[jcifs] Re: NTLM HTTP Authentication
Michael B Allen
mba2000 at ioplex.com
Tue Feb 15 22:58:48 GMT 2005
Please send all correspondance to the JCIFS mailing list.
Thomas Spoeri said:
>
> Hi Michael
>
> I have tried to authenticate a user in a small sample
> servlet by using the NTLM HTTP Authentication filter
> which works fine.
>
> What I am wondering is if I would like to call e.g. a
> web service, how could I pass the authenticated user
> (credentials) to the web service? Or even more
> important, how can the web service check if these
> credentials are valid and therefore authenticate the
> user?
Short answer: can't do it.
The credentials established through the NTLM HTTP Authentication protocol
are specific to the challenge used in the type-2-message and therefore
cannot be used to re-authenticate with another server using NTLM HTTP
Authentication in a chain. You need the plain text equivalent password
hash (or the plain text password) to perform NTLM HTTP Authentication.
However, you could create a custom filter that just acted as a proxy to
pass the NTLM HTTP Authentication protocol messages from the client to the
next server in the chain. See the last section in the NTLM HTTP
Authentication documentation for protocol details.
Mike
More information about the jcifs
mailing list