堆栈内存溢出
  简体   繁体   English

通过NTLM从Windows上的Java SE6客户端进行HTTP“协商”身份验证

[英]HTTP “Negotiate” authentication via NTLM from a Java SE6 client on Windows

 原文  2011-05-09 16:22:48       java/ soap/ cxf/ ntlm/ spnego

问题描述

Does anyone know if a Java 6 client running on Windows is able to authenticate via NTLM when accessing a Microsoft server that implements the SPNEGO authentication protocol? 有没有人知道在Windows上运行的Java 6客户端是否能够在访问实现SPNEGO身份验证协议的Microsoft服务器时通过NTLM进行身份验证?

My understanding is that Java 6 running on Windows has built-in support for SPNEGO, but it seems that the Java implementation does not attempt NTLM authentication in the event kerberos authentication is not possible. 我的理解是,在Windows上运行的Java 6内置了对SPNEGO的支持,但似乎Java实现在kerberos身份验证不可能的情况下不会尝试NTLM身份验证。 The Authenticator example provided in the Sun docs fails with a 401 Unauthorized error in response to the server sending WWW-Authenticate: Negotiate . Sun文档中提供的Authenticator示例在响应服务器发送WWW-Authenticate:Negotiate时发生401 Unauthorized错误失败。

Here is a description of the test environment: 以下是测试环境的说明:

Target Server: 目标服务器:

  • Windows 2008 R2 standalone server (not part of AD domain) Windows 2008 R2独立服务器(不属于AD域)
  • Microsoft SOAP service implemented using WCF 使用WCF实现的Microsoft SOAP服务
  • WCF is configured for SPNEGO authentication (kerberos and NTLM) WCF配置为SPNEGO身份验证(kerberos和NTLM)
  • WCF server cannot be reconfigured to support other auth modes :( 无法重新配置WCF服务器以支持其他身份验证模式:(

Client Machine: 客户端机器:

  • Windows 7 64-bit standalone workstation (not part of a domain) Windows 7 64位独立工作站(不属于域)
  • Java SE6 client running the Sun SPNEGO example 运行Sun SPNEGO示例的Java SE6客户端

The ultimate goal is to use Apache CXF 2.4.0 to invoke SOAP services on the WCF server. 最终目标是使用Apache CXF 2.4.0在WCF服务器上调用SOAP服务。 Before adding in the complexities of CXF and SOAP I have been trying to retrieve the WSDL from the server using a simple Java test application to work out the authentication issues. 在添加CXF和SOAP的复杂性之前,我一直在尝试使用简单的Java测试应用程序从服务器检索WSDL来解决身份验证问题。

FWIW - I can access the WCF server from IE using the local Administrator login for the Windows server. FWIW - 我可以使用Windows服务器的本地管理员登录从IE访问WCF服务器。 I have also been able to create a Delphi XE SOAP client without any special authorization configuration. 我还能够创建一个没有任何特殊授权配置的Delphi XE SOAP客户端。 The Delphi SOAP client uses WinInet under the hood. Delphi SOAP客户端使用WinInet。

1 个解决方案

解决方案1
 2 已采纳  2011-07-24 13:20:05

Java's SPNEGO is capable of Kerberos only because NTLM is a proprietary legacy MS technology. Java的SPNEGO只能使用Kerberos,因为NTLM是专有的传统MS技术。 If your target machine is not part of a domain, as it is in your case, your are out of luck. 如果您的目标计算机不属于域名,就像您的情况一样,那么您运气不好。 You should switch to DIGEST-MD5 authentication if you can. 如果可以,您应该切换到DIGEST-MD5身份验证。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我想使用java SE7中的java SE6来使用这段代码 - I want to use this piece of code using java SE6 from java SE7 如何从具有NTLM身份验证的Java客户端调用基于.Net的Web服务 - How to invoke the .Net Based webservice from a java client with NTLM authentication Apache HTTP Client 4.2.5 NTLM集成身份验证 - Apache HTTP Client 4.2.5 NTLM Integrated Authentication 最新的代码协作者说安装需要Java SE6运行时 - latest code collaborator says java SE6 runtime required for installation 使用Java SE6时读取包含特殊字符的ZipEntry - Reading ZipEntry containing special characters while using Java SE6 在服务器上部署Java SE6独立Web服务 - Deploying Java SE6 stand alone web service on a server 具有NTLM身份验证的SOAP Web服务的Java客户端 - Java client for SOAP web service with NTLM authentication 使用Apache Http Client支持的原始NTLM身份验证的Windows系统设置是什么? - What is the windows system setting to use the primitive NTLM authentication supported by Apache Http Client? Java,客户端NTLM身份验证 - Java, Client-Side NTLM Authentication Java / WebLogic应用程序中的集成Windows身份验证(NTLM)? - Integrated Windows Authentication (NTLM) in a Java/WebLogic app?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM