Question

我有一个 Linuxjava6 客户端, 该客户端将认证2010年与NTLM共享点, 然后使用 Apache Commons < code> HttpClient 发送 HTTP REST 网络服务。

我可以用NTLM(NTLM)做到这一点, 但我想用同样的REST API访问2010年共享点,

Any examples how to authenticate and send REST over HTTP with a kerberos sharepoint? (preferably using HttpClient)

p.s. I dont have access to sharepoint code, but i do have access to sharepoint admin configurations. This is roughly how I authenticate with NTLM:

HttpClient httpClient = new HttpClient(new SimpleHttpConnectionManager(true));
AuthPolicy.registerAuthScheme(AuthPolicy.NTLM, JCIFS_NTLMScheme.class);
String  localHostName = Inet4Address.getLocalHost().getHostName();
authscope = new AuthScope(uri.getHost(), AuthScope.ANY_PORT);
httpClient.getState().setCredentials(authscope,new NTCredentials(
             getUsername(),getPassword(),localHostName,getDomain()));

// after the initial ntlm auth I can call my REST service with "httpClient.executeMethod" 

int status = httpClient.executeMethod(new GetMethod(accessURI + "/sitecollection/info"));

Answer 1

请确认您的环境对 Kerberos 的设置正确, 可以通过运行 rikinit 来实现。如果此失败, 您需要确保您的 krb5. ini (窗口) 或 krb5. conf (linux) 设置正确指向您的域控制器。

一旦您确认 Kerberos 功能正常, 您可以使用 HttpClient 的示例代码, 如下粘贴。

请注意,有许多问题可能导致Kerberos的失败,例如时间同步、支持加密类型、跨域森林的信任关系等,也值得确保您的客户在服务器的分离框上。

这是 HttpClient 下载中的示例代码, 您需要确保您的 JAAS 配置和 krb5. conf 或 Ini 正确!

public class ClientKerberosAuthentication {

    public static void main(String[] args) throws Exception {

        System.setProperty("java.security.auth.login.config", "login.conf");
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        System.setProperty("sun.security.krb5.debug", "true");
        System.setProperty("javax.security.auth.useSubjectCredsOnly","false");

        DefaultHttpClient httpclient = new DefaultHttpClient();
        try {
            httpclient.getAuthSchemes().register(AuthPolicy.SPNEGO, new SPNegoSchemeFactory());

            Credentials use_jaas_creds = new Credentials() {

                public String getPassword() {
                    return null;
                }

                public Principal getUserPrincipal() {
                    return null;
                }

            };

            httpclient.getCredentialsProvider().setCredentials(
                    new AuthScope(null, -1, null),
                    use_jaas_creds);

            HttpUriRequest request = new HttpGet("http://kerberoshost/");
            HttpResponse response = httpclient.execute(request);
            HttpEntity entity = response.getEntity();

            System.out.println("----------------------------------------");
            System.out.println(response.getStatusLine());
            System.out.println("----------------------------------------");
            if (entity != null) {
                System.out.println(EntityUtils.toString(entity));
            }
            System.out.println("----------------------------------------");

            // This ensures the connection gets released back to the manager
            EntityUtils.consume(entity);

        } finally {
            // When HttpClient instance is no longer needed,
            // shut down the connection manager to ensure
            // immediate deallocation of all system resources
            httpclient.getConnectionManager().shutdown();
        }
    }

}

友情链接