Reputation: 3014
java - HttpClient doesn't authenticate with NTLM
Trying to connect to a resource which is protected with NTLM authentication. When making a request I get a response 401 unauthenticated, but httpclient doesn't perform NTLM authentication after that.
Added Interceptor to see the communication and it doesn't even attempt to authenticate:
Request:
POST/NAV/xxxxxxxxx
Content-type: text/xml; charset=utf-8
SOAPAction:
Content-Length: 359
Host: xxx.local:7051
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.5.4 (Java/1.8.0_181)
Accept-Encoding: gzip,deflate
Response:
Unauthorized
Content-Length: 0
Server: Microsoft-HTTPAPI/2.0
WWW-Authenticate: Negotiate
Date: Wed, 26 Sep 2018 10:37:56 GMT
No requests made after that.
Any suggestions what can be wrong here?
Here is my code:
NTCredentials credentials = new NTCredentials("testuser", "pass1", null, "stt.local");
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(AuthScope.ANY, credentials);
ArrayList<String> authPrefs = new ArrayList<String>();
authPrefs.add(AuthSchemes.NTLM);
RequestConfig requestConfig = RequestConfig.custom()
.setSocketTimeout(30000)
.setConnectTimeout(30000)
.setTargetPreferredAuthSchemes(Arrays.asList(AuthSchemes.NTLM))
.setProxyPreferredAuthSchemes(Arrays.asList(AuthSchemes.BASIC))
.build();
HttpClient client = HttpClientBuilder.
create().
setDefaultCredentialsProvider(credsProvider).
setDefaultRequestConfig(requestConfig).
addInterceptorLast(new LoggingRequestInterceptor()).
addInterceptorLast(new LoggingResponseInterceptor()).
build();
HttpPost post = new HttpPost(endpoint); //Provide Request URL
try {
StringEntity input = new StringEntity(bodyAsString);
input.setContentType("text/xml; charset=utf-8");
post.setEntity(input);
post.setHeader("Content-type", "text/xml; charset=utf-8");
post.setHeader("SOAPAction", ""); //Provide Soap action
org.apache.http.HttpResponse response = client.execute(post);
}
Upvotes: 0
Views: 6541
Answers (1)
Reputation: 30165
The parameters to that NTCredentials constructor should have separate username and domain name.
Parameters:
userName - The user name. This should not include the domain to authenticate with. For example: "user" is correct whereas "DOMAIN\user" is not.
password - The password.
workstation - The workstation the authentication request is originating from. Essentially, the computer name for this machine.
domain - The domain to authenticate within.
Upvotes: 1
Related Questions
- NTLM authentication in Apache HttpClient
- Apache HttpClient v5.0 doesn't authenticate with NTLM on Windows
- Apache HttpClient 4.1.1 NTLM authentication not SPNEGO
- apache httpclient + ntlm Authentication
- HTTP 403 Forbidden coming when using HttpClient authentication mechanism for Sharepoint using NTLM
- HttpClient gives Negotiate error with NTLM auth provider
- Connecting to NTLMv2 from Java\httpclient 3\linux
- How do you programatically authenticate to a web server using NTLM Authentication with apache's commons httpclient?
- HttpClient using both SSL encryption and NTLM authentication fails
- HTTP/1.1 407 error with latest Apache HttpClient 4.1.1 when using NTLM authentication