在Java中验证NTLMv2身份验证 [英] Verifying NTLMv2 authentication in Java
问题描述
因此,我正在尝试查找NTLMv2和Java的一个奇怪错误.看起来NTLM忽略了我在基于Java的身份验证过程中传递的任何信息,而在其他地方找到了该信息.因此,即使我提供了不正确的信息,NTLM也会在我的计算机上进行身份验证,即使提供了正确的信息,NTLM也无法在任何其他计算机上工作.端点是与之相关的MOSS 2007 Web服务API.
So I'm trying to track down a strange bug with NTLMv2 and Java. It seems like NTLM is ignoring any information I pass in during the Java based authentication, and finds the information somewhere else. Because of this, NTLM will authenticate on my machine, even if I provide the incorrect information, and won't work on any other machine even when the correct information is provided. The endpoint is the MOSS 2007 webservice API if that's relevant.
这是我用来进行身份验证的过程:
Here's the process I'm using to authenticate:
1)传递目标站点和登录信息.
1) Pass in the target site and login info.
try {
JLists list = new JLists(siteUrl, DEFAULT_SP_USERNAME,
DEFAULT_SP_PASSWORD);
list.addList(name, description, 101);
} catch (Exception e) {
e.printStackTrace();
}
2)将默认的身份验证器设置为我自己的NTLMAuthenticator,
创建服务存根并传递登录信息.
2) Set the default authenticator to my own NTLMAuthenticator,
create the service stub and pass in the login info.
public JLists(String siteURI, String username, String password)
throws Exception {
String endpointURI = siteURI + "/_vti_bin/Lists.asmx";
Authenticator.setDefault(new NtlmAuthenticator(username, password));
port = sharePointListsAuth(username, password);
BindingProvider bp = (BindingProvider) port;
bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
endpointURI);
}
private ListsSoap sharePointListsAuth(String userName, String password) throws Exception {
ListsSoap port = null;
if (userName != null && password != null) {
try {
service = new Lists();
port = service.getListsSoap();
((BindingProvider) port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, userName);
((BindingProvider) port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, password);
} catch (Exception e) {
throw new Exception("Error: " + e.toString());
}
} else {
throw new Exception("Couldn't authenticate: Invalid connection details given.");
}
return port;
}
这也是NTLMAuthenticator类的副本:
Here's a copy of the NTLMAuthenticator class as well:
import java.net.Authenticator;
import java.net.PasswordAuthentication;
class NtlmAuthenticator extends Authenticator {
private final String username;
private final char[] password;
public NtlmAuthenticator(final String username, final String password) {
super();
this.username = username;
this.password = password.toCharArray();
}
public PasswordAuthentication getPasswordAuthentication() {
return (new PasswordAuthentication (username, password));
}
}
3)拨打我的服务电话.在这部分中我确实没有任何问题,但是如果有人需要该代码,我也会将其发布.
3) Make my service call. I'm not really having any problems in this part, but if someone needs the code I'll post it as well.
我觉得Java正在以某种方式引用我的Active Directory信息,并使用该信息代替了所提供的信息,但是我不知道会在什么时候发生.
I feel like Java is somehow referencing my Active Directory information, and using that instead the information provided, but I have no idea at what point that would happen.
推荐答案
问题似乎出在Java的单点登录"功能上.由于我正在Windows计算机上尝试NTLM身份验证,因此Java具有一个硬编码值,该值默认为当前帐户的登录信息,然后仅在Java身份验证器失败时才使用Java身份验证器.
It seems like the problem is based around Java's "Single Sign-On" functionality. Because I am attempting NTLM authentication on Windows machine, Java has a hard-coded value that defaults to the login information of the current account, then uses the Java Authenticator only if that fails.
似乎没有办法不对Java源代码进行反编译并自行修改变量而绕过它,但是值得庆幸的是,对于我的应用程序,最终将不需要它.
Seems there is no way to bypass this without decompiling the Java source and modifying that variable yourself, but thankfully that wont be needed in the end case for my application.
这篇关于在Java中验证NTLMv2身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
