Java Security

hello.

i'm going a little crazy here. i've downloaded tool after tool and configured my java application/web server hundreds of times now.

i was asked to build a .NET web service running on a windows 2003 server machine and to only allow users to enter via Integrated windows authentication (IWA). i build the webservice and tested it with a .NET client and everything works fine. my problem now is with Java. i have 2 versions of the website one over http with no authentication (for testing) and one over http with authentication (for testing) and our target goal of https with authentication.

again i've run down hundreds of paths such as setting up kerberos on the windows server and on the client. and i have java code that can query my active directory from a kerberos ticket. i've looked into apache axis and apache axis2 and something called http client.

my java application can query the http unauthenticated so i know the soap/web service call is working. however when i try to move to the http with authentication i get 401 authorized. i setup ethereal and watched the traffic and noticed that the java client wants to use "basic authentication" from a username i hard coded into the application. since i'm trying to get IWA working i know i need either "NTLM" or "windows" authentication however i cant seem to get the client to use these.

also as i said im currently hard coding the username/password with "basic authentication" my ultimate goal would be to query the AD for the username/password or to not see it at all. .NET does this very easily (as you would expect windows to windows to work very easily) by adding one line.

proxy.Credentials = CredentialCache.DefaultCredentials;

i'm not expecting it to be this easy in java however i can't seem to get it to work at all.

if anyone could assist i would be very appreciative. even if you could just reply "yes i personnally have gotten it to work don't give up" i would appreciate that.

thanks