Could httpclient create Authorization header using current logged-on user automatically as java URLConnection?

Question

all:

-- updated --

The client machine and the machine running protected resource is in same domain, and the logged-on user can access the resource with its user/password.

When use httpclient to access protected web resource in intranet, we can provide NTCredentials with windows user/password and the domain name. But is there a way to get the default windows user/password and the domain name for the current logined user in this machine. So there is no need to ask user for the user's NTCredentials, we can use user's logined NTCredentials to access the protected resource.

URLConnection can access the resource successfully: when URLConnection receives unauthorized error 401 for the first request, and detect the remote server supports nltm, URLConnection will create a token and add the http header like: Authorization: NTLM TlRMTVNTUAABAAAAB7IIogwA. Then the request will succeed.

I am wondering whether we can do this using httpclient? Can httpclient add the Authorization token using logged-on user info automatically?

Thanks very much for any reply and help.

Answer 1

Oracle's implementation of HttpURLConnection makes use of native, Windows OS specific functionality through JNI in order to access current user security context. One could use the same technique with HttpClient as well, but it would make it dependent on Oracle's JRE implementation and Windows security APIs.