Starting from the example, org.apache.http.examples.client.win. ClientWinAuth
There's a comment starting on line 49 that says:
// There is no need to provide user credentials
// HttpClient will attempt to access current user security context
through
// Windows platform specific methods via JNI.
This works. However, I want to provide credentials explicitly, and have it fail
if those credentials are not supplied, or are invalid, with no fallback to
getting credentials from the system.
I haven't found any documentation showing how to do this. I've looked into the
code for WinHttpClients, copied the createBuilder method into my own class and
modified it, like this:
private static HttpClientBuilder createBuilder() {
final Registry<AuthSchemeProvider> authSchemeRegistry =
RegistryBuilder.<AuthSchemeProvider>create()
.register(AuthSchemes.NTLM, new
WindowsNTLMSchemeFactory(null))
.build();
final BasicCredentialsProvider bCrPr = new BasicCredentialsProvider();
final CredentialsProvider credsProvider = new
WindowsCredentialsProvider(bCrPr);
credsProvider.clear();
credsProvider.setCredentials(AuthScope.ANY,new
NTCredentials("username:password"));
return HttpClientBuilder.create()
.setDefaultCredentialsProvider(credsProvider)
.setDefaultAuthSchemeRegistry(authSchemeRegistry);
}
This does not work, by which I mean, it looks up the currently logged in user's
credentials and uses those, regardless whether the NTCredentials provided are
valid or invalid. (So it succeeds but with the wrong user.)
Am I doing something wrong, or is this not supported?
The only thing I have found that works is to use DefaultHttpClient, which is
deprecated. If there's no "right way" to do it with non-deprecated code, I'll
have to continue using DefaultHttpClient.
**********************************************************************
PRIVILEGED AND CONFIDENTIAL: Communications sent from Webster Financial
Corporation, and our affiliates and subsidiaries, which contain sensitive
information, will be sent via encrypted email. Affiliates and subsidiaries of
Webster Financial Corporation include: Webster Bank (Including its divisions:
HSA Bank, Webster Investment Services, and Webster Private Bank), Webster
Business Credit Corporation, Webster Capital Finance, and Webster Wealth
Advisors . This communication, including attachments, is for the exclusive use
of addressee and may contain proprietary, confidential, or privileged
information. If you are not the intended recipient, any use, copying,
disclosure, dissemination, or distribution is strictly prohibited. If you are
not the intended recipient, please notify the sender immediately by return
email and delete this communication and destroy all copies.
Rates and program criteria are subject to change. All loans are subject to
credit approval. Other terms and conditions may apply; consult a Webster
representative for more details.
To opt-out of receiving email advertisements please call 1-800-325-2424.
Webster Corporate Headquarters - 145 Bank Street WFD730 Waterbury, CT 06702
Webster Bank, N.A - Equal Housing Lender
