FW: [jcifs] NTLM authentication

Clapham, Paul pclapham at core-mark.com
Thu Apr 23 21:28:52 GMT 2009 

If I understand it correctly, Sun has a licence from Microsoft to use the NTLM algorithms, but only on Windows machines. So Sun's Windows JVM will work with NTLM-based proxy servers but JVMs on non-Windows platforms won't. (That was why I had to search out a proxy server which did know how to use NTLM on my behalf.)

The natural place to fix your problem would be inside the Apache HttpClient library, but you and the HttpClient committers won't be able to get your hands on the official NTLM documents or on a licence to implement NTLM authentication, I don't think.

PC2

-----Original Message-----
From: jcifs-bounces+pclapham=core-mark.com at lists.samba.org [mailto:jcifs-bounces+pclapham=core-mark.com at lists.samba.org] On Behalf Of André Warnier
Sent: April 23, 2009 14:18
To: jcifs at lists.samba.org
Cc: Suvendu_Mohapatra
Subject: ***SPAM*** Re: FW: [jcifs] NTLM authentication

Just for the record, I am also very interested in the same subject.
Basically my issue is the following one, which might overlap yours and the OP's to some extent.

We have developed a browser applet in Java, which allows the user to select a series of files/directories locally on his workstation, and send them to a webserver as POSTs (one POST per file).  The applet is smart enough to pick up proxy settings from the browser (if any), and apply them to its own POSTs if needed.
For the POST part, we used the Apache Commons HTTPClient 3.x library.
The POSTS are multipart/form-data, because in addition to the file itself, there are some additional parameters being posted each time.
Generally, it works fine.

However, we have a problem when the POSTs have to go through a corporate proxy which requires NTLM authentication.
The Apache HTTPClient library does not handle that.
Sun's java.net.URL class handles this fine, and seems to "magically" do whatever's needed, with GETs and also with basic POSTs (url-encoded).
But java.net.URL does not handle "multipart/form-data" posts, and it seems quite complicated to add this capability from the outside.
So for the moment, we're stuck, and conjuring up many swearwords to the attention of whomever invented proxies with NTLM authentication.

One frustrating part in all this, is that the browser in which this applet runs, has no problem at all authenticating to the proxy and sending POSTs through it (to submit its html <forms> e.g.). But the applet running in the browser does.

André


Michael B Allen wrote:
> On Thu, Apr 23, 2009 at 3:16 PM, Clapham, Paul <pclapham at core-mark.com> wrote:
>> Sorry, I sent this link to Suvendu only instead of the list last time.
>>
>> http://sourceforge.net/projects/ntlmaps/
>>
>> It's written in Python but I expect it shouldn't be hard to figure out the NTLM part.
> 
> Yeah, I've seen that (and cntlm) but I would like to find something 
> more definitive. In particular I'm curious as to what Microsoft's 
> proxy software is. I've tried to search around on their website but I 
> just don't know enough about it to get a toe hold. Then again I 
> haven't spent much time on it.
> 
> Thanks tho.
> 
> Mike

More information about the jcifs mailing list