authenticate with ntlm (or kerberos) using java UrlConnection

0 votes
asked Jul 22, 2009 by opensas

I need to consume a rest web service with java, passing the credentials of a domain user account.

right now I'm doing it with classic asp


set xmlHttp = server.createObject( "msxml2.serverxmlhttp" )
xmlHttp.open method, url, false, domain & "\" & user, password
xmlHttp.send body
out = xmlHttp.responseText
set xmlHttp = nothing

and with asp.net



HttpWebRequest request = (HttpWebRequest) WebRequest.Create( url );

request.Credentials = new NetworkCredential(user, password, domain);

request.Method = WebRequestMethods.Http.Get

HttpWebResponse response = (HttpWebResponse) request.GetResponse();

StreamReader outStream = new StreamReader( response.GetResponseStream(), Encoding.UTF8) ;

output = outStream.ReadToEnd();

how can I achieve this with java? Take into account that I'm not using the credentials of the currently logged user, I'm specifing the domain account (I have the password)

please tell me it's as easy as with classic asp and asp.net....

4 Answers

0 votes
answered Jul 5, 2009 by pat-gonzalez

Take a look at the SpnegoHttpURLConnection class in the SPNEGO HTTP Servlet Filter project. This project has some examples as well.

This project has a client library that pretty much does what you are doing in your example.

Take a look this example from the javadoc...

 public static void main(final String[] args) throws Exception {
     final String creds = "dfelix:myp@s5";

     final String token = Base64.encode(creds.getBytes());

     URL url = new URL("http://medusa:8080/index.jsp");

     HttpURLConnection conn = (HttpURLConnection) url.openConnection();

     conn.setRequestProperty(Constants.AUTHZ_HEADER
             , Constants.BASIC_HEADER + " " + token);

     conn.connect();

     System.out.println("Response Code:" + conn.getResponseCode());
 }
0 votes
answered Jul 23, 2009 by matt-solnit

According to this page, you can use the built-in JRE classes, with the caveat that earlier versions of Java can only do this on a Windows machine.

However, if you are willing to live with a 3rd-party dependency, IMO Apache Commons HttpClient 3.x is the way to go. Here is the documentation for using authentication, including NTLM. In general, HttpClient is a much more functional library.

The latest version of HttpClient is 4.0, but apparently this version does not support NTLM this version requires a tiny bit of extra work.

Here is what I think the code would look like, although I haven't tried it:

HttpClient httpClient = new HttpClient();
httpClient.getState().setCredentials(AuthScope.ANY, new NTCredentials(user, password, hostPortionOfURL, domain));
GetMethod request = new GetMethod(url);
BufferedReader reader = new InputStreamReader(request.getResponseBodyAsStream());

Good luck.

0 votes
answered Jul 29, 2011 by opensas
0 votes
answered Jul 7, 2012 by tires

A compatible solution for java.net.URLStreamHandler and java.net.URL is com.intersult.net.http.NtlmHandler:

NtlmHandler handler = new NtlmHandler();
handler.setUsername("domain\\username");
handler.setPassword("password");
URL url = new URL(null, urlString, handler);
URLConnection connection = url.openConnection();

You also can use java.net.Proxy within url.openConnection(proxy).

Use Maven-Dependency:

    <dependency>
        <groupId>com.intersult</groupId>
        <artifactId>http</artifactId>
        <version>1.1</version>
    </dependency>
Welcome to Q&A, where you can ask questions and receive answers from other members of the community.
Website Online Counter

...