Using jCIFS NTLM Authentication for HTTP ConnectionsUsing jCIFS, support for the NTLM authentication protocol can be added to HTTP connections. This functionality was added to Java 1.4.2 for Windows; jCIFS extends this feature to all supported platforms, as well as older Java environments. This allows Java-based HTTP clients to connect to web sites which use the "NTLM" or "Negotiate" authentication schemes, providing easy integration with domain user accounts. Note: This functionality is a non-conformant extension to HTTP conceived entirely by Microsoft. It inappropriately uses HTTP headers and therefore may not work with all Java environments or HTTP connection implementation. Also, this flavor of password encryption is not very secure so under no circumstances should it be used to authenticate clients on the Internet. Installation and SetupThe jCIFS NTLM support is implemented as a URLStreamHandler for HTTP connections. This handler "wraps" the default handler provided by your Java environment to add support for NTLM authentication. There are two ways to install the handler:
After the handler is installed, NTLM support is transparently available to your application. To create a connection to an NTLM-protected site, you would simply do something like:
URL myUrl = new URL("http://server/index.html"); InputStream stream = myUrl.openStream(); Authentication information is obtained from jCIFS properties (outlined below). Authentication information for a particular connection can also be explicitly provided within the URL itself, using the form:
http://DOMAIN%5cuser:password@server/index.html jCIFS Properties Meaningful to NTLM HTTP ClientsThe table below outlines the properties which directly affect the use of NTLM for HTTP connections. These can be passed via system properties, or set explicitly within an application using the jcifs.Config.setProperty method. These properties must be set before jCIFS classes are used. For a complete list of jCIFS properties refer to the overview page of the API documentation.
Compatibility NotesThe functionality provided requires that the underlying HTTP implementation supports keep-alive connections. This has been tested successfully under Sun's JDK 1.3.1_02, 1.3.1_06, 1.3.1_07, 1.4.0_01, and 1.4.2-beta. It is known NOT to work on JDK 1.3, as well as the initial release of JDK 1.3.1. Results on other JDK versions, as well as other vendor implementations, may vary. |