2
我试图通过使用Apache HttpClient 4.3为Windows集成身份验证(SPNEGO)配置的运行IIS的Windows服务器进行身份验证。我的代码看起来非常类似于我能够在网上找到的示例代码,但是当我运行它时,我始终得到一个HTTP 401返回。我在结果上运行了Wireshark,没有看到将SPNEGO令牌传递给服务器。通过HttpClient进行SPNEGO身份验证
我可以通过网页浏览器打开受保护的资源,在这种情况下,我确实看到了SPNEGO令牌。但是,当我运行我的代码时,行为是不同的。这是有问题的代码:
public static void main(String[] args) {
System.setProperty("java.security.krb5.conf",
"c:\\develop\\XYZ\\KerberosTest\\conf\\krb5.conf");
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
System.setProperty("java.security.auth.login.config",
"c:\\develop\\XYZ\\KerberosTest\\conf\\login.conf");
Credentials jaasCredentials = new Credentials() {
public String getPassword() {
return null;
}
public Principal getUserPrincipal() {
return null;
}
};
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(new AuthScope(null, -1, null),
jaasCredentials);
Registry<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder
.<AuthSchemeProvider> create().register(AuthSchemes.SPNEGO,
new SPNegoSchemeFactory()).build();
CloseableHttpClient httpclient = HttpClients.custom()
.setDefaultAuthSchemeRegistry(authSchemeRegistry)
.setDefaultCredentialsProvider(credsProvider).build();
try {
HttpGet httpget = new HttpGet(ENDPOINT);
RequestLine requestLine = httpget.getRequestLine();
CloseableHttpResponse response = httpclient.execute(httpget);
try {
StatusLine status = response.getStatusLine();
HttpEntity entity = response.getEntity();
if (entity != null) {
}
EntityUtils.consume(entity);
} finally {
response.close();
}
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} finally {
try {
httpclient.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
我相信我已经正确配置我的krb5.conf文件,我的login.conf的文件直接从Apache HttpClient的资料为准。正如文档中提到的那样,我也做了相应的注册表项更改。
任何想法是什么可能导致这种情况或如何我可以进行故障排除?我缺少一个步骤或一行吗?
与sun jdk相比,ibm jdk具有不同的jaas参数。你确定你使用的是正确的吗? IBM JDK没有被窃听,我有HTTP客户端来处理它。 –