使用SSL加密和NTLM身份验证的HttpClient 4.2.3失败

时间:2013-02-14 22:07:58

标签: ssl sharepoint-2010 httpclient liferay-6 ntlm

我正在尝试通过Liferay 6.1 portlet中的HTTPClient 4.2.3对Sharepoint 2010进行REST调用。

我已将证书导入到本地MAC的JVM cacerts中,并尝试将cacerts加载为密钥库。

我的代码是:

String opsCalendarURL1 = "https://hostname/sites/team-sites/operations/_vti_bin/owssvr.dll?";
String opsCalendarURL2 = "Cmd=Display&List={6E460908-D470-4F8A-AF76-CC279E25E0B1}&XMLDATA=TRUE";
String opsCalenderURLEncoded = opsCalendarURL1 + URLEncoder.encode( opsCalendarURL2 , "UTF8" );

System.out.println(opsCalenderURLEncoded);
DefaultHttpClient httpclient = new DefaultHttpClient();

try {
   // SSL
   KeyStore trustStore  = KeyStore.getInstance(KeyStore.getDefaultType());
   FileInputStream instream = new FileInputStream(new File("/System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/security/cacerts"));
   try {
    trustStore.load(instream, "changeit".toCharArray());
   } finally {
       try { instream.close(); } catch (Exception ignore) {}
   }

   SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);
   Scheme sch = new Scheme("https", 443, socketFactory);
   httpclient.getConnectionManager().getSchemeRegistry().register(sch);
   System.out.println("----------------------------------------");

   HttpHost targetHost = new HttpHost("hostname", 443, "https");
   httpclient.getCredentialsProvider().setCredentials(
    AuthScope.ANY,
    new NTCredentials("username", "password","machine","domain"));

   HttpGet httpget = new HttpGet(opsCalenderURLEncoded);

   System.out.println("executing request: " + httpget.getRequestLine());
   System.out.println("to target: " + targetHost);

   HttpResponse response2 = httpclient.execute(targetHost, httpget);
   HttpEntity entity = response2.getEntity();

   System.out.println("----------------------------------------");
   System.out.println(response2.getStatusLine());
   System.out.println(response2.getProtocolVersion());
   if (entity != null) {
     System.out.println("Response content length: " + entity.getContentLength());
   }
   EntityUtils.consume(entity);
  } finally {
    httpclient.getConnectionManager().shutdown();
}

我总是回复的回应是:     HTTP / 1.1 401未经授权

我没有在有线日志中看到SSL握手并获得401未经授权的响应。我尝试过各种样本代码组合,结果相同。

注意 - 我已经使用FireFox和CURL来做我在这里尝试以编程方式执行的相同操作,并且它工作正常。所以服务器似乎设置正确。 CURL详细日志显示SSL握手首先发生,NTLM成功完成下一步。

如果需要,我可以附上电线记录。

非常感谢你的时间!

我感谢任何帮助和指示。

1 个答案:

答案 0 :(得分:1)

问题似乎是使用NTLM v2和Windows 2008 R2的IIS 7.5和HTTPClient。

我切换到Java HTTPURLConnection,它运行得很好。

Post with some detail on another issue with the same code here

相关问题
最新问题