RHEL5.5中的Java 6 HTTPURLConnection和Project Server NTLM身份验证 [英] Java 6 HTTPURLConnection and Project Server NTLM Authentication from RHEL5.5

问题描述

当前无法通过运行在IIS RHEL 5.5上的Java 1.6(u19)客户端启用了集成Windows身份验证的IIS上运行的Microsoft Project Server 2007实例进行身份验证.

Currently at a loss for authenticating with a Microsoft Project Server 2007 instance running on IIS with Integrated Windows Authentication enabled from a Java 1.6(u19) client running on linux, RHEL 5.5.

注意:客户端可以在我的Windows工作站上工作.

Note: The client works on my Windows workstation.

最初，我尝试实现JAX-WS调用，结果发现由于身份验证错误(特别是401.2，然后是500)，我无法检索WSDL.因此我将其简化为Java类:

I initially was trying to implement a JAX-WS call and found that I could not retrieve the WSDL due to authentication errors, specifically a 401.2, followed by a 500. So I simplified it to a Java class that:

1. 在AD中创建一个Authenticator并将其设置为默认名称，并带有对项目服务器站点具有权限的用户名/密码
2. 创建一个java.net.URL对象
3. 创建一个java.net.HttpURLConnection并调用getInputStream
4. 此时是发生故障的地方.

1. Creates an Authenticator and sets it as the default with a user name/password in AD that has permissions to the project server site
2. Create a java.net.URL object
3. Create a java.net.HttpURLConnection and invoke getInputStream
4. It is at this point where a failure occurs.

打开HttpURLConnection调试后，我可以看到:

With HttpURLConnection debugging turned on I can see:

1. 服务器返回的初始身份验证失败(401.2)，响应中包括"negotiate"和"NTLM".
2. 客户端创建NTLM令牌并将其发送回服务器
3. 服务器返回的状态码为500

在Windows服务器上的日志中，我可以看到日志文件中没有仅用于我的请求的用户名，只有一个-"，我认为这是匿名".

On the Windows server in the logs, I can see that there is no user name included in the log file only for my requestion and only a "-" which I believe means "anonymous".

我的想法是Project Server不喜欢正在传递和令人窒息的NTLM令牌.基于此的许多帖子，假定Java 1.6将支持NTLM(v1和v2).

My thought is that Project Server isn't liking the NTLM token that is being passed and choking. Based on the many postings on this, NTLM (v1 & v2) are suppose to be supported within Java 1.6.

任何帮助将不胜感激...

Any help would be greatly appreciated...

UPDATE 6/20/12:将问题缩小为网络安全性:基于NTLM SSP(包括RPC)服务器的最低会话安全性 .导致Java客户端失败的设置是需要NTLMv2安全性.与1.6 JDK对NTLM支持的要求背道而驰.

UPDATE 6/20/12: narrowed the issue down to a local security policy setting for Network security: Minimum session security for NTLM SSP based (including RPC) servers. The setting that causes the Java client to fail is Require NTLMv2 security. The goes against what is claimed for NTLM support with the 1.6 JDK..

一些参考文献:

• Java HTTP身份验证
• 显示Java Authenticator Impl的博客

• Java HTTP Authentication
• Blog showing Java Authenticator Impl

推荐答案

前一段时间，当我遇到此问题时，最终还是使用了其他人创建的方案.

A while back when i had this problem, i ended up using a scheme created by somebody else.

http://devsac.blogspot.com/2010/10/supoprt-for-ntlmv2-with-apache.html

当我不得不使用ntlm从iis服务器获取图像文件时，为我工作. 使用上面的代码段..

Worked for me when i had to get image files from and iis server with ntlm. Snippet using the code above..

AuthPolicy.registerAuthScheme(AuthPolicy.NTLM, org.xyz.JCIFS_NTLMScheme.class);
            HttpClient client = new HttpClient();
            client.getState().setCredentials(AuthScope.ANY, new NTCredentials(userName, password, "", strDomain));
            GetMethod get = new GetMethod(strImageFile);
            get.setDoAuthentication(true);
            client.executeMethod(get);

这篇关于RHEL5.5中的Java 6 HTTPURLConnection和Project Server NTLM身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！