axis2客户端NTLM身份validation

AXIS2中的NTLM存在问题。 它以ntlm.setHost（）方法为中心。 此处的条目在NTLM交换中用作WORKSTATION，在创建AuthScope时用作远程主机。 这会创建一个Catch-22情况，其中NTLM无法使用HttpTransportProperties.Authenticator技术。 您要么获得“401未授权”，要么获得“未找到 @HOST的凭据”。

请参阅https://issues.apache.org/jira/browse/AXIS2-4595

彼得

HttpClient不支持NTLM v2因此我使用JCIFS库返回NTLM v1,2,3消息类型，如本网站所述

http://devsac.blogspot.com/2010/10/supoprt-for-ntlmv2-with-apache.html

我只是使用上面网站上的JCIFS_NTLMScheme.java文件来注册auth方案，它工作了!!!!

客户样本：

 List authSchema = new ArrayList(); AuthPolicy.registerAuthScheme(AuthPolicy.NTLM, org.tempuri.JCIFS_NTLMScheme.class); HttpTransportProperties.Authenticator auth = new HttpTransportProperties.Authenticator(); auth.setUsername(""); auth.setPassword(""); auth.setDomain(""); auth.setHost(""); auth.setPort(); List authPrefs = new ArrayList(1); authPrefs.add(AuthPolicy.NTLM); auth.setAuthSchemes(authPrefs); stub._getServiceClient().getOptions().setProperty(org.apache.axis2.transport.http.HTTPConstants.AUTHENTICATE, auth); 

根据此链接中的说明， NTLM与Axis2发布问题

Axis2仍然使用旧的HTTPClient库，似乎该版本不支持NTLM的所有版本（v1，v2）。 而且，将传输切换到HTTPClient v4.1并非易事

我放弃了Axis2并使用了CXF 。

以下链接真的让我们超越了Kerboros / NTLM问题

 http://download.oracle.com/javase/6/docs/technotes/guides/net/http-auth.html 

JCIFS的替代方法是在自定义Apache Commons HTTP AuthScheme中使用Apache HTTPComponents 4 NTLMScheme（ 适用于新NTLM ）：

 public class BackportedNTLMScheme extends org.apache.http.impl.auth.NTLMScheme implements org.apache.commons.httpclient.auth.AuthScheme { @Override public String authenticate(final Credentials credentials, final HttpMethod method) throws AuthenticationException { org.apache.commons.httpclient.NTCredentials oldCredentials; try { oldCredentials = (org.apache.commons.httpclient.NTCredentials) credentials; } catch (final ClassCastException e) { throw new InvalidCredentialsException( "Credentials cannot be used for NTLM authentication: " + credentials.getClass().getName()); } final org.apache.http.auth.Credentials adaptedCredentials = new NTCredentials(oldCredentials.getUserName(), oldCredentials.getPassword(), oldCredentials.getHost(), oldCredentials.getDomain()); try { final Header header = super.authenticate(adaptedCredentials, null); return header.getValue(); } catch (final org.apache.http.auth.AuthenticationException e) { throw new AuthenticationException("AuthenticationException", e); } } @Override public void processChallenge(final String challenge) throws MalformedChallengeException { final String s = AuthChallengeParser.extractScheme(challenge); if (!s.equalsIgnoreCase(getSchemeName())) { throw new MalformedChallengeException("Invalid NTLM challenge: " + challenge); } int challengeIdx = challenge.indexOf(' '); final CharArrayBuffer challengeBuffer; if(challengeIdx != -1){ challengeBuffer = new CharArrayBuffer(challenge.length()); challengeBuffer.append(challenge); } else { challengeBuffer = new CharArrayBuffer(0); challengeIdx = 0; } try { parseChallenge(challengeBuffer, challengeIdx, challengeBuffer.length()); } catch (final org.apache.http.auth.MalformedChallengeException e) { throw new MalformedChallengeException("MalformedChallengeException", e); } } @Override @Deprecated public String getID() { throw new RuntimeException("deprecated vc.bjn.catalyst.forecast.BackportedNTLMScheme.getID()"); } @Override @Deprecated public String authenticate(final Credentials credentials, final String method, final String uri) throws AuthenticationException { throw new RuntimeException("deprecated vc.bjn.catalyst.forecast.BackportedNTLMScheme.authenticate(Credentials, String, String)"); } } 

用法

 AuthPolicy.registerAuthScheme(AuthPolicy.NTLM, BackportedNTLMScheme.class); 

我在Windows Server 2008 R2上的IIS 7.5上测试了这个。