Using NTLM authentication with HttpClient


Sometimes the web service you want to consume is locked behind Windows (NTLM) authentication. I struggled for a bit trying to figure out how to use NTLM authentication with an HttpClient request in a sample Android application. It looked like I had everything setup properly, but it just wasn’t working. Then I found the blog post, Android: Authenticating via NTLM, that started me down the proper path. Ah-ha! NTLM authentication is not supported out of the box with HttpClient for various reasons. There is a Java library that supports NTLM authentication, the Java CIFS Client Library, but it is not bundled with Apache’s HttpClient.

Ntlm

According to the Apache Http Components documentation, this is due to two concerns; Microsoft only just made public the specification for NTLM in February 2008 and for whatever reason it is still not clear whether parts of the protocol are protected by patents. Secondly JCIFS is licensed under the Lesser General Public License and so is not necessarily compatible with the Apache License.

So instead of providing an actual implementation, we get a set of interfaces for clients to provide this functionality them self’s (sic): org.apache.http.auth.AuthScheme, org.apache.http.auth.AuthSchemeFactory, org.apache.http.impl.auth.NTLMScheme, org.apache.http.impl.auth.NTLMEngine, org.apache.http.impl.auth.NTLMEngineException;

So how do these classes go together? The HttpClient needs an AuthScemeFactory that will return the AuthScheme descendant NTLMScheme. NTLMScheme requires an implementation of the NTLMEngine interface to operate on.

Apache provides the interfaces but you have to provide the implementation. Now what? Well, it turns out that Apache does actually provide the code implementation but it is “out of band” and not distributed with HttpClient. You can find the details in the HttpClient documentation, NTLM Support in HttpClient. Read the linked article for details, but basically you download and import the JCIFS library from the Samba site and then copy and paste the code for two classes (from the NTLM Support in HttpClient page) to implement the NTLMEngine and AuthSchemeFactory interfaces. There are even a couple of example how to use it. Once you’ve completed those couple of steps you will have support for using NTLM authentication with your HttpClient requests from your Android application.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s