使用 Kerberos 身份验证从 Java 应用程序访问 SharePoint 网站

发布于 2024-07-14 04:48:32 字数 194 浏览 5 评论 0原文

我正在尝试从 Java 应用程序访问 SharePoint 网站。 SharePoint 服务器更喜欢 Kerberos 身份验证。 您能否提供一个仅实现 Kerberos 身份验证的示例?

I am trying to access a SharePoint website from a Java application. The SharePoint server prefers Kerberos authentication. Can you please provide an example for just the implementation of Kerberos authentication?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

旧故 2024-07-21 04:48:32

因此,为了帮助您扩大对答案的搜索范围,此处使用的 Kerberos 身份验证没有任何 SharePoint 特定内容。 事实上,SharePoint 并没有真正拥有自己的身份验证机制(至少假设我们在这里讨论的是 WSS 3/MOSS)。 它仅依赖于底层 ASP.NET/IIS 身份验证功能。

Sooo,如果您使用现代 JDK 运行 Java,您可能会很轻松。 请参阅有关 HTTP 身份验证机制的文档 。 那里有一些不错的代码片段。 我将复制其中之一以供参考。 确实如此,请查看链接。

import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.Authenticator;
import java.net.PasswordAuthentication;
import java.net.URL;

public class RunHttpSpnego {

    static final String kuser = "username"; // your account name
    static final String kpass = "password"; // your password for the account

    static class MyAuthenticator extends Authenticator {
        public PasswordAuthentication getPasswordAuthentication() {
            // I haven't checked getRequestingScheme() here, since for NTLM
            // and Negotiate, the usrname and password are all the same.
            System.err.println("Feeding username and password for " + getRequestingScheme());
            return (new PasswordAuthentication(kuser, kpass.toCharArray()));
        }
    }

    public static void main(String[] args) throws Exception {
        Authenticator.setDefault(new MyAuthenticator());
        URL url = new URL(args[0]);
        InputStream ins = url.openConnection().getInputStream();
        BufferedReader reader = new BufferedReader(new InputStreamReader(ins));
        String str;
        while((str = reader.readLine()) != null)
            System.out.println(str);
    }
}

So just to help you broaden your search for answers a bit, there's nothing SharePoint-specific about the Kerberos authentication used here. In fact SharePoint doesn't really have it's own authentication mechanisms (at least assuming we're talking about WSS 3/MOSS here). It just relies on the underlying ASP.NET/IIS authentication capabilities.

Sooo, if you're running your Java ausing a modern JDK, you'll probably have an easy time. See the docs on HTTP authentication mechanisms. There's some nice code snippets in there. One of which I'll reproduce for reference here. Really though, check out the link.

import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.Authenticator;
import java.net.PasswordAuthentication;
import java.net.URL;

public class RunHttpSpnego {

    static final String kuser = "username"; // your account name
    static final String kpass = "password"; // your password for the account

    static class MyAuthenticator extends Authenticator {
        public PasswordAuthentication getPasswordAuthentication() {
            // I haven't checked getRequestingScheme() here, since for NTLM
            // and Negotiate, the usrname and password are all the same.
            System.err.println("Feeding username and password for " + getRequestingScheme());
            return (new PasswordAuthentication(kuser, kpass.toCharArray()));
        }
    }

    public static void main(String[] args) throws Exception {
        Authenticator.setDefault(new MyAuthenticator());
        URL url = new URL(args[0]);
        InputStream ins = url.openConnection().getInputStream();
        BufferedReader reader = new BufferedReader(new InputStreamReader(ins));
        String str;
        while((str = reader.readLine()) != null)
            System.out.println(str);
    }
}
溇涏 2024-07-21 04:48:32

这是开源来自 Java 文档的示例< a href="http://en.wikipedia.org/wiki/SPNEGO" rel="nofollow noreferrer">SPNEGO HTTP Servlet 过滤器库

该库有一个客户端,可以连接到已打开集成 Windows 身份验证的 Web 服务器。

该项目还提供了有关如何设置 Kerberos/SPNEGO 身份验证环境的示例。

 public static void main(final String[] args) throws Exception {
     System.setProperty("java.security.krb5.conf", "krb5.conf");
     System.setProperty("sun.security.krb5.debug", "true");
     System.setProperty("java.security.auth.login.config", "login.conf");

     SpnegoHttpURLConnection spnego = null;

     try {
         spnego = new SpnegoHttpURLConnection("spnego-client", "dfelix", "myp@s5");
         spnego.connect(new URL("http://medusa:8080/index.jsp"));

         System.out.println(spnego.getResponseCode());

     } finally {
         if (null != spnego) {
             spnego.disconnect();
         }
     }
 }

Here's an example from the Java documentation of the open source SPNEGO HTTP Servlet Filter library.

The library has a client that can connect to a web server that has integrated Windows authentication turned on.

The project also has examples on how to setup your environment for Kerberos/SPNEGO authentication.

 public static void main(final String[] args) throws Exception {
     System.setProperty("java.security.krb5.conf", "krb5.conf");
     System.setProperty("sun.security.krb5.debug", "true");
     System.setProperty("java.security.auth.login.config", "login.conf");

     SpnegoHttpURLConnection spnego = null;

     try {
         spnego = new SpnegoHttpURLConnection("spnego-client", "dfelix", "myp@s5");
         spnego.connect(new URL("http://medusa:8080/index.jsp"));

         System.out.println(spnego.getResponseCode());

     } finally {
         if (null != spnego) {
             spnego.disconnect();
         }
     }
 }
许仙没带伞 2024-07-21 04:48:32

对于 Kerberos 设置,我知道有 3 个人知道有关 Kerb 的所有信息:Spence Harbar、Bob Fox 和 Tom Wisnowski。

Spence 还正在使用 Kerberos 向导来设置 Curb 并导出设置脚本。

在这里查看他的博客:
http://www.harbar.net/

Tom Wiznowski 发布了一份白皮书。
http://my/sites/tomwis/Shared%20Documents/配置%20Kerberos%20for%20SharePoint.docx

Joel Olson 在这里得到了一篇很好的文章:
http://www.sharepointjoel.com/Lists/Posts/Post。 aspx?ID=2

但是,当上述情况发生时,SharePoint 仅在公司已经使用 Curb 时才建议使用 Curb。 您不应仅仅因为 SharePoint 而在公司网络上安装 Kerberos。 Kerberos 的设置很复杂,尽管通常认为它比 NTLM 更快,但只有当站点上的同时用户数达到一定限制时,情况才会如此。 对于低流量站点,Kerberos 通过网络发送的大量令牌实际上使其比 NTLM 慢。

当然,有一些功能只能与 Kerberos 一起使用(rss feed、excel 服务中的多维数据集、由于双跳而在自定义代码中对 Web 服务调用进行身份验证),但是相信我,当我说 NTLM 会很好地运行您的应用程序时,请相信我。莫斯也。

如上所述,您能否具体说明您想要从 Java 应用程序中实现哪种集成?

您是否只是想调用 SharePoint 的 Web 服务层?


安德斯·拉斯克

For Kerberos setup, I know of 3 persons who between them knows all there is to know about Kerb: Spence Harbar, Bob Fox and Tom Wisnowski.

Spence is also brewing with a Kerberos wizard to setup Kerb and export setup scripts.

Check out his blog here:
http://www.harbar.net/

Tom Wiznowski has sent out a white paper.
http://my/sites/tomwis/Shared%20Documents/Configuring%20Kerberos%20for%20SharePoint.docx

Joel Olson got a good article here:
http://www.sharepointjoel.com/Lists/Posts/Post.aspx?ID=2

But when the above is said, SharePoint only recommends Kerb for when the company already uses this. You should not install Kerberos on your company network just because of SharePoint. Kerberos is complex to set up and even though it generally is considered faster than NTLM, this is only true when you reach a certain limit of simultanious users on your site. For a low traffic site, the huge tokens that Kerberos send across the network actually makes it slower than NTLM.

Sure there is some functionality that will only work with Kerberos (rss feed, cubes in excel services, authentication of web service calls in custom code due to double hops) but trust me when i say that NTLM will do a very good job of running your MOSS also.

When the above is said, could you please specify what kind of integration you are trying to achieve from your Java application?

Are you just trying to call the web service layers of SharePoint?

hth
Anders Rask

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文