NTLM (Windows Authentication)

[BillyKrow]

We have a need to authenticate a user in a servlet using NTLM security then forward the user on to the secure site running on IIS to bypassing the IIS log in. Using the java.net.Authenticator class, I can get the below to load the requested page, but since no authentication data is stored to the session, any subsequent requests to the site will require you to log in again. I'm guessing I need to set the authentication header in the response but not sure how to do that.

Authenticator.setDefault(new MyAuthenticator());

URL url = new URL("

http://www.iisapp.com");

InputStream ins = url.openConnection().getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(ins));
String str;
PrintWriter out = response.getWriter();
while((str = reader.readLine()) != null) {
out.println(str);
}

out.flush();
out.close();

 

[prosper]

http://www.angelfire.com/nj4/najmi/ntlmhttpauth.htm

 

[BillyKrow]

The problem with any of these implementations including this one is none of them seem to set the authentication credentials in the response/session. So they all work to load a single page but subsequent calls from that page do not work.

Basically I'm authenticating an IIS application from a WebSphere server on different domains and I simply want to authenticate and foward the request to the IIS server bypassing the log in.