Skip to main content

Custom NTLMv2 authenticator for Exchange Web Services (EWS) applications

Please note these java.net forums are being decommissioned and use the new and improved forums at https://community.oracle.com/community/java.
2 replies [Last post]
Anonymous

I maintain a couple of applications using Exchange via EWS (Exchange Web
Services and jax-ws client), and the first one was deployed more than a year
ago. Everything was working well until the Exchange admins turned off basic
authentication (used a java.net.Authenticator) in favor of ntlm v2. Now the
applications don't work.

I have spent the last day or so reviewing the Metro documentation.
Unfortunately there is no explicit discussion of my particular issue, eg.
creating a custom authenticator.

I know how to make a straight authenticated https call to the web service
using httpclient 4.2.

What is the best way to attack the problem?

1. Can I create a handler to manage the authentication or the
HttpURLConnection?
2. Can I create a custom implementation of a WSHTTPConnection? If so, how do
I register it?
3. Better approach?

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Kumar Jayanti Guest
Offline
Joined: 2011-04-02

On Aug 24, 2012, at 7:40 PM, dgodbey wrote:

> I maintain a couple of applications using Exchange via EWS (Exchange Web
> Services and jax-ws client), and the first one was deployed more than a year
> ago. Everything was working well until the Exchange admins turned off basic
> authentication (used a java.net.Authenticator) in favor of ntlm v2. Now the
> applications don't work.
>
> I have spent the last day or so reviewing the Metro documentation.
> Unfortunately there is no explicit discussion of my particular issue, eg.
> creating a custom authenticator.
>
> I know how to make a straight authenticated https call to the web service
> using httpclient 4.2.
>
> What is the best way to attack the problem?
>
> 1. Can I create a handler to manage the authentication or the
> HttpURLConnection?
I guess u can but it could be a lot of work and i am not sure if you have access to all the HTTP Headers in the Handler.
> 2. Can I create a custom implementation of a WSHTTPConnection? If so, how do
> I register it?
> 3. Better approach?

http://docs.oracle.com/javase/6/docs/technotes/guides/net/http-auth.html

see if this helps where you finally set Authenticator.setDefault(new MyAuthenticator()); with the scheme as NTLM.

>
>
>
>

dgodbey

Thanks for replying.

I have been using an authenticator class all along as you suggest below.

A couple of weeks ago when they went to a ntlmv2, my app stopped working. Best I can tell according to this article that you cite, I should be using a scheme of SPNEGO or negotiate. However, I am unable to force it using -Dhttp.auth.preference="scheme".
It always shows that it is using a scheme of NTLM. Is this a problem with the server not having spnego or negotiate scheme in the list?

Thanks,
Dave

From: kumarjayanti [via Metro] [mailto:ml-node+s1045641n5709879h46@n5.nabble.com]
Sent: Tuesday, August 28, 2012 7:26 AM
To: Godbey, David J. (HQ-LM020)[INDYNE INC]
Subject: Re: Custom NTLMv2 authenticator for Exchange Web Services (EWS) applications

On Aug 24, 2012, at 7:40 PM, dgodbey wrote:

I maintain a couple of applications using Exchange via EWS (Exchange Web
Services and jax-ws client), and the first one was deployed more than a year
ago. Everything was working well until the Exchange admins turned off basic
authentication (used a java.net.Authenticator) in favor of ntlm v2. Now the
applications don't work.

I have spent the last day or so reviewing the Metro documentation.
Unfortunately there is no explicit discussion of my particular issue, eg.
creating a custom authenticator.

I know how to make a straight authenticated https call to the web service
using httpclient 4.2.

What is the best way to attack the problem?

1. Can I create a handler to manage the authentication or the
HttpURLConnection?
I guess u can but it could be a lot of work and i am not sure if you have access to all the HTTP Headers in the Handler.

2. Can I create a custom implementation of a WSHTTPConnection? If so, how do
I register it?
3. Better approach?

http://docs.oracle.com/javase/6/docs/technotes/guides/net/http-auth.html

see if this helps where you finally set Authenticator.setDefault(new MyAuthenticator()); with the scheme as NTLM.