Abh*_*til 5 java ntlm windows-authentication java-8
我有一个使用ntlm(Windows集成身份验证)进行身份验证的托管网址。我在Windows上并使用Java 1.8
URL url = new URL("someUrl");
HttpURLConnection con = (HttpURLConnection) url.openConnection();
// con.setInstanceFollowRedirects(false);
con.setRequestProperty("Content-Type", "application/json");
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
if (responseCode == HttpURLConnection.HTTP_OK) {
// read response
...
in.close();
}else{
System.out.println("Error while fetching reponse, recieved response code " + responseCode);
}
上面的代码一直工作到java 1.8.0_181,随后的更新开始失败,我已经用191和201进行了测试。如果向后移植到181,代码仍然可以工作。我也尝试使用Authenticator,但未调用它(不确定为什么)使用Java的内部日志记录,我可以在日志“ NegotiateAuthentication:java.io.IOException:协商支持未启动”中看到以下消息, 并且得到401
我期望有任何机制可以帮助java自行协商进行身份验证。
Abh*_*til 12
在Java发行说明中,没有在任何地方提及它,但是NTLM身份验证实现有所变化。我调试了Java代码并到达以下代码:在java.home / lib中,有一个net.properties文件,现在提到以下内容
#
# Transparent NTLM HTTP authentication mode on Windows. Transparent authentication
# can be used for the NTLM scheme, where the security credentials based on the
# currently logged in user's name and password can be obtained directly from the
# operating system, without prompting the user. This property has three possible
# values which regulate the behavior as shown below. Other unrecognized values
# are handled the same as 'disabled'. Note, that NTLM is not considered to be a
# strongly secure authentication scheme and care should be taken before enabling
# this mechanism.
#
# Transparent authentication never used.
#jdk.http.ntlm.transparentAuth=disabled
#
# Enabled for all hosts.
#jdk.http.ntlm.transparentAuth=allHosts
#
# Enabled for hosts that are trusted in Windows Internet settings
#jdk.http.ntlm.transparentAuth=trustedHosts
#
jdk.http.ntlm.transparentAuth=disabled
直到jdk1.8.0_181,都有一个默认的NTLM身份验证回调,该回调在NTLM身份验证过程中很有用。
要从jdk1.8.0_181开始运行上述代码,只需为Java进程设置jdk.http.ntlm.transparentAuth。
如果选择trustedHosts,请确保将URL添加到Windows受信任站点中。