NTLMv2 Authentication in Java (HTTPCLIENT Patch)
The excellent article over at Oakland Software discusses the number of troubles one has trying to authenticate with NTLMv2, especially when the setting “Network security: Minimum session security for NTLM SSP based (including secure RPC) servers“ is applied on the server.
As the article cites, commons-httpclient does not support NLTMv2. On HTTPCLIENT-579, a contributor names Konstantin supplied an LGPL patch for negotitating NTLMv2. Unfortunately the patch didn’t seem to work with the “Network security: Minimum session security for NTLM SSP based (including secure RPC) servers“ setting. I’ve submitted a path for Konstantin’s work that provides such support. If this is of interest to you, checkout the bug above, and my patch. Keep in mind it’s obviously bound under the same licence as Konstantin’s work.
Hi,
I am interested in your code to authenticate NTLMv2 via HTTP CLIENT. Do you have any example code which will explain how to get Authentication string ?
Thanks & Regards,
Raghavan
Hi Raghavan,
I did the integration sometime ago, but basically you want to get Konstantin's rar file, compile it against httpclient 3.1. One change I did make to Konstantin's solution was renaming NTLMScheme to NTLMv2Scheme and putting it in a different namespace to the commons httpclient NTLMScheme. Then in my mainline of my application I load in the replacement scheme with:
After you've done this, connecting to an NTLMv2 site should be identical to how you would connect to a site with http basic auth -- follow any one of a number of httpclient examples. If you find the server your connecting to requires “Network security: Minimum session security for NTLM SSP based (including secure RPC) servers“, then you'll want to integrate my patch into NTLM.java and try again.
Hi,
Thanks for the useful information. That worked as you said.
Thanks,
Raghavan
Hey Andrew,
We have similar issue while invoking the Webservice which is hosted on windows 2003 server. So I have followed instructions and downloaded the HttpClient-3.0.1 source from the apache site and added files that are in the NTLMv2.rar which is attached to ticket on Jira. Then compiled and build the jar using the ant script. But issue did not resolved and still says 401.2 Http errors on the server side. Can you please let me know what I am doing wrong? We are using the CommonHttpSender in the axis instead of default HttpSender class. Below are details of component versions.
Axis Client: 1.4
JDK : 1.4.2_19
Commons-HttpClient Source Code : 3.0.1
Ant: 1.6
Appreciate your help.