Mercurial > hg > AnnotationManager

comparison libs/httpcomponents-client-4.0-beta1/NTLM_SUPPORT.txt @ 5:0be9d53a6967

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
editor for annotations
author dwinter
date Tue, 13 Dec 2011 17:43:46 +0100
parents
children
comparison
equal deleted inserted replaced
4:c32080f364c6 5:0be9d53a6967
1 NTLM support in HttpClient 4.x
2 ==============================
3
4 Currently HttpClient 4.0 does not provide support for the NTLM authentication
5 scheme out of the box and probably never will. The reasons for that are legal
6 rather than technical.
7
8 Background
9 ==========
10 NTLM is a proprietary authentication scheme developed by Microsoft and
11 optimized for Windows operating system.
12
13 Until year 2008 there was no official, publicly available, complete
14 documentation of the protocol. Unofficial 3rd party protocol descriptions
15 existed [1] as a result of reverse-engineering efforts. It was not really
16 known whether the protocol based on the reverse-engineering were complete
17 or even correct.
18
19 Microsoft published MS-NLMP [2] and MS-NTHT [3] specifications in February
20 2008 as a part of its Interoperability Principles initiative [4].
21 Unfortunately, it is still not entirely clear whether NTLM encryption
22 algorithms are covered by any patents held by Microsoft, which would make
23 commercial users of open-source NTLM implementations liable for the use of
24 Microsoft intellectual property.
25
26 Enabling NTLM support in HttpClient 4.x
27 =======================================
28 The good news is HttpClient is fully NTLM capable right out of the box.
29 HttpClient ships with the NTLM authentication scheme, which, if configured
30 to use an external NTLM engine, can handle NTLM challenges and authenticate
31 against NTLM servers.
32
33 -----------------------------------------------------------
34 public interface NTLMEngine {
35
36 String generateType1Msg(
37 String domain,
38 String workstation) throws NTLMEngineException;
39
40 String generateType3Msg(
41 String username,
42 String password,
43 String domain,
44 String workstation,
45 String challenge) throws NTLMEngineException;
46
47 }
48 -----------------------------------------------------------
49
50 Using Samba JCIFS as an NTLM engine
51 ===================================
52 Follow these instructions to build an NTLMEngine implementation using JCIFS
53 library
54
55 =========== !!!! DISCLAIMER !!!! ===========
56 HttpComponents project DOES _NOT_ SUPPORT the code provided below. Use it as
57 is at your own discretion.
58
59 * Download the latest jcifs library from the Samba web site [5]
60 * Implement NTLMEngine interface
61 -----------------------------------------------------------
62 import jcifs.ntlmssp.Type1Message;
63 import jcifs.ntlmssp.Type2Message;
64 import jcifs.ntlmssp.Type3Message;
65 import jcifs.util.Base64;
66
67 import org.apache.http.impl.auth.NTLMEngine;
68 import org.apache.http.impl.auth.NTLMEngineException;
69
70 public class JCIFSEngine implements NTLMEngine {
71
72 public String generateType1Msg(
73 String domain,
74 String workstation) throws NTLMEngineException {
75
76 Type1Message t1m = new Type1Message(
77 Type1Message.getDefaultFlags(),
78 domain,
79 workstation);
80 return Base64.encode(t1m.toByteArray());
81 }
82
83 public String generateType3Msg(
84 String username,
85 String password,
86 String domain,
87 String workstation,
88 String challenge) throws NTLMEngineException {
89 Type2Message t2m;
90 try {
91 t2m = new Type2Message(Base64.decode(challenge));
92 } catch (IOException ex) {
93 throw new NTLMEngineException("Invalid Type2 message", ex);
94 }
95 Type3Message t3m = new Type3Message(
96 t2m,
97 password,
98 domain,
99 username,
100 workstation);
101 return Base64.encode(t3m.toByteArray());
102 }
103
104 }
105 -----------------------------------------------------------
106 * Implement AuthSchemeFactory interface
107 -----------------------------------------------------------
108 import org.apache.http.auth.AuthScheme;
109 import org.apache.http.auth.AuthSchemeFactory;
110 import org.apache.http.impl.auth.NTLMScheme;
111 import org.apache.http.params.HttpParams;
112
113 public class NTLMSchemeFactory implements AuthSchemeFactory {
114
115 public AuthScheme newInstance(final HttpParams params) {
116 return new NTLMScheme(new JCIFSEngine());
117 }
118
119 }
120 -----------------------------------------------------------
121 * Register NTLMSchemeFactory with the HttpClient instance you want to NTLM
122 enable.
123 -----------------------------------------------------------
124 httpclient.getAuthSchemes().register("ntlm", new NTLMSchemeFactory());
125 -----------------------------------------------------------
126 * Set NTCredentials for the web server you are going to access.
127 -----------------------------------------------------------
128 httpclient.getCredentialsProvider().setCredentials(
129 new AuthScope("myserver", -1),
130 new NTCredentials("username", "password", "MYSERVER", "MYDOMAIN"));
131 -----------------------------------------------------------
132 * You are done.
133
134
135 Why this code is not distributed with HttpClient
136 ================================================
137 JCIFS is licensed under the Lesser General Public License (LGPL). This license
138 is not compatible with the Apache Licenses under which all Apache Software is
139 released. Lawyers of the Apache Software Foundation are currently investigating
140 under which conditions Apache software is allowed to make use of LGPL software.
141
142 -----------------------------------------------------------
143 [1] http://davenport.sourceforge.net/ntlm.html
144 [2] http://download.microsoft.com/download/a/e/6/ae6e4142-aa58-45c6-8dcf-a657e5900cd3/%5BMS-NLMP%5D.pdf
145 [3] http://download.microsoft.com/download/a/e/6/ae6e4142-aa58-45c6-8dcf-a657e5900cd3/%5BMS-NTHT%5D.pdf
146 [4] http://www.microsoft.com/interop/principles/default.mspx
147 [5] http://jcifs.samba.org/