0

We have NTLM authentication from Java against MS Sharepoint working in all environments but from within Weblogic Server.

In WLS we see that Authenticator#getPasswordAuthentication returns 'basic' instead of 'ntlm'. What could the reason for that behavior be? The same code works just fine if run standalone or from within Tomcat (using the same JVM).

The relevant code as follows:

NtlmAuthenticator authenticator = new NtlmAuthenticator(configParameters.getNtlmUsername(),
    configParameters.getNtlmPassword(), configParameters.getNtlmDomain());

log.info("JVM running with security manager enabled: {}", System.getSecurityManager() != null);
// requires NetPermission 'setDefaultAuthenticator' if security manager enabled
Authenticator.setDefault(authenticator);


public class NtlmAuthenticator extends Authenticator {

  private char[] password;
  private String userAuthentication;

  public NtlmAuthenticator(String username, String password, String domain) {
    userAuthentication = username;
    if (StringUtils.isNotBlank(domain)) {
      // According to
      // https://msdn.microsoft.com/en-us/library/windows/desktop/aa380525(v=vs.85).aspx
      userAuthentication = domain + "\\" + username;
    }
    this.password = password.toCharArray();
  }

  @Override
  public PasswordAuthentication getPasswordAuthentication() {
    log.debug("Scheme: '{}'", getRequestingScheme());
    return new PasswordAuthentication(userAuthentication, password);
  }
}
Marcel Stör
  • 22,695
  • 19
  • 92
  • 198

1 Answers1

0

Short answer 1

Use a patched version of Apache httpclient: https://issues.apache.org/jira/browse/HTTPCLIENT-1881

Short answer 2

Set -DUseSunHttpHandler=true when you start WebLogic Server. Some references: https://docs.oracle.com/en/cloud/paas/javase-cloud/csjsu/you-should-now-set-sun-http-handlers-property-value-true-when-making-outbound-http-s-calls.html, Impact/Risk on enable -DuseSunHttpHandler on Weblogic10.3.0 & https://stackoverflow.com/a/27931816/131929 (both a bit older).

At some point I during (remote) debugging noticed that I didn't have java.net.http.* objects on the stack but weblogic.net.http.*. WTF I thought...and yes, WLS does replace the standard Sun networking stack by default.

Marcel Stör
  • 22,695
  • 19
  • 92
  • 198