I have trouble adding NTLM authentication to my existing application that uses Jersey and Apache HttpClient. I was only able to authenticate using JCIFS, the default NTLM authentication from HttpClient does not work (I get 401).

The example from Apache HttpClient page shows how to use CloseableHttpClient: https://hc.apache.org/httpcomponents-client-4.5.x/ntlm.html

Registry<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create()
    .register(AuthSchemes.NTLM, new JCIFSNTLMSchemeFactory())
    .register(AuthSchemes.BASIC, new BasicSchemeFactory())
    .register(AuthSchemes.DIGEST, new DigestSchemeFactory())
    .register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory())
    .register(AuthSchemes.KERBEROS, new KerberosSchemeFactory())
    .build();
CloseableHttpClient httpClient = HttpClients.custom()
    .setDefaultAuthSchemeRegistry(authSchemeRegistry)
    .build();

But with CloseableHttpClient I cannot use methods like target:

WebTarget target = client.target(this.my Address).path(elementPath)
            .resolveTemplate(P_ID, myId);

There is only execute.

I'm not sure if I should rewrite my whole application and use only basic HttpClient calls like:

HttpGet httpGet = new HttpGet(repositoryAddress + "/" + "element/70032_1498404600000(,,arm)");
CloseableHttpResponse response = httpClient.execute(httpGet);

or there is some other way to set AuthSchemes in javax.ws.rs.client.Client, which can be used in Jersey?

I faced similar issues and my approach was below :

1) If you are using ApacheConnectorProvider as Connector you can Override ApacheConnector code (found here https://github.com/jersey/jersey/tree/master/connectors/apache-connector/src/main/java/org/glassfish/jersey/apache/connector). In my case I had to create custom ConnectorProvider and Connector.

2) Create a custom property or use HttpClientContext.AUTHSCHEME_REGISTRY and put it in the ClientConfig ( This is how we set properties for client in Jersey Client).

3) The Custom connector gets called when you call builder.get( or post or any other method). In the custom connector you can check for the property set in the above step. If it is set, you can set the DefaultAuthSchemeRegistry just like it is specified for ClosableHttpClient(ApacheConnector uses ClosableHttpClient in its implementation).

This may be kind of a hack but works fine for me. Hope this helps :)