Currently at a loss for authenticating with a Microsoft Project Server 2007 instance running on IIS with Integrated Windows Authentication enabled from a Java 1.6(u19) client running on linux, RHEL 5.5.
Note: The client works on my Windows workstation.
I initially was trying to implement a JAX-WS call and found that I could not retrieve the WSDL due to authentication errors, specifically a 401.2, followed by a 500. So I simplified it to a Java class that:
- Creates an
Authenticatorand sets it as the default with a user name/password in AD that has permissions to the project server site - Create a
java.net.URLobject - Create a
java.net.HttpURLConnectionand invokegetInputStream - It is at this point where a failure occurs.
With HttpURLConnection debugging turned on I can see:
- the initial authentication failure (401.2) returned from the server with "negotiate" and "NTLM" included in the response.
- the client creating an NTLM token and sending it back to the server
- the server returning with a 500 status code
On the Windows server in the logs, I can see that there is no user name included in the log file only for my requestion and only a "-" which I believe means "anonymous".
My thought is that Project Server isn't liking the NTLM token that is being passed and choking. Based on the many postings on this, NTLM (v1 & v2) are suppose to be supported within Java 1.6.
Any help would be greatly appreciated...
UPDATE 6/20/12: narrowed the issue down to a local security policy setting for Network security: Minimum session security for NTLM SSP based (including RPC) servers. The setting that causes the Java client to fail is Require NTLMv2 security. The goes against what is claimed for NTLM support with the 1.6 JDK..
Some references:
- Java HTTP Authentication
- Blog showing Java Authenticator Impl
