同时使用SSL加密和NTLM身份验证的HttpClient 4.2.3失败 [英] HttpClient 4.2.3 using both SSL encryption and NTLM authentication fails

问题描述

我正在尝试通过Liferay 6.1 Portlet通过HTTPClient 4.2.3使用REST调用Sharepoint 2010.

I am trying to use a REST call to Sharepoint 2010 via HTTPClient 4.2.3 from a Liferay 6.1 portlet.

我已将证书导入到本地MAC的JVM cacert中，并试图将cacert加载为密钥库.

I have imported the cert into my local MAC's JVM cacerts and am trying to load the cacerts as the keystore.

我的代码是:

String opsCalendarURL1 = "https://hostname/sites/team-sites/operations/_vti_bin/owssvr.dll?";
String opsCalendarURL2 = "Cmd=Display&List={6E460908-D470-4F8A-AF76-CC279E25E0B1}&XMLDATA=TRUE";
String opsCalenderURLEncoded = opsCalendarURL1 + URLEncoder.encode( opsCalendarURL2 , "UTF8" );

System.out.println(opsCalenderURLEncoded);
DefaultHttpClient httpclient = new DefaultHttpClient();

try {
   // SSL
   KeyStore trustStore  = KeyStore.getInstance(KeyStore.getDefaultType());
   FileInputStream instream = new FileInputStream(new File("/System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/security/cacerts"));
   try {
    trustStore.load(instream, "changeit".toCharArray());
   } finally {
       try { instream.close(); } catch (Exception ignore) {}
   }

   SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);
   Scheme sch = new Scheme("https", 443, socketFactory);
   httpclient.getConnectionManager().getSchemeRegistry().register(sch);
   System.out.println("----------------------------------------");

   HttpHost targetHost = new HttpHost("hostname", 443, "https");
   httpclient.getCredentialsProvider().setCredentials(
    AuthScope.ANY,
    new NTCredentials("username", "password","machine","domain"));

   HttpGet httpget = new HttpGet(opsCalenderURLEncoded);

   System.out.println("executing request: " + httpget.getRequestLine());
   System.out.println("to target: " + targetHost);

   HttpResponse response2 = httpclient.execute(targetHost, httpget);
   HttpEntity entity = response2.getEntity();

   System.out.println("----------------------------------------");
   System.out.println(response2.getStatusLine());
   System.out.println(response2.getProtocolVersion());
   if (entity != null) {
     System.out.println("Response content length: " + entity.getContentLength());
   }
   EntityUtils.consume(entity);
  } finally {
    httpclient.getConnectionManager().shutdown();
}

我总是得到的答复是: HTTP/1.1 401未经授权

The response I always get back is: HTTP/1.1 401 Unauthorized

我在电汇日志中没有看到SSL握手，并且得到了401未经授权的响应.我尝试了具有相同结果的示例代码的各种组合.

I don't see an SSL handshake in the wire logs and get a 401 unauthorized response. I have tried various combinations of the sample codes with same results.

注意-我已经使用FireFox和CURL以编程方式完成了我要在此处进行的操作，并且效果很好.因此，服务器似乎已正确设置. CURL详细日志显示SSL握手首先发生，而NTLM成功执行下一步.

Note - that I've used FireFox and CURL to do the same thing I'm trying to do here programmatically, and it works fine. So the server appears to be set up correctly. The CURL verbose log show the SSL handshake happening first and the NTLM succeeds as the next step.

如果需要，我可以附上电线日志.

I can attach the wire logs if needed.

非常感谢您的时间！

我非常感谢您的帮助和指点.

I appreciate any help and pointers.

推荐答案

问题似乎与使用NTLM v2和Windows 2008 R2的IIS 7.5和HTTPClient有关.

The issue seems to be with IIS 7.5 and HTTPClient using NTLM v2 and Windows 2008 R2.

我切换到Java HTTPURLConnection，它运行良好.

I switched to Java HTTPURLConnection and it works pretty well.

在此处发布具有相同代码的其他问题的详细信息

这篇关于同时使用SSL加密和NTLM身份验证的HttpClient 4.2.3失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！