java-HttpClient不通过NTLM进行身份验证

Question

Trying to connect to a resource which is protected with NTLM authentication. When making a request I get a response 401 unauthenticated, but httpclient doesn't perform NTLM authentication after that.

Added Interceptor to see the communication and it doesn't even attempt to authenticate:

Request:
POST/NAV/xxxxxxxxx
Content-type: text/xml; charset=utf-8
SOAPAction:
Content-Length: 359
Host: xxx.local:7051
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.5.4 (Java/1.8.0_181)
Accept-Encoding: gzip,deflate


Response:
Unauthorized
Content-Length: 0
Server: Microsoft-HTTPAPI/2.0
WWW-Authenticate: Negotiate
Date: Wed, 26 Sep 2018 10:37:56 GMT

No requests made after that.

Any suggestions what can be wrong here?

Here is my code:

NTCredentials credentials = new NTCredentials("testuser", "pass1", null, "stt.local");
        CredentialsProvider credsProvider = new BasicCredentialsProvider();
        credsProvider.setCredentials(AuthScope.ANY, credentials);

        ArrayList<String> authPrefs = new ArrayList<String>();
        authPrefs.add(AuthSchemes.NTLM);


        RequestConfig requestConfig = RequestConfig.custom()
                .setSocketTimeout(30000)
                .setConnectTimeout(30000)
                .setTargetPreferredAuthSchemes(Arrays.asList(AuthSchemes.NTLM))
                .setProxyPreferredAuthSchemes(Arrays.asList(AuthSchemes.BASIC))
                .build();


        HttpClient client = HttpClientBuilder.
                create().
                setDefaultCredentialsProvider(credsProvider).
                setDefaultRequestConfig(requestConfig).
                addInterceptorLast(new LoggingRequestInterceptor()).
                addInterceptorLast(new LoggingResponseInterceptor()).
                build();



        HttpPost post = new HttpPost(endpoint); //Provide Request URL


        try {

            StringEntity input = new StringEntity(bodyAsString);
            input.setContentType("text/xml; charset=utf-8");
            post.setEntity(input);

            post.setHeader("Content-type", "text/xml; charset=utf-8");
            post.setHeader("SOAPAction", ""); //Provide Soap action


            org.apache.http.HttpResponse response = client.execute(post);
    }

Answer 1

The parameters to that NTCredentials constructor should have separate username and domain name.

Parameters:
userName - The user name. This should not include the domain to authenticate with. For example: "user" is correct whereas "DOMAIN\\user\u0026quot; is not.
password - The password.
workstation - The workstation the authentication request is originating from. Essentially, the computer name for this machine.
domain - The domain to authenticate within.