同时使用SSL加密和NTLM身份验证的HttpClient 4.2.3失败_Ssl_Sharepoint 2010_Httpclient_Liferay 6_Ntlm

同时使用SSL加密和NTLM身份验证的HttpClient 4.2.3失败

ssl sharepoint-2010

同时使用SSL加密和NTLM身份验证的HttpClient 4.2.3失败,ssl,sharepoint-2010,httpclient,liferay-6,ntlm,Ssl,Sharepoint 2010,Httpclient,Liferay 6,Ntlm,我正在尝试从Liferay 6.1 portlet通过HTTPClient 4.2.3使用对Sharepoint 2010的REST调用我已将证书导入本地MAC的JVM cacerts，并尝试将cacerts加载为密钥库我的代码是： String opsCalendarURL1 = "https://hostname/sites/team-sites/operations/_vti_bin/owssvr.dll?"; String opsCalendarURL2 = "Cmd=Display

我正在尝试从Liferay 6.1 portlet通过HTTPClient 4.2.3使用对Sharepoint 2010的REST调用

我已将证书导入本地MAC的JVM cacerts，并尝试将cacerts加载为密钥库

我的代码是：

String opsCalendarURL1 = "https://hostname/sites/team-sites/operations/_vti_bin/owssvr.dll?";
String opsCalendarURL2 = "Cmd=Display&List={6E460908-D470-4F8A-AF76-CC279E25E0B1}&XMLDATA=TRUE";
String opsCalenderURLEncoded = opsCalendarURL1 + URLEncoder.encode( opsCalendarURL2 , "UTF8" );

System.out.println(opsCalenderURLEncoded);
DefaultHttpClient httpclient = new DefaultHttpClient();

try {
   // SSL
   KeyStore trustStore  = KeyStore.getInstance(KeyStore.getDefaultType());
   FileInputStream instream = new FileInputStream(new File("/System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/security/cacerts"));
   try {
    trustStore.load(instream, "changeit".toCharArray());
   } finally {
       try { instream.close(); } catch (Exception ignore) {}
   }

   SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);
   Scheme sch = new Scheme("https", 443, socketFactory);
   httpclient.getConnectionManager().getSchemeRegistry().register(sch);
   System.out.println("----------------------------------------");

   HttpHost targetHost = new HttpHost("hostname", 443, "https");
   httpclient.getCredentialsProvider().setCredentials(
    AuthScope.ANY,
    new NTCredentials("username", "password","machine","domain"));

   HttpGet httpget = new HttpGet(opsCalenderURLEncoded);

   System.out.println("executing request: " + httpget.getRequestLine());
   System.out.println("to target: " + targetHost);

   HttpResponse response2 = httpclient.execute(targetHost, httpget);
   HttpEntity entity = response2.getEntity();

   System.out.println("----------------------------------------");
   System.out.println(response2.getStatusLine());
   System.out.println(response2.getProtocolVersion());
   if (entity != null) {
     System.out.println("Response content length: " + entity.getContentLength());
   }
   EntityUtils.consume(entity);
  } finally {
    httpclient.getConnectionManager().shutdown();
}

我经常得到的答复是： HTTP/1.1 401未经授权

我在wire日志中没有看到SSL握手，也没有收到401未经授权的响应。我尝试过各种组合的示例代码，结果都是一样的

请注意，我已经使用FireFox和CURL以编程的方式完成了我在这里尝试做的同样的事情，而且效果很好。因此，服务器似乎设置正确。CURL详细日志显示SSL握手首先发生，NTLM作为下一步成功

如果需要，我可以附上电线日志

非常感谢您抽出时间

非常感谢您的帮助和指点。

问题似乎出在使用NTLM v2和Windows 2008 R2的IIS 7.5和HTTPClient上

我切换到JavaHttpUrlConnection，它运行得非常好

您是否尝试过使用VM参数运行客户端-Djavax.net.debug=all@helios-谢谢你的建议！是的，我刚刚试过，我看到加密发生了。查看连线日志，我看到以下“2013/02/15 13:46:48:224 GMT[DEBUG]DefaultHttpClient-已处理授权质询2013/02/15 13:46:48:224 GMT[DEBUG]DefaultHttpClient-身份验证失败”>尝试更新HttpClient[在此处输入链接说明][1]：