc gives such a NTLM-related code: DefaultHttpClient httpclient = new DefaultHttpClient(); NTCredentials creds = new NTCredentials("user", "pwd", "myworkstation", "microsoft.com"); httpclient.getCredentialsProvider().setCredentials(AuthScope.ANY, creds); It is very painful to ask the user its name, its pass and (especially!) its domain. That's why the JVM already does that job (in Webstart mode) : it pops up a JAuthenticator that asks the proxy user/proxy pass, it figures out the domain by itself and it preconfigures java.net.URL accordingly. Then you can use java.net.URL and URLConnection transparently, without any NTLM-specific code. So my question is: does HttpClient 4.1, in a Webstart envrionnement, benefit from the java.net.URL preconfiguration I mentionned ? Or is the NTLM-related code necessary even in Webstart environments to let HttpClient 4.1 go through NTLM proxy? [1] [1]: in that case, how to figure out the NT domain? Asking the user for that information is usually very painful (: users do not know their NT domain) Any help is welcome. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
