Tuesday, May 26, 2015

Httpclient Authentication Helper

httpclientAuthHelper is a library that I wrote that helps authenticate Httpclient 3 with services that use NTLM, KERBEROS and SSL authentication.
The design goal is to be as simple as possible to use. The library uses default configurations that apply to 99% of the use cases, so that the developer wont have to concern himself with the details of his chosen authentication mechanism.
The project has 3 parts:


  • support NTLM v1 and NTLMv2 (httpclient3.x does not support NTLMv2 and supports NTLMv1 only with the JCFIS package )
  • support KERBEROS without the need for any external configuration files (login.conf , krb.ini )
  • support basic authenticaion
  • route request through a proxy


support SSL in 3 modes-
  • trust all certificates (only for testing),
  • trust JDK truststore (cacerts),
  • trust your own custom truststore


various tools
  • logging for security
  • adding cryptography providers
  • use browser user agent
  • handle gzipped response and more ...

How to use?

        Example A: connect to a service that requires NTLMv2 auth and has an expired self signed certificate
        DefaultHttpClient httpclient = new DefaultHttpClient();
        CredentialsUtils.setNTLMCredentials(client, new UsernamePasswordCredentials("xxx", "xxx"), "mydomain");

        Example B: Connect to a service  that requires KERBEROS auth
        , has a certificate that is trusted by the JDK trust store and accepts only browser user agents.
        Also, log the kerberos handshake
        DefaultHttpClient httpclient = new DefaultHttpClient();
        CredentialsUtils.setKerberosCredentials(client, new UsernamePasswordCredentials("xxx", "xxx"), "domain", "kdc");


support httpclient 4
open for suggestions

No comments:

Post a Comment