4

When I access a HTTP server using the standard Java API (java.net.URLConnection), the credentials are "cached" after the first successful authentication, and subsequent calls to Authenticator.setDefault() have no effect. So, I need to restart the application in order to use different credentials.

I don't observe this effect when Basic Authentication is used. But I need to use NTLM for the server I'm accessing, and the Jakarta Commons HttpClient isn't an alternative either because it doesn't support NTLMv2 (see http://oaklandsoftware.com/papers/ntlm.html)

Looking at the packets using Wireshark, I also observe that before the first successful authentication, an authentication with the current Windows credentials is attempted first. But after succesful authentication, only the saved credentials are used.

Is there any way to reset or change the credentials java.net.Authenticator is using after a successful NTLM authentication?

ndeuma
  • 729
  • 7
  • 12
  • ndn, Could you find anything on this? Facing similar problems in implementing a proxy which needs different connections to use different credentials. There should be a setting somewhere which specifies "don't use system/user credentials by default". I will keep you posted if I find something. – Narayan Raman Feb 23 '10 at 04:42
  • 1
    http://java.sun.com/javase/6/docs/technotes/guides/net/http-auth.html says "On Microsoft Windows platforms, NTLM authentication attempts to acquire the user credentials from the system without prompting the user's authenticator object. If these credentials are not accepted by the server then the user's authenticator will be called. " – ndeuma Feb 26 '10 at 16:28

2 Answers2

3

Nope

http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6626700

indicates this is an outstanding bug. An author in there suggests some nasty reflection magic to get past this. That's ok as long as this is in-house and documented as fragile and potentially breaking. Certainly not great

MJB
  • 9,352
  • 6
  • 34
  • 49
1

Would HttpClient 4.x + jCIFS 1.3.x be an alternative?

fglez
  • 8,422
  • 4
  • 47
  • 78