stackoom
  简体   繁体   中英

HttpURLConnection takes logged user instead of using provided Credentials for connecting a web service

 原文  2016-02-15 12:22:23       java/ c#/ web-services/ authentication

Question

I created a Java Application to Connect the ASP.Net Asmx Web Service hosted in IIS 7 (Windows Server 2008 R2). The hosted site is configured to Authentication Type of Windows Authentication and provider as negotiate and ntlm

In Java Code I am using Authenticator Class to set username and password. This Code connects to the web service event if i give the password wrong. I checked the IIS logs, it actually uses the current logged on user to connect web service.

I tried debugging the Java Code after calling the getPasswordAuthentication() function java code validates the username and password using krb5 authentication method. At this point this throws an exception

"Unable to locate Kerberos realm"

But this exception is handled at the java api and i am getting the response from the web service

Our requirement is to connect the web service with the provided credentials, if the provided credentials is wrong. it should return Unauthorized Access Code.

Below is my java Code. 

import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.Authenticator;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;

import org.apache.commons.codec.binary.Base64;

public class ConnectToUrlUsingBasicAuthentication {

    public static void main(String[] args) {

        try {
            String webPage = "http://servername/webservice/ABC.asmx/GetStudentReport";
            String name = "domain.lab\\sachin";
            String password = "Password123";

            //NtlmHandler handler = new NtlmHandler();

            Authenticator.setDefault(new NtlmAuthenticator(name, password));

            String authString = name + ":" + password;
            System.out.println("auth string: " + authString);
            byte[] authEncBytes = Base64.encodeBase64(authString.getBytes());
            String authStringEnc = new String(authEncBytes);
            System.out.println("Base64 encoded auth string: " + authStringEnc);

            URL url = new URL(webPage);
            HttpURLConnection conn = (HttpURLConnection) url.openConnection();
            //conn.setRequestProperty("Authorization", "Basic " +authStringEnc );
            conn.connect();

            System.out.println("Response Code: " + conn.getResponseCode() );

            URLConnection urlConnection = url.openConnection();
            urlConnection.setRequestProperty("Authorization", "Basic " + authStringEnc);
            InputStream is = urlConnection.getInputStream();
            InputStreamReader isr = new InputStreamReader(is);

            int numCharsRead;
            char[] charArray = new char[1024];
            StringBuffer sb = new StringBuffer();
            while ((numCharsRead = isr.read(charArray)) > 0) {
                sb.append(charArray, 0, numCharsRead);
            }
            String result = sb.toString();

            System.out.println("*** BEGIN ***");
            System.out.println(result);
            System.out.println("*** END ***");
        } catch (MalformedURLException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

}

Below is the NtlmAuthenticator Class 

import java.net.Authenticator;
import java.net.PasswordAuthentication;

public class NtlmAuthenticator extends Authenticator {

      private final String username;
      private final char[] password;

      public NtlmAuthenticator(final String username, final String password) {
        super();
        this.username = new String(username);
        this.password = password.toCharArray(); 
      }

      @Override
      public PasswordAuthentication getPasswordAuthentication() {
          System.out.println("Scheme:" + getRequestingScheme() );
          System.out.println("Host:" + getRequestingHost() );
         PasswordAuthentication pa = new PasswordAuthentication(username, password);
         System.out.println("UserName:" + pa.getUserName() );
         System.out.println("Password:" + pa.getPassword().toString() );
        return pa;

}
}

Please provide suggestion thanks in advance.

1 answers

solution1
 0  2017-01-13 09:23:36

If you are running your client on windows then this behavior is as specified. The authentication process will first attempt to use the logged in user's credentials.

This is specified under the NTLM section in http://docs.oracle.com/javase/6/docs/technotes/guides/net/http-auth.html : 'On Microsoft Windows platforms, NTLM authentication attempts to acquire the user credentials from the system without prompting the user's authenticator object'.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to determine the web service status using HttpURLConnection? Android 401 Error connecting to REST service using HttpURLConnection JAAS and web service authorization : get logged user android request a php web service using HttpURLConnection and submit the php form How to send a JSON Object to a web service using HttpURLConnection class in Android? How to perform authentication in a java web service using HttpURLConnection Create RESTful web service for current logged user in Spring Boot Access User Provided Service variables from PCF using .NET core Datasource creation failed using PCF User Provided Service login using android app to a web service by supplying credentials
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM