Home/ Questions/Q 348941
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T11:24:42+00:00

I need to connect Apache Axis 1.4 to a Webservice that uses NTLM authentication

  • 0

I need to connect Apache Axis 1.4 to a Webservice that uses NTLM authentication to restrict access to its operations.
I’m expecting to use Samba Jcifs to handle the NTLM handshake.

I found

http://hc.apache.org/httpcomponents-client/ntlm.html

which gives me fantastic directions for how to wire up HttpClient 4.0 with jcifs.

Trouble is, Axis wants to use Http Client 3.0 and the two apis look very different.

There are 2 possibilities that I can see

  1. Write an object for Axis that lets it plug into HttpClient 4.
  2. Figure out how to wire HttpClient 3.0 up with Samba Jcifs.

Number 1. looks non-trivial, but possible
Number 2. I cannot find any encouraging messages on the web describing how to do this.

My question is: has anyone successfully connected samba jcifs with HttpClient 3.0 ?
Has anyone already created an Axis HttpSender object that works with HttpClient 4 ?

Is there some better alternative that I have not considered?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Finally have a solution to this.

    The problem

    Apache Axis uses Apache HTTPClient which provides its own NTLM implementation.
    However this implementation is incomplete; it only supports the primitive LM authentication.
    The system I need to connect to insists upon the more recent NTLM authentication.

    Therefore my Webservice was failing to authenticate when using the Apache HTTP Client with NTLM.

    This actually then enters an infinite loop as the HTTPClient will never stop trying and failing to authenticate.

    The solution

    jcifs fully supports all 3 versions of the NTLM handshake.
    I have copy-and-pasted org.apache.commons.httpclient.auth.NTLM into my own class (it is declared as ‘final’ in order to defeat inheritance)

    I have then overwritten the method

    public String getType3Message(
        String user, String password, String host, String domain,
        byte[] nonce) throws AuthenticationException

    to construct an instance of jcifs.ntlmssp.Type3Message
    and use this object to return a Type3Message that has the NTML authentication correctly generated.

    I then needed to create my own instance of org.apache.commons.httpclient.auth.AuthScheme
    to make use of this new NTLM implementation. call
    org.apache.commons.httpclient.auth.AuthPolicy.registerAuthScheme(AuthPolicy.NTLM, MyNewAuthScheme.class)

    start up my WS endpoint stub.

    And it works !!!

    • 0