我创建了一个Java应用程序来连接IIS 7(Windows Server 2008 R2)中托管的ASP.Net Asmx Web服务。托管站点配置为身份验证类型的Windows身份验证和提供程序为negotiate和ntlm
在Java Code中我使用Authenticator Class来设置用户名和密码。如果我输入错误密码,此代码将连接到Web服务事件。我检查了IIS日志,它实际上使用当前登录的用户来连接Web服务。
我在调用getPasswordAuthentication()函数后尝试调试Java代码java代码使用krb5身份验证方法验证用户名和密码。此时会抛出异常
“无法找到Kerberos领域”
但是这个异常是在java api处理的,我从Web服务获得响应
如果提供的凭据错误,我们的要求是将Web服务与提供的凭据连接。它应该返回未经授权的访问代码。
以下是我的java代码。
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.Authenticator;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import org.apache.commons.codec.binary.Base64;
public class ConnectToUrlUsingBasicAuthentication {
public static void main(String[] args) {
try {
String webPage = "http://servername/webservice/ABC.asmx/GetStudentReport";
String name = "domain.lab\\sachin";
String password = "Password123";
//NtlmHandler handler = new NtlmHandler();
Authenticator.setDefault(new NtlmAuthenticator(name, password));
String authString = name + ":" + password;
System.out.println("auth string: " + authString);
byte[] authEncBytes = Base64.encodeBase64(authString.getBytes());
String authStringEnc = new String(authEncBytes);
System.out.println("Base64 encoded auth string: " + authStringEnc);
URL url = new URL(webPage);
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
//conn.setRequestProperty("Authorization", "Basic " +authStringEnc );
conn.connect();
System.out.println("Response Code: " + conn.getResponseCode() );
URLConnection urlConnection = url.openConnection();
urlConnection.setRequestProperty("Authorization", "Basic " + authStringEnc);
InputStream is = urlConnection.getInputStream();
InputStreamReader isr = new InputStreamReader(is);
int numCharsRead;
char[] charArray = new char[1024];
StringBuffer sb = new StringBuffer();
while ((numCharsRead = isr.read(charArray)) > 0) {
sb.append(charArray, 0, numCharsRead);
}
String result = sb.toString();
System.out.println("*** BEGIN ***");
System.out.println(result);
System.out.println("*** END ***");
} catch (MalformedURLException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
}
以下是NtlmAuthenticator Class
import java.net.Authenticator;
import java.net.PasswordAuthentication;
public class NtlmAuthenticator extends Authenticator {
private final String username;
private final char[] password;
public NtlmAuthenticator(final String username, final String password) {
super();
this.username = new String(username);
this.password = password.toCharArray();
}
@Override
public PasswordAuthentication getPasswordAuthentication() {
System.out.println("Scheme:" + getRequestingScheme() );
System.out.println("Host:" + getRequestingHost() );
PasswordAuthentication pa = new PasswordAuthentication(username, password);
System.out.println("UserName:" + pa.getUserName() );
System.out.println("Password:" + pa.getPassword().toString() );
return pa;
}
}
请提前提出建议。
答案 0 :(得分:0)
如果您在Windows上运行客户端,则此行为符合指定。身份验证过程将首先尝试使用登录用户的凭据。
这是在http://docs.oracle.com/javase/6/docs/technotes/guides/net/http-auth.html中的NTLM部分下指定的:'在Microsoft Windows平台上,NTLM身份验证尝试从系统获取用户凭据,而不提示用户的身份验证器对象'。