HttpClient 4.3.6返回"警告:NEGOTIATE身份验证错误"

时间:2014-12-03 16:53:41

标签: java iis httpclient ntlm

我在Java 6中运行HttpClient 4.3.6。当我运行以下代码时,身份验证似乎成功。返回的状态代码是200.但是,我在控制台中收到以下错误消息:

警告:NEGOTIATE身份验证错误:提供的名称无效(机制级别:无法加载配置文件C:\ Windows \ krb5.ini(系统找不到指定的文件))

如何消除此警告?

CloseableHttpClient httpclient = HttpClients.createDefault();
HttpContext localContext = new BasicHttpContext();
HttpGet method = new HttpGet(url);
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(
   new AuthScope(host, 80),
   new NTCredentials(userid, password, host, login_domain));

localContext.setAttribute(HttpClientContext.CREDS_PROVIDER, credsProvider);

String filePath = null;

// Execute the method.
CloseableHttpResponse clientResponse = httpclient.execute(method, localContext);

HttpEntity entity = clientResponse.getEntity();

int statusCode = clientResponse.getStatusLine().getStatusCode();

if (statusCode != HttpStatus.SC_OK) {
   System.err.println("Method failed: " + method.getRequestLine());
}

3 个答案:

答案 0 :(得分:8)

您需要传递一组目标首选身份验证方案:

像这样创建你的httpClient:

PoolingHttpClientConnectionManager connPool = new PoolingHttpClientConnectionManager();

connPool.setMaxTotal(200);
connPool.setDefaultMaxPerRoute(200);

// Authentication
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(AuthScope.ANY, new NTCredentials(username, password, workstation, domain));


RequestConfig config = RequestConfig.custom().setTargetPreferredAuthSchemes(Arrays.asList(AuthSchemes.NTLM)).build();

CloseableHttpClient httpClient = HttpClients.custom().setConnectionManager(connPool).setDefaultRequestConfig(config).build();

HttpClientContext context = HttpClientContext.create();
context.setCredentialsProvider(credsProvider);

答案 1 :(得分:1)

是的,我相信,事实上,您的身份验证是成功的,可能只是从Kerberos回退到NTLM。我的代码与您的代码类似,在我的应用程序中,我使用Java 7中的HttpClient 4.3.5连接到SharePoint。当SharePoint配置为" Negotiate" (尝试Kerberos然后故障转移到NTLM),我将看到与您在HttpClient生成的日志记录中报告的内容类似的错误,具体来说:

Selected authentication options: [NEGOTIATE, NTLM] Executing request GET /my/personal/user2/_api/web?$select=ServerRelativeUrl HTTP/1.1 Target auth state: CHALLENGED Generating response to an authentication challenge using Negotiate scheme init XXX.XXX.XXX.XXX:80 NEGOTIATE authentication error: org.ietf.jgss.GSSException, major code: 11, minor code: 0 major string: General failure, unspecified at GSSAPI level minor string: Desired initLifetime zero or less Generating response to an authentication challenge using ntlm scheme

之后,它将通过NTLM成功进行身份验证。所以,我读错误信息说" Kerberos没有用,现在我们将使用NTLM"。只要你得到200回复​​,你就应该好好去。

答案 2 :(得分:0)

如果网站设置为Negotiate(尝试Kerbero,然后故障转移到NTLM),您确定身份验证是否成功,BASIC身份验证可能不会成功。

相关问题
最新问题