使用HTTP客户端的Kerberos连接 [英] Kerberos connection using HTTP Client
问题描述
我正在使用Kerberos身份验证编写HTTP连接。我有HTTP / 1.1 401 Unauthorized。你能告诉我应该检查什么吗?我认为有一些想法,但我没有看到它。
I'm writing HTTP connection with Kerberos authentication. I have "HTTP/1.1 401 Unauthorized". Could you recommend me what I should check? I think there's somethink trick, but I don't see it.
可能我应该用Negotiate设置标题WWW-Authenticate?
May be I should set header "WWW-Authenticate" with "Negotiate"?
非常感谢您提供任何帮助和想法。
Thank a lot in advanced for any help and ideas.
public class ClientKerberosAuthentication {
public static void main(String[] args) throws Exception {
System.setProperty("java.security.auth.login.config", "login.conf");
System.setProperty("java.security.krb5.conf", "krb5.conf");
System.setProperty("sun.security.krb5.debug", "true");
System.setProperty("javax.security.auth.useSubjectCredsOnly","false");
DefaultHttpClient httpclient = new DefaultHttpClient();
try {
NegotiateSchemeFactory nsf = new NegotiateSchemeFactory();
httpclient.getAuthSchemes().register(AuthPolicy.SPNEGO, nsf);
List<String> authpref = new ArrayList<String>();
authpref.add(AuthPolicy.BASIC);
authpref.add(AuthPolicy.SPNEGO);
httpclient.getParams().setParameter(AuthPNames.PROXY_AUTH_PREF, authpref);
httpclient.getCredentialsProvider().setCredentials(
new AuthScope(null, -1, AuthScope.ANY_REALM, AuthPolicy.SPNEGO),
new UsernamePasswordCredentials("myuser", "mypass"));
System.out.println("----------------------------------------");
HttpUriRequest request = new HttpGet("http://localhost:8084/web-app/webdav/213/_test.docx");
HttpResponse response = httpclient.execute(request);
HttpEntity entity = response.getEntity();
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
System.out.println("----------------------------------------");
if (entity != null) {
System.out.println(EntityUtils.toString(entity));
}
System.out.println("----------------------------------------");
// This ensures the connection gets released back to the manager
EntityUtils.consume(entity);
} finally {
httpclient.getConnectionManager().shutdown();
}
}
}
推荐答案
SPNEGO将无效,因为您使用 localhost
作为URL主机名。
SPNEGO will not work because you use localhost
as URL hostname.
您的服务器配置为在ActiveDirectory服务帐户上注册的以 HTTP /
开头的SPN(或至少一个)的集合。感谢 setspn -l yourServiceAccount
,您可以从AD查询它们。
Your server is configured for a set of SPNs (or at least one) beginning with HTTP/
registered on the ActiveDirectory service account. You can query them from AD thanks to setspn -l yourServiceAccount
.
您的网址必须使用已知的有效服务器主机名作为ActiveDirectory中的SPN,以便Apache Http客户端可以协商此服务的TGS并将其发送到您的服务器。
Your URL must use an effective server hostname known as SPN in ActiveDirectory so that Apache Http Client can negotiate a TGS for this service and send it to your server.
这篇关于使用HTTP客户端的Kerberos连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!