RHEL5.5中的Java 6 HTTPURLConnection和Project Server NTLM身份验证
[英]Java 6 HTTPURLConnection and Project Server NTLM Authentication from RHEL5.5
问题描述
Currently at a loss for authenticating with a Microsoft Project Server 2007 instance running on IIS with Integrated Windows Authentication enabled from a Java 1.6(u19) client running on linux, RHEL 5.5. 
当前无法通过运行在IIS上的Microsoft Project Server 2007实例进行身份验证,而该实例具有从在Linux RHEL 5.5上运行的Java 1.6(u19)客户端启用的集成Windows身份验证。
Note: The client works on my Windows workstation. 注意:客户端可以在我的Windows工作站上工作。
I initially was trying to implement a JAX-WS call and found that I could not retrieve the WSDL due to authentication errors, specifically a 401.2, followed by a 500. So I simplified it to a Java class that: 最初,我尝试实现JAX-WS调用,发现由于身份验证错误而导致我无法检索WSDL,特别是401.2,然后是500。因此我将其简化为Java类,该类是:
- Creates an
Authenticatorand sets it as the default with a user name/password in AD that has permissions to the project server site创建一个Authenticator并将其设置为默认值,并在AD中使用对项目服务器站点具有权限的用户名/密码 - Create a
java.net.URLobject创建一个java.net.URL对象 - Create a
java.net.HttpURLConnectionand invokegetInputStream创建一个java.net.HttpURLConnection并调用getInputStream - It is at this point where a failure occurs. 正是在这里发生故障。
With HttpURLConnection debugging turned on I can see: 启用HttpURLConnection调试后,我可以看到:
- the initial authentication failure (401.2) returned from the server with "negotiate" and "NTLM" included in the response. 服务器返回的初始身份验证失败(401.2),响应中包含“ negotiate”和“ NTLM”。
- the client creating an NTLM token and sending it back to the server 客户端创建一个NTLM令牌并将其发送回服务器
- the server returning with a 500 status code 服务器返回500状态码
On the Windows server in the logs, I can see that there is no user name included in the log file only for my requestion and only a "-" which I believe means "anonymous". 在Windows服务器上的日志中,我可以看到日志文件中没有包含仅用于我的请求的用户名,并且只有一个“-”,我认为这意味着“匿名”。
My thought is that Project Server isn't liking the NTLM token that is being passed and choking. 我的想法是Project Server不喜欢正在传递和令人窒息的NTLM令牌。 Based on the many postings on this, NTLM (v1 & v2) are suppose to be supported within Java 1.6. 基于许多相关的帖子,推测Java 1.6将支持NTLM(v1和v2)。
Any help would be greatly appreciated... 任何帮助将不胜感激...
UPDATE 6/20/12: narrowed the issue down to a local security policy setting for Network security: Minimum session security for NTLM SSP based (including RPC) servers . UPDATE 6/20/12:将问题缩小为网络安全的本地安全策略设置:基于NTLM SSP(包括RPC)服务器的最低会话安全性 。 The setting that causes the Java client to fail is Require NTLMv2 security . 导致Java客户端失败的设置是Require NTLMv2 security 。 The goes against what is claimed for NTLM support with the 1.6 JDK.. 与1.6 JDK对NTLM支持的要求背道而驰。
Some references: 一些参考:
1 个解决方案
解决方案1
0 2013-10-03 23:12:20
A while back when i had this problem, i ended up using a scheme created by somebody else. 前一段时间,当我遇到这个问题时,我最终使用了其他人创建的方案。
http://devsac.blogspot.com/2010/10/supoprt-for-ntlmv2-with-apache.html http://devsac.blogspot.com/2010/10/supoprt-for-ntlmv2-with-apache.html
Worked for me when i had to get image files from and iis server with ntlm. 当我不得不使用ntlm从iis服务器获取图像文件时,为我工作。 Snippet using the code above.. 使用上面的代码的片段。
AuthPolicy.registerAuthScheme(AuthPolicy.NTLM, org.xyz.JCIFS_NTLMScheme.class);
HttpClient client = new HttpClient();
client.getState().setCredentials(AuthScope.ANY, new NTCredentials(userName, password, "", strDomain));
GetMethod get = new GetMethod(strImageFile);
get.setDoAuthentication(true);
client.executeMethod(get);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.