Java:通过NTLM代理的HTTP(S)/ WebServices连接 [英] Java : HTTP(S)/WebServices connections through NTLM proxy
问题描述
我们在客户(java应用程序,而不是applet)中部署了一个Java客户端应用程序。
此应用程序检查与url.openConnection()的连接,并通过互联网调用Web服务(使用CXF / JAX-WS)。
We have a java client side application deployed in our customer (a java application, not an applet). This application checks connectivity with an url.openConnection() and calls web services (with CXF/JAX-WS) through internet.
我们的一些客户网络使用代理来访问外部世界。
客户端应用程序在java系统属性中设置代理参数:
Some of our customer network use proxies to access to the external world. The client side application sets the proxy parameter in java system properties :
System.setProperty("proxySet", "true"); //Obsolete ?
System.setProperty("http.keepAlive", "false");
System.setProperty("java.net.useSystemProxies", "false");
System.setProperty("https.proxyHost", httpsProxyHost);
System.setProperty("https.proxyPort", httpsProxyPort);
System.setProperty("https.proxyUser", httpsProxyUser);
System.setProperty("https.proxyPassword", httpsProxyPassword);
System.setProperty("http.proxyHost", httpProxyHost);
System.setProperty("http.proxyPort", httpProxyPort);
System.setProperty("http.proxyUser", httpProxyUser);
System.setProperty("http.proxyPassword", httpProxyPassword);
Authenticator.setDefault(new NtlmAuthenticator(httpsProxyUser, httpsProxyPassword));
NtlmAuthenticator类:
The NtlmAuthenticator class :
public class NtlmAuthenticator extends Authenticator {
private final String username;
private final char[] password;
public NtlmAuthenticator(final String username, final String password) {
super();
this.username = username;
this.password = password.toCharArray();
}
public PasswordAuthentication getPasswordAuthentication() {
return (new PasswordAuthentication (username, password));
}
}
我们使用的是Java 6(客户端应用程序嵌入了JRE 1.6.0_39),应用程序部署在Windows(XP / Seven)上。我读到自Windows平台上的1.4.2以来支持NTLM协议。
所以我们使用Trend代理进行测试并成功执行NTLM代理身份验证(我们看到3个包使用Wireshark NTLMSSP_NEGOCIATE(来自app)/ NTLMSSP_CHALLENGE(来自代理)/ NTLMSSP_AUTH(来自app))
We're using Java 6 (client side application embbed a JRE 1.6.0_39), and application is deployed on Windows (XP / Seven). I read that NTLM protocol is supported since 1.4.2 on Windows platform. So we made tests with a Trend proxy and succeed to perform NTLM proxy authentication (we see the 3 packets with Wireshark NTLMSSP_NEGOCIATE (from app) / NTLMSSP_CHALLENGE (from proxy) / NTLMSSP_AUTH (from app))
但是我们的一位客户使用Bluecoat代理,NTLM认证在NTLMSSP_CHALLENGE之后失败。使用Wireshark,我们只看到2个第一个数据包NTLMSSP_NEGOCIATE(来自app)和NTLMSSP_CHALLENGE(来自代理),NTLMSSP_AUTH永远不会被我们的应用程序发送。
在应用程序中我们捕获一个SocketException:socket已关闭
But with one of our customers, who use a Bluecoat proxy, NTLM authentication failed after NTLMSSP_CHALLENGE. With Wireshark, we only see the 2 first packets NTLMSSP_NEGOCIATE (from app) and NTLMSSP_CHALLENGE (from proxy), NTLMSSP_AUTH is never sent by our application. In the application we catch a SocketException : socket is closed
我们也尝试使用jCIFS HttpUrlNltmHandler,但身份验证也失败了(相同的诊断)。
We also try to use jCIFS HttpUrlNltmHandler, but authentication failed too (same diagnostic).
我发现这个主题与类似问题,但它没有提供任何线索。
我发现这个线程关于NTLM会话安全性
I found this thread with similar issue but it doesn't provide any clues. I found also this thread about NTLM session security
任何想法?
谢谢。
只需将http.keepalive设置为true即可找到解决方案:
系统。 setProperty(http.keepAlive, true );
Find the solution just by setting http.keepalive to true : System.setProperty("http.keepAlive", "true");
但我不知道为什么,假值,它适用于我们的趋势代理并不适用于我们客户的蓝色代理
But i don't know why, with false value, it works with our Trend proxy and doesn't work with our customer's bluecoat proxy
推荐答案
这是由于底层实施的错误。它在 Java 6 NTLM中有所描述代理身份验证和HTTPS - 有人让它工作吗?
It's due to a bug on the underlying implementation. It's described on Java 6 NTLM proxy authentication and HTTPS - has anyone got it to work?
这篇关于Java:通过NTLM代理的HTTP(S)/ WebServices连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
