NTLM Authentication in a Web Application (java)

Question

I am using following filter to enable NTLM Authentication, in my web-application.

I get the windows browser authentication prompt. It is working fine. Except for th

Answer 1

You're receiving the Type 3 message, but you're not doing anything with it except printing out the details. You need to validate the client's response at this point and either send a 200 (if authorized) or a 401 (if not.)

However the Type 1 message you delivered is made up of static bytes and - while it will induce a client to send back a response - is mostly meaningless. It's not impossible to implement a complete NTLM authentication stack yourself, but the code you have will simply not work.

You could investigate an NTLM Solution for Java, or (assuming you're on Windows) you could call the necessary authentication functions like AcceptSecurityContext with JNI.