RE: NTLM authentication to an MS Exchange web page account using HTTP Client V2.0
Hi Andre-John, I have just got my friend to try connecting to out intranet web server with Safari and it does not support NTLM authentication. The only two web clients on the platform that do suppor it are Mozilla variety and Internet Explorer. Though I can't confirm whether they use the user's logged in credentials, since he logs in to his portable with local authentication and then connects to the servers on a case by case basis. As for 'JDK with HttpUrlConnection'I have not yet tested this. It may turn out to be a Windowss only solution. Thanks for the information. Thinking about it, I believe the ideal solution would be to create an authentication factory, which would return an instance of an 'authenticator' (my made up name), based on specified name. This would allow us to have the flexibility of either returning a pure Java instance of an implementation (if possible) or one that has a native implementation. If an authenticator could not initialise itself for the given platform or environment, then an Exception would be thrown. How does this sound? - note: 2min design process Sounds great. Use *.httpclient.auth.CredentialsProvider as the interface for the 'authenticator' and you're almost there :-) The factory will become very ugly though, because of all the platform specific checks. cheers, Roland
Re: NTLM authentication to an MS Exchange web page account using HTTP Client V2.0
Hi Odi, I am not requiring or implementing the feature, I was merely asking out of curiosity and to be prepared for the next time someone wants to know how to authenticate as the OS user. I fully agree that calling sun or com.sun classes is not a good idea. But whenever we tell people they could use JNI, I very much doubt they'll actually try it. Adding native code to a Java project is a big step which few will take. If there is an internal Java API we know about, we could at least tell folks about it, point out the implementation dependency problem, and leave the decision to them. As I am using IBM JDKs, I can tell you they include plenty of sun and com.sun classes. The IBM implementation is also based on the Sun version. cheers, Roland Ortwin Glück [EMAIL PROTECTED] 30.06.2004 09:01 Please respond to Commons HttpClient Project To Commons HttpClient Project [EMAIL PROTECTED] cc Subject Re: NTLM authentication to an MS Exchange web page account using HTTP Client V2.0 Roland Weber wrote: If the latter is true, there still might be a platform-independent class somewhere in sun.* or com.sun.*. Roland, you can safely call the sun.* and com.sun.* packages platform/implementation dependent. Apple have their own Java implementation, which is based on Sun's. If you are using implementations from IBM or BEA: They have no sun.* packages at all. Using sun packages ties your code tightly to a specific Java implementation. That is even worse than using native code, which is still portable among Java implementations. If JNI is an option, you must of course provide a specific JNI module for every supported platform. This is not a bad thing. If you had used any other language you would have needed to do it as well. You can write your application such that it runs on any platform and can use the automatic NT credentials on supported platforms only. Think of it as a plug-in. Ortwin Glück -- _ NOSE applied intelligence ag ortwin glück [www] http://www.nose.ch software engineer hardturmstrasse 171 [pgp id] 0x81CF3416 8005 zürich [office] +41-1-277 57 35 switzerland [fax] +41-1-277 57 12 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: NTLM authentication to an MS Exchange web page account using HTTP Client V2.0
The only issue I would have of using a JNI solution, is that it would work on MS-Windows, but break everywhere else. Being a client, we need to have the flexibility to work no matter the platform. I have a collegue who has PowerBook which he uses on our Windows network, so this is such a user a JNI solution would lock out. regards Andre -Original Message- From: Adrian Sutton [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 23, 2004 7:49 PM To: Commons HttpClient Project Subject: Re: NTLM authentication to an MS Exchange web page account using HTTP Client V2.0 Hi Steve, There's no way that I know of to do this, however the builtin handling for the JRE seems to manage it so there's probably a com.sun class around somewhere that makes it possible. It would definitely be possibly using JNI. It's on my todo list to investigate how this is done but it's a fairly low priority (not a single user has complained yet - presumably because few of our users use NTLM). If you do find out how to do it please do let us know. Regards, Adrian Sutton. On 24/06/2004, at 2:31 AM, Steve Johnson wrote: Hi All, Thanks again Adrian, very helpful. The NTCredentials API shows that the user, password, host, and domain can be set. Is it possible to use the logged-in users credentials? This way it would allow a user to be authenticated without reentering user/pw. Thanks for the help, Steve -Original Message- From: Adrian Sutton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 22, 2004 4:20 PM To: Commons HttpClient Project Subject: Re: NTLM authentication to an MS Exchange web page account using HTTP Client V2.0 This sounds very much like the webserver isn't really using NTLM but is using Digest/Basic instead. If it really were using NTLM passing in DOMAIN\User would definitely not work because HttpClient doesn't check for that case. That would also explain why the realm isn't what you expect. I'd say a wire log should shed a lot of light on the situation (see http://jakarta.apache.org/commons/httpclient/logging.html ) Regards, Adrian Sutton On 23/06/2004, at 3:43 AM, Steve Johnson wrote: Hi All, Using HTTPClient version 2.0 We are using HTTPClient to login to a MS Exchange web page account. We can only get it to work by passing in the realm as null, and putting the domain back on to the front of the user to pass into NTCredentials(). new NTCredentials(authUserNameAppendDomainWithBackSlash + settings.getAuthUserName(), settings.getAuthPassword(), settings.getHost(), settings.getAuthDomain()) The comments on the interface say that only the username should be passed in, and NOT the domain. For other NTLM pages it works to use only the user, but this page has not worked for us without the domain like this myDomain\myUser. On State.setCredentials() we have tried passing the host, null, and the string realm in without the domain appended to user. All these attempts fail. We would prefer to use the API without the domain on the user. client.getState().setCredentials( null, //realm, null, settings.getHost()- settings.getHost(), new NTCredentials(authUserNameAppendDomain + settings.getAuthUserName(), settings.getAuthPassword(), settings.getHost(), settings.getAuthDomain()) ); Is there some documentation on how the realm interacts with authentication? Thanks for your time and effort, Steve Steve Johnson Software Engineer Mercury Interactive 720 564 - 6532 USA, Canada and the Americas 720 564-6620 Hours: M-F 08:00-17:00 MST (Mountain Standard Time) http://www.mercuryinteractive.com http://www.mercuryinteractive.com Looking for Answers to your SiteScope or SiteSeer questions? http://support.mercuryinteractive.com http://support.mercuryinteractive.com -- Intencha tomorrow's technology today Ph: 38478913 0422236329 Suite 8/29 Oatland Crescent Holland Park West 4121 Australia QLD www.intencha.com -- Intencha tomorrow's technology today Ph: 38478913 0422236329 Suite 8/29 Oatland Crescent Holland Park West 4121 Australia QLD www.intencha.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: NTLM authentication to an MS Exchange web page account using HTTP Client V2.0
Hi All, Thanks again Adrian, very helpful. The NTCredentials API shows that the user, password, host, and domain can be set. Is it possible to use the logged-in users credentials? This way it would allow a user to be authenticated without reentering user/pw. Thanks for the help, Steve -Original Message- From: Adrian Sutton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 22, 2004 4:20 PM To: Commons HttpClient Project Subject: Re: NTLM authentication to an MS Exchange web page account using HTTP Client V2.0 This sounds very much like the webserver isn't really using NTLM but is using Digest/Basic instead. If it really were using NTLM passing in DOMAIN\User would definitely not work because HttpClient doesn't check for that case. That would also explain why the realm isn't what you expect. I'd say a wire log should shed a lot of light on the situation (see http://jakarta.apache.org/commons/httpclient/logging.html ) Regards, Adrian Sutton On 23/06/2004, at 3:43 AM, Steve Johnson wrote: Hi All, Using HTTPClient version 2.0 We are using HTTPClient to login to a MS Exchange web page account. We can only get it to work by passing in the realm as null, and putting the domain back on to the front of the user to pass into NTCredentials(). new NTCredentials(authUserNameAppendDomainWithBackSlash + settings.getAuthUserName(), settings.getAuthPassword(), settings.getHost(), settings.getAuthDomain()) The comments on the interface say that only the username should be passed in, and NOT the domain. For other NTLM pages it works to use only the user, but this page has not worked for us without the domain like this myDomain\myUser. On State.setCredentials() we have tried passing the host, null, and the string realm in without the domain appended to user. All these attempts fail. We would prefer to use the API without the domain on the user. client.getState().setCredentials( null, //realm, null, settings.getHost()- settings.getHost(), new NTCredentials(authUserNameAppendDomain + settings.getAuthUserName(), settings.getAuthPassword(), settings.getHost(), settings.getAuthDomain()) ); Is there some documentation on how the realm interacts with authentication? Thanks for your time and effort, Steve Steve Johnson Software Engineer Mercury Interactive 720 564 - 6532 USA, Canada and the Americas 720 564-6620 Hours: M-F 08:00-17:00 MST (Mountain Standard Time) http://www.mercuryinteractive.com http://www.mercuryinteractive.com Looking for Answers to your SiteScope or SiteSeer questions? http://support.mercuryinteractive.com http://support.mercuryinteractive.com -- Intencha tomorrow's technology today Ph: 38478913 0422236329 Suite 8/29 Oatland Crescent Holland Park West 4121 Australia QLD www.intencha.com
Re: NTLM authentication to an MS Exchange web page account using HTTP Client V2.0
Hi Steve, There's no way that I know of to do this, however the builtin handling for the JRE seems to manage it so there's probably a com.sun class around somewhere that makes it possible. It would definitely be possibly using JNI. It's on my todo list to investigate how this is done but it's a fairly low priority (not a single user has complained yet - presumably because few of our users use NTLM). If you do find out how to do it please do let us know. Regards, Adrian Sutton. On 24/06/2004, at 2:31 AM, Steve Johnson wrote: Hi All, Thanks again Adrian, very helpful. The NTCredentials API shows that the user, password, host, and domain can be set. Is it possible to use the logged-in users credentials? This way it would allow a user to be authenticated without reentering user/pw. Thanks for the help, Steve -Original Message- From: Adrian Sutton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 22, 2004 4:20 PM To: Commons HttpClient Project Subject: Re: NTLM authentication to an MS Exchange web page account using HTTP Client V2.0 This sounds very much like the webserver isn't really using NTLM but is using Digest/Basic instead. If it really were using NTLM passing in DOMAIN\User would definitely not work because HttpClient doesn't check for that case. That would also explain why the realm isn't what you expect. I'd say a wire log should shed a lot of light on the situation (see http://jakarta.apache.org/commons/httpclient/logging.html ) Regards, Adrian Sutton On 23/06/2004, at 3:43 AM, Steve Johnson wrote: Hi All, Using HTTPClient version 2.0 We are using HTTPClient to login to a MS Exchange web page account. We can only get it to work by passing in the realm as null, and putting the domain back on to the front of the user to pass into NTCredentials(). new NTCredentials(authUserNameAppendDomainWithBackSlash + settings.getAuthUserName(), settings.getAuthPassword(), settings.getHost(), settings.getAuthDomain()) The comments on the interface say that only the username should be passed in, and NOT the domain. For other NTLM pages it works to use only the user, but this page has not worked for us without the domain like this myDomain\myUser. On State.setCredentials() we have tried passing the host, null, and the string realm in without the domain appended to user. All these attempts fail. We would prefer to use the API without the domain on the user. client.getState().setCredentials( null, //realm, null, settings.getHost()- settings.getHost(), new NTCredentials(authUserNameAppendDomain + settings.getAuthUserName(), settings.getAuthPassword(), settings.getHost(), settings.getAuthDomain()) ); Is there some documentation on how the realm interacts with authentication? Thanks for your time and effort, Steve Steve Johnson Software Engineer Mercury Interactive 720 564 - 6532 USA, Canada and the Americas 720 564-6620 Hours: M-F 08:00-17:00 MST (Mountain Standard Time) http://www.mercuryinteractive.com http://www.mercuryinteractive.com Looking for Answers to your SiteScope or SiteSeer questions? http://support.mercuryinteractive.com http://support.mercuryinteractive.com -- Intencha tomorrow's technology today Ph: 38478913 0422236329 Suite 8/29 Oatland Crescent Holland Park West 4121 Australia QLD www.intencha.com -- Intencha tomorrow's technology today Ph: 38478913 0422236329 Suite 8/29 Oatland Crescent Holland Park West 4121 Australia QLD www.intencha.com PGP.sig Description: This is a digitally signed message part
NTLM authentication to an MS Exchange web page account using HTTP Client V2.0
Hi All, Using HTTPClient version 2.0 We are using HTTPClient to login to a MS Exchange web page account. We can only get it to work by passing in the realm as null, and putting the domain back on to the front of the user to pass into NTCredentials(). new NTCredentials(authUserNameAppendDomainWithBackSlash + settings.getAuthUserName(), settings.getAuthPassword(), settings.getHost(), settings.getAuthDomain()) The comments on the interface say that only the username should be passed in, and NOT the domain. For other NTLM pages it works to use only the user, but this page has not worked for us without the domain like this myDomain\myUser. On State.setCredentials() we have tried passing the host, null, and the string realm in without the domain appended to user. All these attempts fail. We would prefer to use the API without the domain on the user. client.getState().setCredentials( null, //realm, null, settings.getHost()- settings.getHost(), new NTCredentials(authUserNameAppendDomain + settings.getAuthUserName(), settings.getAuthPassword(), settings.getHost(), settings.getAuthDomain()) ); Is there some documentation on how the realm interacts with authentication? Thanks for your time and effort, Steve Steve Johnson Software Engineer Mercury Interactive 720 564 - 6532 USA, Canada and the Americas 720 564-6620 Hours: M-F 08:00-17:00 MST (Mountain Standard Time) http://www.mercuryinteractive.com http://www.mercuryinteractive.com Looking for Answers to your SiteScope or SiteSeer questions? http://support.mercuryinteractive.com http://support.mercuryinteractive.com
Re: NTLM authentication to an MS Exchange web page account using HTTP Client V2.0
This sounds very much like the webserver isn't really using NTLM but is using Digest/Basic instead. If it really were using NTLM passing in DOMAIN\User would definitely not work because HttpClient doesn't check for that case. That would also explain why the realm isn't what you expect. I'd say a wire log should shed a lot of light on the situation (see http://jakarta.apache.org/commons/httpclient/logging.html ) Regards, Adrian Sutton On 23/06/2004, at 3:43 AM, Steve Johnson wrote: Hi All, Using HTTPClient version 2.0 We are using HTTPClient to login to a MS Exchange web page account. We can only get it to work by passing in the realm as null, and putting the domain back on to the front of the user to pass into NTCredentials(). new NTCredentials(authUserNameAppendDomainWithBackSlash + settings.getAuthUserName(), settings.getAuthPassword(), settings.getHost(), settings.getAuthDomain()) The comments on the interface say that only the username should be passed in, and NOT the domain. For other NTLM pages it works to use only the user, but this page has not worked for us without the domain like this myDomain\myUser. On State.setCredentials() we have tried passing the host, null, and the string realm in without the domain appended to user. All these attempts fail. We would prefer to use the API without the domain on the user. client.getState().setCredentials( null, //realm, null, settings.getHost()- settings.getHost(), new NTCredentials(authUserNameAppendDomain + settings.getAuthUserName(), settings.getAuthPassword(), settings.getHost(), settings.getAuthDomain()) ); Is there some documentation on how the realm interacts with authentication? Thanks for your time and effort, Steve Steve Johnson Software Engineer Mercury Interactive 720 564 - 6532 USA, Canada and the Americas 720 564-6620 Hours: M-F 08:00-17:00 MST (Mountain Standard Time) http://www.mercuryinteractive.com http://www.mercuryinteractive.com Looking for Answers to your SiteScope or SiteSeer questions? http://support.mercuryinteractive.com http://support.mercuryinteractive.com -- Intencha tomorrow's technology today Ph: 38478913 0422236329 Suite 8/29 Oatland Crescent Holland Park West 4121 Australia QLD www.intencha.com PGP.sig Description: This is a digitally signed message part