P4
A DESCRIPTION OF THE REQUEST :
When Windows Integrated Authentication is enabled and HTTPUrlConnection class is used to access a site that has NTLM authentication, the current logged user credentials will be used to access the site, and any credentials set with Authenticator.setDefault(..) will be ignored.
With HTTP, after getting 401 unauthorized for the first authentication, the custom Authenticator credentials will be used.
With HTTPS, only the current logged user credentials will be used.
JUSTIFICATION :
There are certain tools that need to use always the credentials provided by a Authenticator instance, and not the OS registered credentials.
Such is the case, when running Java tools on corporate environments with Windows Integrated Authentication enabled by default.
For example, a tool to access Microsoft SharePoint web services with a service account with enough permissions on the requested sites, not the current logged user (which don't have enough permissions).
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
A way to specify that Windows credentials should not be used.
ACTUAL -
There is no way to specify that Windows credentials should be ignored.
---------- BEGIN SOURCE ----------
//Sample authenticator class
class SampleAuthenticator extends Authenticator {
@Override
public PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication("domain\\user", "password".toCharArray());
}
}
//Set using:
Authenticator.setDefault(new SampleAuthenticator());
---------- END SOURCE ----------
When Windows Integrated Authentication is enabled and HTTPUrlConnection class is used to access a site that has NTLM authentication, the current logged user credentials will be used to access the site, and any credentials set with Authenticator.setDefault(..) will be ignored.
With HTTP, after getting 401 unauthorized for the first authentication, the custom Authenticator credentials will be used.
With HTTPS, only the current logged user credentials will be used.
JUSTIFICATION :
There are certain tools that need to use always the credentials provided by a Authenticator instance, and not the OS registered credentials.
Such is the case, when running Java tools on corporate environments with Windows Integrated Authentication enabled by default.
For example, a tool to access Microsoft SharePoint web services with a service account with enough permissions on the requested sites, not the current logged user (which don't have enough permissions).
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
A way to specify that Windows credentials should not be used.
ACTUAL -
There is no way to specify that Windows credentials should be ignored.
---------- BEGIN SOURCE ----------
//Sample authenticator class
class SampleAuthenticator extends Authenticator {
@Override
public PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication("domain\\user", "password".toCharArray());
}
}
//Set using:
Authenticator.setDefault(new SampleAuthenticator());
---------- END SOURCE ----------