Friday, December 17, 2010

NTLM Authentication for Java http clients

I was working to provide NTLM authentication to a RSS aggregator plugin http://confluence.atlassian.com/display/CONFEXT/RSS+aggregator+macro+plugin , in our implementation the rssaggregator needed to access rss feed from an IIS installed application within an AD intergrated setup, so our http request needed to go through NTLM authentication.
What I found out during this exercise is that if one is on the same AD domain as the server hosting the secure contents then JDK 1.5 and 1.6 does a transparent authentication at the backend, automatically transferring the login details from the http client to the server , however if the request is being made from a client outside the domain then the login details have to be provided using the username and password for the client accessing the protected resource, for that I found the Jave Authenticator class to be the best option, since you do not have to alter your existing code and just call the Authenticator before the http request and populate the authentication credentials in it. Worked really well for me.
References
Two exhaustive definitions of how ntlm works, and the interactions
http://www.innovation.ch/personal/ronald/ntlm.html
http://davenport.sourceforge.net/ntlm.html
Useful link to valid Java Implementation
http://oaklandsoftware.com/papers/ntlm.html
Ads by Google

No comments: