A DESCRIPTION OF THE PROBLEM :
An application that allows different users to call an NTLM enabled web service can only work properly if the authentication caching and transparent (silent) authentication is disabled.
To disable the NTLM cache we can already set the property "jdk.ntlm.cache" to false. This property was introduced in java 1.8.
To disable transparent authentication we could use the following code in java 1.8:
import sun.net.www.protocol.http.ntlm.NTLMAuthenticationCallback;
NTLMAuthenticationCallback.setNTLMAuthenticationCallback(new NTLMAuthenticationCallback() {
@Override
public boolean isTrustedSite(URL url) {
return false;
}
});
Of course we don't want to use internal sun classes and it is even not possible with java 9/10/11. My request is to have a new property to disable transparent NTLM authentication.
An application that allows different users to call an NTLM enabled web service can only work properly if the authentication caching and transparent (silent) authentication is disabled.
To disable the NTLM cache we can already set the property "jdk.ntlm.cache" to false. This property was introduced in java 1.8.
To disable transparent authentication we could use the following code in java 1.8:
import sun.net.www.protocol.http.ntlm.NTLMAuthenticationCallback;
NTLMAuthenticationCallback.setNTLMAuthenticationCallback(new NTLMAuthenticationCallback() {
@Override
public boolean isTrustedSite(URL url) {
return false;
}
});
Of course we don't want to use internal sun classes and it is even not possible with java 9/10/11. My request is to have a new property to disable transparent NTLM authentication.