[jcifs] problem with java applet needing NTLM proxy authentication

John.Baker at barclayscapital.com John.Baker at barclayscapital.com
Wed Mar 11 14:37:25 GMT 2009

I don't think you can get access to the browser's JS session unless you sign the applet.  You could of course pass everything you want as parameters to the applet. 

> -----Original Message-----
> From: 
> jcifs-bounces+john.baker=barclayscapital.com at lists.samba.org 
> [mailto:jcifs-bounces+john.baker=barclayscapital.com at lists.sam
> ba.org] On Behalf Of André Warnier
> Sent: 11 March 2009 14:16
> To: JCIFS Samba list
> Subject: [jcifs] problem with java applet needing NTLM proxy 
> authentication
> Hi.
> This is probably not a jCIFS issue, but I'm addressing this 
> to this list, figuring that is where I'll find the required expertise.
> (Note : I have already received a hint about this from Chuck 
> Caldarale, but honestly I don't know how to handle it.  The 
> hint consisted of the code of some of the classes 
> (NTLMAuthentication) of the Sun sun.net.www.protocol.http 
> package.  However, I can't quite figure out where these would fit).
> Summary : we provide a web application to our customers, 
> hosted on our Internet website.  Customers access this 
> application from within their corporate networks.
> In one page of the application, we use a java applet.  This 
> applet collects some information from the html form in which 
> it is located, and then builds and sends its own POST 
> requests to our server.
> It works fine in most cases, but in one customer case it does 
> not, for the following reason : at this customer, browsers 
> access the Internet through a proxy which requires an NTLM 
> authentication.
> The browser's own proxy NTLM authentication works fine, since 
> these customers are able to access the pages of our web 
> application, even the one containing the applet.
> But our java applet knows nothing about NTLM authentication, 
> so when it in turn tries to POST to our server, it hits a wall.
> I am a bit lost in all this, so I would be grateful for any 
> further relevants questions or tips indicating at least a 
> direction in which to search for a solution.
> To create the POSTs to our server, the applet currently uses 
> the following classes :
> import org.apache.commons.httpclient.HttpClient;
> import org.apache.commons.httpclient.HttpStatus;
> import org.apache.commons.httpclient.methods.PostMethod;
> import org.apache.commons.httpclient.methods.multipart.FilePart;
> import org.apache.commons.httpclient.methods.multipart.StringPart;
> import org.apache.commons.httpclient.methods.multipart.PartBase;
> import
> org.apache.commons.httpclient.methods.multipart.MultipartReque
> stEntity;
> import org.apache.commons.httpclient.methods.multipart.Part;
> import org.apache.commons.httpclient.params.HttpMethodParams;
> import org.apache.commons.httpclient.HostConfiguration;
> Our applet already picks up from the browser the proxy 
> settings to use for the POSTs, and that part works fine.
> What I would really like to know, is whether there exists a 
> method by which this applet (which in this case runs in a IE 
> browser), can somehow obtain from the enclosing browser the 
> NTLM credentials already used by the browser for 
> authenticating to the proxy.
> The applet can be seen in operation on our website, and I can 
> also provide the source code to anyone who is interested.
> Thanks in advance
> André

This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unless specifically indicated, this e-mail is not an offer to buy or sell or a solicitation to buy or sell any securities, investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Barclays. Any views or opinions presented are solely those of the author and do not necessarily represent those of Barclays. This e-mail is subject to terms available at the following link: www.barcap.com/emaildisclaimer. By messaging with Barclays you consent to the foregoing.  Barclays Capital is the investment banking division of Barclays Bank PLC, a company registered in England (number 1026167) with its registered office at 1 Churchill Place, London, E14 5HP.  This email may relate to or be sent from other members of the Barclays Group.

More information about the jcifs mailing list