[opensas]

I need to consume a rest web service with java, passing the credentials of a domain user account.

right now I'm doing it with classic asp

Code:

set xmlHttp = server.createObject( "msxml2.serverxmlhttp" )
xmlHttp.open method, url, false, domain & "\" & user, password
xmlHttp.send body
out = xmlHttp.responseText
set xmlHttp = nothing

and with asp.net

Code:

HttpWebRequest request = (HttpWebRequest) WebRequest.Create( url );

request.Credentials = new NetworkCredential(user, password, domain);

request.Method = WebRequestMethods.Http.Get

HttpWebResponse response = (HttpWebResponse) request.GetResponse();

StreamReader outStream = new StreamReader( response.GetResponseStream(), Encoding.UTF8) ;

output = outStream.ReadToEnd();

how can I achieve this with java? Take into account that I'm not using the credentials of the currently logged user, I'm specifing the domain account (I have the password)

please tell me it's as easy as with classic asp and asp.net....

[glennji]

Unfortunately, NTLM is a proprietary Microsoft protocol, so isn't included in the default Java APIs. However, you should be able to do the same thing with a 3rd-party library:

Open Source (and free):
Luigi Dragone Home Page - NTLM Authentication in Java

NTLMv2, commercial:
Jespa - Java Active Directory Integration

caveat: I've used neither. But hope that helps!

[opensas]

thanks a lot for your answer, but I wonder if it's possible to do this, with the buil-in JRE classes, using kerberos instead of ntlm... I mean, kerberos is not propietary stuff like NTLM...

[georgedaswani@hotmail.com]

Quote:

Originally Posted by opensas

thanks a lot for your answer, but I wonder if it's possible to do this, with the buil-in JRE classes, using kerberos instead of ntlm... I mean, kerberos is not propietary stuff like NTLM...

I'm pretty sure IIS uses SPNEGO - https://spnego.dev.java.net/ or JCIFS might give you some info - my assumption is that you need to generate an SPNEGO token and attach it to the request. RFC 4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows might be useful.

I'm pretty sure you can use the JGSS API that comes with the JRE 1.6 to get it working. Your Windows AD admins might need to generate a keytab file (+ a service principal - also known as the SPN using "ktpass") for your calling service though (maybe tied to a service account).

Have to do the following

1) Client obtains a Ticket Granting Ticket (TGT)
2) Client requests a Service Ticket (TGS_REQ)
3) Client obtains a Service Ticket (TGS_REP)

Client then sends the SPNEGO token as a part of the request. Couple this with Apache's HttpClient for java..

Have you tried just sending the BASIC authentication header with the request? I guess it depends how the IIS's authentication settings are configured.

[patdgonzalez@yahoo.com]

Here's a project, SpnegoHttpURLConnection, that has an example on how to do it.