Apache HttpClient 4.1.1 NTLM 身份验证不是 SPNEGO

Question

这里的问题是在客户端使用 Apache HttpClient 时使用具有 NTLM 身份验证的 Web 资源。我遇到的问题是强制客户端使用 NTLM 身份验证。这是一个代码示例。

DefaultHttpClient httpclient = new DefaultHttpClient();
httpclient.getAuthSchemes().register("ntlm",new NTLMSchemeFactory());
NTCredentials creds = new NTCredentials("_myUSer_","_myPass_","_myWorkstation_","_myDomain_");
httpclient.getCredentialsProvider().setCredentials( new AuthScope("serverName",80), creds);
List<String> authpref = new ArrayList<String>();
authpref.add(AuthPolicy.NTLM);
httpclient.getParams().setParameter(AuthPNames.PROXY_AUTH_PREF, authpref);
HttpHost target = new HttpHost("serverName", 80, "http");
HttpGet httpget = new HttpGet("webResource");
HttpContext localContext = new BasicHttpContext();
HttpResponse response = httpclient.execute(target, httpget, localContext);

这是来自 Java 的错误：

org.apache.http.client.protocol.RequestTargetAuthentication process
SEVERE: Authentication error: Invalid name provided (Mechanism level: Could not load configuration file C:\WINDOWS\krb5.ini (The system cannot find the file specified))

网络服务器响应是401。

关于为什么没有正确设置身份验证策略的任何想法？ 我在代码中遗漏了什么吗？

Answer 1

我有类似的情况，我怀疑您设置了错误的参数：AuthPNames.PROXY_AUTH_PREF。我使用 AuthPNames.TARGET_AUTH_PREF，一切似乎都正常。

Answer 2

这是我对这个问题的解决方案：“evandongen”是对的。

请注意 URIBuilder 的使用。

String username = "uid";
String pwd = "pwd";
String servername = "www.someserver.com";
String workstation = "myworkstation";
String domain = "somedomain";
String relativeurl = "/util/myservice.asmx";

String oldimagePath = "\\mypath\\image.jpg";

DefaultHttpClient httpclient = new DefaultHttpClient();

try {
    httpclient.getAuthSchemes().register("ntlm",new NTLMSchemeFactory());
    NTCredentials creds = new NTCredentials(username,pwd,workstation,domain);

        httpclient.getCredentialsProvider().setCredentials(new AuthScope(servername,80), creds);

        List authpref = new ArrayList();

        authpref.add(AuthPolicy.NTLM);

        URIBuilder builder = new URIBuilder();
        builder.setScheme("http")
            .setHost(servername)
            .setPath(relativeurl + "/DeleteImage")
            .setParameter("imagePath", oldimagePath);
        URI uri = builder.build();

        httpclient.getParams().setParameter(AuthPNames.TARGET_AUTH_PREF, authpref);
        HttpHost target = new HttpHost(servicename, 80, "http");
        HttpGet httpget = new HttpGet(uri);

        HttpContext localContext = new BasicHttpContext();

        HttpResponse response1 = httpclient.execute(target, httpget, localContext);

        BufferedReader reader = new BufferedReader(new InputStreamReader(response1.getEntity().getContent())); 

        String line = reader.readLine(); 
        while (line != null) 
        { 
            System.out.println(line);
            line = reader.readLine(); 
        } 

} catch (Exception e) {
    System.out.println("Exception:"+e.toString());
} finally {
    // End
}

Answer 3

我认为这是由于缺陷造成的，请参阅here。

Answer 4

HttpClient 对我不起作用，但下面的 sn-p 起作用了。 参考——http://docs.oracle.com/javase/7/docs/technotes/guides/net/http-auth.html

    public static String getResponse(String url, String userName, String password) throws IOException {
    Authenticator.setDefault(new Authenticator() {
      @Override
      public PasswordAuthentication getPasswordAuthentication() {
        System.out.println(getRequestingScheme() + " authentication");
        return new PasswordAuthentication(userName, password.toCharArray());
      }
    });

    URL urlRequest = new URL(url);
    HttpURLConnection conn = (HttpURLConnection) urlRequest.openConnection();
    conn.setDoOutput(true);
    conn.setDoInput(true);
    conn.setRequestMethod("GET");

    StringBuilder response = new StringBuilder();
    InputStream stream = conn.getInputStream();
    BufferedReader in = new BufferedReader(new InputStreamReader(stream));
    String str = "";
    while ((str = in.readLine()) != null) {
      response.append(str);
    }
    in.close();

    return response.toString();
  }