3

I am using eclipse to develop 2 parts of an application.

The web part provides REST services and requests to the services are filtered using waffle.servlet.NegotiateSecurityFilter which extracts the Windows login information to identify the user.

The client part uses HttpURLConnection to send requests to the web part. As I understand it, the Ntlm information is automatically packed into the request.

While I was testing this in eclipse, it worked fine. When I deployed the client JAR it did not work. I get a 401 Not Authenticated.

After a bit of investigation I found that I can reproduce this in eclipe by setting the execution environment to a JRE instead of the default which is a JDK.

I have JRE "1.8.0_201" and JDK "1.8.0_161" installed.

So, simply by changing the execution environment from JRE to JDK I can get the connection to authenticate.

What does the JDK do differently and what can I do to get the client to work with a JRE?

paul
  • 13,312
  • 23
  • 81
  • 144
  • different cipher suites ? – Gab Feb 06 '19 at 14:35
  • @Gab I wondered that and copied the `lib/security` folder from the JDK to the JRE. (I assume everything relevant is in that folder). Problem remains. – paul Feb 07 '19 at 09:09
  • Hi I had the same issue. Something has changed between u192 and u201. https://www.oracle.com/technetwork/java/javase/8u201-relnotes-5209271.html I suspect it is this: https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8211883. – scaryxited Mar 04 '19 at 17:23

2 Answers2

3

I think the first answer of How to provide ntlm authentication while calling any url? can reply to this question. With Java 8u201 there is a this new JRE option jdk.http.ntlm.transparentAuth wich is set to disabled by default

N. Bégorre
  • 31
  • 1
2

I didn't manage to find the difference between the JRE and JDK. Instead, I found this work-around.

<!-- https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient -->
<dependency>
    <groupId>org.apache.httpcomponents</groupId>
    <artifactId>httpclient</artifactId>
    <version>4.5.7</version>
</dependency>

<!-- https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient-win -->
<dependency>
    <groupId>org.apache.httpcomponents</groupId>
    <artifactId>httpclient-win</artifactId>
    <version>4.5.7</version>
</dependency>

Sample code

        if (!WinHttpClients.isWinAuthAvailable()) {
            log.warn("Integrated Win auth is not supported!!!");
        }

        // There is no need to provide user credentials
        // HttpClient will attempt to access current user security context through
        // Windows platform specific methods via JNI.
        try (CloseableHttpClient httpclient = WinHttpClients.createDefault()) {
            HttpGet httpget = new HttpGet(getRestUrl().toURI());

            log.debug("Executing request " + httpget.getRequestLine());

            try (CloseableHttpResponse response = httpclient.execute(httpget)) {
                int status = response   .getStatusLine()
                                        .getStatusCode();
                if (status != 200) {
                    log.error("HTTP error " + status);
                    throw new RuntimeException("Failed : HTTP error code : " + status);
                }

                Type listType = new TypeToken<HashMap<String, App>>() {
                }.getType();
                return new Gson().fromJson(new InputStreamReader(response   .getEntity()
                                                                            .getContent(),
                        "UTF-8"), listType);
            }
        }
paul
  • 13,312
  • 23
  • 81
  • 144