File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes NT Authorization through a servlet Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "NT Authorization through a servlet" Watch "NT Authorization through a servlet" New topic
Author

NT Authorization through a servlet

Mike Ottinger
Ranch Hand

Joined: Jan 11, 2002
Posts: 125
Hi Folks,

Using HttpClient I'm creating an NTCredentials object to pass to a request for a centralized xml document being served from a separate web app. This works fine if I specify my domain username and password. But I'm wary of having this stuff open and available in my source code. So I'm wondering if the NTLM authorization process can accept app-server defined usernames such as admin, manager, or guest. Or does this involve a different auth-type such as BASIC? Doesn't basic require a username/password prompt?


SCJP 1.4 SCJD 1.5
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Mike,

I've read it can be done but I'm not sure how exactly to do it.

These might point you in the right direction.
http://seedwiki.com/wiki/tech_articles/Tech%20Articles.html
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html

Even if you don't use NT Domains the JDBC Realms might be of interest to you.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Mike Ottinger
Ranch Hand

Joined: Jan 11, 2002
Posts: 125
Thanks for the reply Ben. I found a good work-around. I basically had my server admin create a new user within the domain of the server. Passing that into the NTCredential object works great. There's no sense in changing an authentication type then having to workaround that. Thanks for the links.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: NT Authorization through a servlet
 
Similar Threads
Basic authentication soap header values?
Invoking a https webservice
basic authorization servlet with acl file
Cactus authentication
REST security