NTLMv2 HTTP Authentication Java

Question

I'm very confused on how this is supposed to work. I've tried using something like this:

    con = (HttpURLConnection) url2.openConnection();
    con.setReadTimeout(10000);
    con.setInstanceFollowRedirects(true);
    con.setAllowUserInteraction(true);
    con.setDoOutput(true);
    con.setDoInput(true);
        Authenticator.setDefault(new MyAuthenticator());
    con.connect();


class MyAuthenticator extends Authenticator {

      protected PasswordAuthentication getPasswordAuthentication() {
        return new PasswordAuthentication("myUser", "MyPassword".toCharArray());
      }
    }

I'm getting a 401 error returned by this method so obviously I'm missing the point. According to this chart NTLMv2 should be supported in JRE 6. My confusion lies in the fact that this is running on Android. In the stack trace from the exception thrown by getOutputStream I see an Apache implementation of HttpURLConnection being referenced.

From what I have found in my research Apache is unable to include NTLMv2 protocols due to licensing issues. Is this why it does not work on android?

Either way I'd like to know how this would be done in Java, not just Android.

Answer 1

It is not implemented. Check out this issue: http://code.google.com/p/android/issues/detail?id=4962. Also consider the fact that Android is not JRE 6, it is a modified version of standard Java.