The short version: I have a Tomcat hosted Java Spring app and am trying to access a local OData web service that uses Kerberos/NTLM authentication. The app calls the web service automatically on a schedule. As such I have no logged in user.
My research so far has led me to believe that the Waffle API might be the answer. However I can't seem to specify a user and password and successfully authenticate.
Has anyone else managed to do this?
The longer version: In my test lab I have managed to successfully access the service using Springs Rest Template and adding NTCredentials to it as follows:
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(AuthScope.ANY, new NTCredentials(user, pass, null, domain));
CloseableHttpClient httpclient = HttpClientBuilder
.create()
.setDefaultCredentialsProvider(credsProvider)
.build();
RestTemplate restTemplate = new RestTemplate();
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpclient);
restTemplate.setRequestFactory(requestFactory);
getUrl = "http://"+ host +":"+ port + getUrl;
ResponseEntity<String> response1 = restTemplate.exchange(getUrl, HttpMethod.GET, null, String.class);
However this does not work on the clients domain. The difference appears to be that, on the clients domain, the service is returning the WWW-Authenticate attribute of 'Negotiate' not 'NTLM'. This seems to imply it's trying to use kerberos.
Leading on from this I've written a standalone app using Spring Boot and Waffle. This can successfully call the service on the clients domain using a kerberos ticket for the logged in user (the one that launched the app). In my tomcat hosted app there is no logged in user. I therefore need to force the app to use a specific user. I've then tried using the IWindowsAuthProvider.logonUser and IWindowsAuthProvider.impersonate methods without success.
Any help with this would be greatly appreciated
