我尝试连接到部署在Windows Server上的应用程序。 我使用NTLM。我使用的是Ubuntu和Java8。NTLM身份验证适用于curl,但不适用于Java
我得到HTTP 401
的代码,但只有当我尝试从我的Java应用程序连接 。完全相同的 认证细节卷曲请求工作正常,我越来越HTTP 200
:
curl -v -L --ntlm -u 'myuser\mydomain:mypass' 'http://myip/api/element/151
这是我的Java代码 (我简化了一点,包括唯一的问题相关的东西):
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.Invocation;
import javax.ws.rs.client.WebTarget;
...
import org.apache.http.auth.NTCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.glassfish.jersey.apache.connector.ApacheClientProperties;
import org.glassfish.jersey.apache.connector.ApacheConnectorProvider;
...
import org.glassfish.jersey.client.ClientConfig;
import org.glassfish.jersey.client.ClientProperties;
import org.glassfish.jersey.client.RequestEntityProcessing;
...
class MyConnector {
private final Client client;
...
protected ClientConfig prepareClientConfig() {
ClientConfig config = new ClientConfig();
config.property(ClientProperties.SUPPRESS_HTTP_COMPLIANCE_VALIDATION, true);
config.property(ClientProperties.FOLLOW_REDIRECTS, true);
config.property(ClientProperties.REQUEST_ENTITY_PROCESSING, RequestEntityProcessing.BUFFERED);
CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY, new NTCredentials("myuser", "mypassword",
"mydomain", "mydomain"));
config.property(ApacheClientProperties.CREDENTIALS_PROVIDER, credentialsProvider);
config.connectorProvider(new ApacheConnectorProvider());
return config;
}
...
MyConnector(...) {
...
client = ClientBuilder.newClient(prepareClientConfig());
}
protected String getDocString(...) throws MyException {
WebTarget target = client.target("http://myipi/api").path("element/151");
Invocation.Builder temp = target.request();
Response response = target.request().get();
if (response.getStatus() == Status.OK.getStatusCode()) {
String docString = response.readEntity(String.class);
return docString;
}
throw new MyException("Couldn't obtain doc. HTTP error code: " + response.getStatus());
}
...
}
需要5-15(!)分钟来调用getDocString
函数。 我也相信应用程序吃了非常大量的RAM,但是没有其他函数同时运行(程序没有并行化)。 然后我得到HTTP 401
的代码。
我有一些情况下,当我的Java应用程序工作。这个故事是:
- 我的应用程序的工作没有NTLM
- 我的同事加入NTLM到他们的应用程序,我调整了代码,我的应用程序有
401
,我卷曲的请求得到了401
- 我从
Ubuntu 14 LTS
升级为Ubuntu 16.0.2 LTS
,我的应用程序有200
,卷曲得到200
- 我给出了我成立了一个新的服务器上安装工作的服务器(我没有任何更多)
- ,再次210,我的应用程序有
401
,卷曲得到200
- 我升级到
Ubuntu 17.04
(非LTS),我的应用程序有200
一次,但我不能 重现它,现在一模一样的请求获得了401
,卷曲得到200
我知道这个问题的: How to send NTLM authenticated post request using jersey? 我使用的代码,它让我的应用程序与服务器升级(点3.
)结合工作。 但我不知道如何使它再次工作。
我用mitmproxy调试要求,输出像这样 (我模糊了Authorization
/WWW-Authenticate
字段):
Proxy server listening at http://0.0.0.0:8080
127.0.0.1:39622: clientconnect
127.0.0.1:39622: request
-> Request(GET /api/element/151)
127.0.0.1:39622: serverconnect
-> myip:80
127.0.0.1:39622: response
-> Response(401 Unauthorized, text/html, 1.26k)
127.0.0.1:39622: GET http://myip/api/element/151
User-Agent: Jersey/2.26-b03 (Apache HttpClient 4.5.3)
Host: myip
Connection: Keep-Alive
Accept-Encoding: gzip,deflate
<< 401 Unauthorized 1.26k
Content-Type: text/html
Server: Microsoft-IIS/8.5
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Mon, 29 May 2017 13:38:36 GMT
Content-Length: 1293
127.0.0.1:39622: request
-> Request(GET /api/element/151)
127.0.0.1:39622: response
-> Response(401 Unauthorized, text/html; charset=us-ascii, 341b)
127.0.0.1:39622: GET http://myip/api/element/151
User-Agent: Jersey/2.26-b03 (Apache HttpClient 4.5.3)
Host: myip
Connection: Keep-Alive
Accept-Encoding: gzip,deflate
Authorization: NTLM TlRAAA==
<< 401 Unauthorized 341b
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
WWW-Authenticate: NTLM TlRAAABBBBBBAAA==
Date: Mon, 29 May 2017 13:38:36 GMT
Content-Length: 341
127.0.0.1:39622: request
-> Request(GET /api/element/151)
127.0.0.1:39622: server communication error: TcpDisconnect('[Errno 104] Connection reset by peer',)
127.0.0.1:39622: serverdisconnect
-> myip:80
127.0.0.1:39622: serverconnect
-> myip:80
127.0.0.1:39622: response
-> Response(401 Unauthorized, text/html, 1.26k)
127.0.0.1:39622: GET http://myip/api/element/151
User-Agent: Jersey/2.26-b03 (Apache HttpClient 4.5.3)
Host: myip
Connection: Keep-Alive
Accept-Encoding: gzip,deflate
Authorization: NTLM TlRAAABBBDDDAAA==
<< 401 Unauthorized 1.26k
Content-Type: text/html
Server: Microsoft-IIS/8.5
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Mon, 29 May 2017 13:44:35 GMT
Content-Length: 1293
127.0.0.1:39622: serverdisconnect
-> myip:80
127.0.0.1:39622: clientdisconnect
我将有这方面的言论非常感谢。
更新:我也试过Debian8和Debian9。结果是一样的。我得到401
广告Debian8,更新到Debian9,得到200
一次,然后连续401
(为完全相同的请求)。