从java HttpClient使用kerberos对sharepoint进行身份验证
我有一个linux\java6客户端,它将使用NTLM对sharepoint2010进行身份验证,然后使用Apache Commons从java HttpClient使用kerberos对sharepoint进行身份验证,java,authentication,rest,sharepoint-2010,kerberos,Java,Authentication,Rest,Sharepoint 2010,Kerberos,我有一个linux\java6客户端,它将使用NTLM对sharepoint2010进行身份验证,然后使用Apache CommonsHttpClient发送HTTP REST web服务 我可以使用NTLM实现这一点,但我希望使用与使用kerberos身份验证相同的REST API访问sharepoint 2010 有没有关于如何使用kerberos sharepoint通过HTTP验证和发送REST的示例? (最好使用HttpClient) p、 美国。 我没有访问sharepoint代码的
HttpClientHttpClientHttpClient httpClient = new HttpClient(new SimpleHttpConnectionManager(true));
AuthPolicy.registerAuthScheme(AuthPolicy.NTLM, JCIFS_NTLMScheme.class);
String localHostName = Inet4Address.getLocalHost().getHostName();
authscope = new AuthScope(uri.getHost(), AuthScope.ANY_PORT);
httpClient.getState().setCredentials(authscope,new NTCredentials(
getUsername(),getPassword(),localHostName,getDomain()));
// after the initial ntlm auth I can call my REST service with "httpClient.executeMethod"
int status = httpClient.executeMethod(new GetMethod(accessURI + "/sitecollection/info"));
请确认您的环境为Kerberos正确设置,这可以通过运行kinit来实现。如果失败,您需要确保您的krb5.ini(windows)或krb5.conf(linux)设置为正确指向域控制器 一旦您确认Kerberos功能正常,就可以使用下面粘贴的来自HttpClient的示例代码 请注意,有许多问题可能会导致Kerberos失败,例如时间同步、支持的加密类型、跨域林的信任关系,而且还值得确保您的客户端位于服务器的单独框中 下面是HttpClient下载中提供的示例代码,您需要确保您的JAAS配置和krb5.conf或ini是正确的
public class ClientKerberosAuthentication {
public static void main(String[] args) throws Exception {
System.setProperty("java.security.auth.login.config", "login.conf");
System.setProperty("java.security.krb5.conf", "krb5.conf");
System.setProperty("sun.security.krb5.debug", "true");
System.setProperty("javax.security.auth.useSubjectCredsOnly","false");
DefaultHttpClient httpclient = new DefaultHttpClient();
try {
httpclient.getAuthSchemes().register(AuthPolicy.SPNEGO, new SPNegoSchemeFactory());
Credentials use_jaas_creds = new Credentials() {
public String getPassword() {
return null;
}
public Principal getUserPrincipal() {
return null;
}
};
httpclient.getCredentialsProvider().setCredentials(
new AuthScope(null, -1, null),
use_jaas_creds);
HttpUriRequest request = new HttpGet("http://kerberoshost/");
HttpResponse response = httpclient.execute(request);
HttpEntity entity = response.getEntity();
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
System.out.println("----------------------------------------");
if (entity != null) {
System.out.println(EntityUtils.toString(entity));
}
System.out.println("----------------------------------------");
// This ensures the connection gets released back to the manager
EntityUtils.consume(entity);
} finally {
// When HttpClient instance is no longer needed,
// shut down the connection manager to ensure
// immediate deallocation of all system resources
httpclient.getConnectionManager().shutdown();
}
}
}
你有没有注意到它并不完全是我所需要的,我有一个现有的rest web服务api,它通过http(org.apache.commons.httpclient.httpclient)与NTLM一起工作,我需要在处理使用kerberos的sharepoint服务器时使用相同的web服务。我提到的文章的哪一部分将是一个问题,因为你需要获得票证,我不确定你打算怎么做。也许我不明白,但我想做的是将web请求发送到像httpClient这样的kerberos sharepoint服务器。executeMethod(新的GetMethod(accessURI));在本文中的身份验证之后,我是否能够运行http请求?此外,我不确定如何从我的sharepoint服务器(principal=“webserver”)中获取正确的主体/bully@EXAMPLE.COM“;)您可能想看看这个问题,因为它类似于您想要的:我没有keytab和krb5.conf,我是否也需要定义它们?这是我试图访问的sharepoint kerberos url:kinit测试是:kinit吗myspadminusername@QA.ENG.MYCOMPANY.COMmysppassword?
krb5.conflogin.config