使用java HttpClient中的kerberos对sharepoint进行身份验证

时间:2012-05-23 14:36:55

标签: java authentication rest sharepoint-2010 kerberos

我有一个linux \ java6客户端,它将使用NTLM对sharepoint2010进行身份验证,然后使用Apache Commons HttpClient发送HTTP REST Web服务。

我可以使用NTLM执行此操作,但我想使用相同的REST API来访问使用kerberos身份验证的sharepoint 2010。

如何使用kerberos sharepoint通过HTTP进行身份验证和发送REST的任何示例? (最好使用HttpClient

P.S。 我没有访问sharepoint代码,但我确实可以访问sharepoint管理员配置。 这大致是我对NTLM进行身份验证的方式:

HttpClient httpClient = new HttpClient(new SimpleHttpConnectionManager(true));
AuthPolicy.registerAuthScheme(AuthPolicy.NTLM, JCIFS_NTLMScheme.class);
String  localHostName = Inet4Address.getLocalHost().getHostName();
authscope = new AuthScope(uri.getHost(), AuthScope.ANY_PORT);
httpClient.getState().setCredentials(authscope,new NTCredentials(
             getUsername(),getPassword(),localHostName,getDomain()));

// after the initial ntlm auth I can call my REST service with "httpClient.executeMethod" 

int status = httpClient.executeMethod(new GetMethod(accessURI + "/sitecollection/info"));

1 个答案:

答案 0 :(得分:3)

请确认您的环境是否已正确设置为Kerberos,这可以通过运行kinit来实现。如果失败,您需要确保将krb5.ini(windows)或krb5.conf(linux)设置为正确指向域控制器。

确认Kerberos正常运行后,您可以使用HttpClient中的示例代码粘贴在下面。

请注意,有许多问题可能导致Kerberos失败,例如时间同步,支持的加密类型,跨域林的信任关系,还值得确保您的客户端位于服务器的单独框中。

以下是HttpClient下载中提供的示例代码,您需要确保您的JAAS配置和krb5.conf或ini是正确的!

public class ClientKerberosAuthentication {

    public static void main(String[] args) throws Exception {

        System.setProperty("java.security.auth.login.config", "login.conf");
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        System.setProperty("sun.security.krb5.debug", "true");
        System.setProperty("javax.security.auth.useSubjectCredsOnly","false");

        DefaultHttpClient httpclient = new DefaultHttpClient();
        try {
            httpclient.getAuthSchemes().register(AuthPolicy.SPNEGO, new SPNegoSchemeFactory());

            Credentials use_jaas_creds = new Credentials() {

                public String getPassword() {
                    return null;
                }

                public Principal getUserPrincipal() {
                    return null;
                }

            };

            httpclient.getCredentialsProvider().setCredentials(
                    new AuthScope(null, -1, null),
                    use_jaas_creds);

            HttpUriRequest request = new HttpGet("http://kerberoshost/");
            HttpResponse response = httpclient.execute(request);
            HttpEntity entity = response.getEntity();

            System.out.println("----------------------------------------");
            System.out.println(response.getStatusLine());
            System.out.println("----------------------------------------");
            if (entity != null) {
                System.out.println(EntityUtils.toString(entity));
            }
            System.out.println("----------------------------------------");

            // This ensures the connection gets released back to the manager
            EntityUtils.consume(entity);

        } finally {
            // When HttpClient instance is no longer needed,
            // shut down the connection manager to ensure
            // immediate deallocation of all system resources
            httpclient.getConnectionManager().shutdown();
        }
    }

}
相关问题
最新问题