当前位置: 文江博客话题详情

我怎样才能让 jcifs 与 apache axis 很好地配合

发布于 2024-07-22 07:15:04 字数 713 浏览 3 评论 0原文

我需要将 Apache Axis 1.4 连接到使用 NTLM 身份验证来限制对其操作的访问的 Web 服务。 我期望使用 Samba Jcifs 来处理 NTLM 握手。

我发现

http://hc.apache.org/httpcomponents-client/ntlm.html< /a>

这为我提供了如何将 HttpClient 4.0 与 jcifs 连接起来的精彩指导。

问题是,Axis 希望使用 Http Client 3.0,而这两个 api 看起来非常不同。

我可以看到有两种可能性:

  1. 为 Axis 编写一个对象,让它插入 HttpClient 4。
  2. 弄清楚如何将 HttpClient 3.0 与 Samba Jcifs 连接起来。

第 1 点:看起来不平凡,但有可能 第二,我在网上找不到任何描述如何做到这一点的令人鼓舞的消息。

我的问题是:有人成功将 samba jcifs 与 HttpClient 3.0 连接吗? 是否有人已经创建了与 HttpClient 4 一起使用的 Axis HttpSender 对象?

还有其他我没有考虑过的更好的选择吗?

原文

I need to connect Apache Axis 1.4 to a Webservice that uses NTLM authentication to restrict access to its operations.
I'm expecting to use Samba Jcifs to handle the NTLM handshake.

I found

http://hc.apache.org/httpcomponents-client/ntlm.html

which gives me fantastic directions for how to wire up HttpClient 4.0 with jcifs.

Trouble is, Axis wants to use Http Client 3.0 and the two apis look very different.

There are 2 possibilities that I can see

  1. Write an object for Axis that lets it plug into HttpClient 4.
  2. Figure out how to wire HttpClient 3.0 up with Samba Jcifs.

Number 1. looks non-trivial, but possible
Number 2. I cannot find any encouraging messages on the web describing how to do this.

My question is: has anyone successfully connected samba jcifs with HttpClient 3.0 ?
Has anyone already created an Axis HttpSender object that works with HttpClient 4 ?

Is there some better alternative that I have not considered?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

梅倚清风 2024-07-29 07:15:04

终于有办法解决这个问题了。

问题

Apache Axis 使用 Apache HTTPClient,它提供了自己的 NTLM 实现。
然而这个实现是不完整的; 仅支持原始LM认证。
我需要连接的系统坚持使用更新的 NTLM 身份验证。

因此,在使用带有 NTLM 的 Apache HTTP 客户端时,我的 Web 服务无法进行身份验证。

这实际上会进入无限循环,因为 HTTPClient 将永远不会停止尝试身份验证并失败。

解决方案

jcifs 完全支持所有 3 个版本的 NTLM 握手。
我已将 org.apache.commons.httpclient.auth.NTLM 复制并粘贴到我自己的类中(它被声明为“final”以击败继承),

然后我将该方法覆盖

public String getType3Message(
        String user, String password, String host, String domain,
        byte[] nonce) throws AuthenticationException

为构造 jcifs.ntlmssp.Type3Message 的实例
并使用此对象返回已正确生成 NTML 身份验证的 Type3Message

然后我需要创建自己的 org.apache.commons.httpclient.auth.AuthScheme 实例
利用这个新的 NTLM 实现。 称呼
org.apache.commons.httpclient.auth.AuthPolicy.registerAuthScheme(AuthPolicy.NTLM, MyNewAuthScheme.class)

启动我的 WS 端点存根。

它有效!

Finally have a solution to this.

The problem

Apache Axis uses Apache HTTPClient which provides its own NTLM implementation.
However this implementation is incomplete; it only supports the primitive LM authentication.
The system I need to connect to insists upon the more recent NTLM authentication.

Therefore my Webservice was failing to authenticate when using the Apache HTTP Client with NTLM.

This actually then enters an infinite loop as the HTTPClient will never stop trying and failing to authenticate.

The solution

jcifs fully supports all 3 versions of the NTLM handshake.
I have copy-and-pasted org.apache.commons.httpclient.auth.NTLM into my own class (it is declared as 'final' in order to defeat inheritance)

I have then overwritten the method

public String getType3Message(
        String user, String password, String host, String domain,
        byte[] nonce) throws AuthenticationException

to construct an instance of jcifs.ntlmssp.Type3Message
and use this object to return a Type3Message that has the NTML authentication correctly generated.

I then needed to create my own instance of org.apache.commons.httpclient.auth.AuthScheme
to make use of this new NTLM implementation. call
org.apache.commons.httpclient.auth.AuthPolicy.registerAuthScheme(AuthPolicy.NTLM, MyNewAuthScheme.class)

start up my WS endpoint stub.

And it works !!!

回复 原文
云雾 2024-07-29 07:15:04

为了回应谢尔盖的评论......

我的解决方案中有两个课程。 像这样的授权方案


import java.io.IOException;

import jcifs.ntlmssp.Type1Message;
import jcifs.ntlmssp.Type2Message;
import jcifs.ntlmssp.Type3Message;

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.httpclient.Credentials;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.NTCredentials;
import org.apache.commons.httpclient.auth.AuthChallengeParser;
import org.apache.commons.httpclient.auth.AuthScheme;
import org.apache.commons.httpclient.auth.AuthenticationException;
import org.apache.commons.httpclient.auth.InvalidCredentialsException;
import org.apache.commons.httpclient.auth.MalformedChallengeException;
import org.apache.commons.httpclient.auth.NTLMScheme;
import org.apache.commons.httpclient.util.EncodingUtil;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/**
 * AuthScheme that delegates the work of reading and writing NTLM messages to
 * the JCIFS implementation
 * 
 * directly inspired by org.apache.commons.httpclient.auth.NTLMScheme
 * 
 *
 * This software is based upon voluntary contributions made by many
 * individuals on behalf of the Apache Software Foundation.  For more
 * information on the Apache Software Foundation, please see
 * .
 *
 */
public class JcifsNtlmScheme implements AuthScheme
{
    /** Log object for this class. */
    private static final Log LOG = LogFactory.getLog(NTLMScheme.class);

    /** NTLM challenge string. */
    private String ntlmchallenge = null;

    private static final int UNINITIATED = 0;
    private static final int INITIATED = 1;
    private static final int TYPE1_MSG_GENERATED = 2;
    private static final int TYPE2_MSG_RECEIVED = 3;
    private static final int TYPE3_MSG_GENERATED = 4;
    private static final int FAILED = Integer.MAX_VALUE;

    /** Authentication process state */
    private int state;

    /**
     * Default constructor for the NTLM authentication scheme.
     * 
     * @since 3.0
     */
    public JcifsNtlmScheme()
    {
        super();
        this.state = UNINITIATED;
    }

    /**
     * Constructor for the NTLM authentication scheme.
     * 
     * @param challenge
     *            The authentication challenge
     * 
     * @throws MalformedChallengeException
     *             is thrown if the authentication challenge is malformed
     */
    public JcifsNtlmScheme(final String challenge)
            throws MalformedChallengeException
    {
        super();
        processChallenge(challenge);
    }

    /**
     * Processes the NTLM challenge.
     * 
     * @param challenge
     *            the challenge string
     * 
     * @throws MalformedChallengeException
     *             is thrown if the authentication challenge is malformed
     * 
     * @since 3.0
     */
    public void processChallenge(final String challenge)
            throws MalformedChallengeException
    {
        String s = AuthChallengeParser.extractScheme(challenge);
        if (!s.equalsIgnoreCase(getSchemeName()))
        {
            throw new MalformedChallengeException("Invalid NTLM challenge: "
                    + challenge);
        }
        int i = challenge.indexOf(' ');
        if (i != -1)
        {
            s = challenge.substring(i, challenge.length());
            this.ntlmchallenge = s.trim();
            this.state = TYPE2_MSG_RECEIVED;
        }
        else
        {
            this.ntlmchallenge = "";
            if (this.state == UNINITIATED)
            {
                this.state = INITIATED;
            }
            else
            {
                this.state = FAILED;
            }
        }
    }

    /**
     * Tests if the NTLM authentication process has been completed.
     * 
     * @return true if Basic authorization has been processed,
     *         false otherwise.
     * 
     * @since 3.0
     */
    public boolean isComplete()
    {
        return this.state == TYPE3_MSG_GENERATED || this.state == FAILED;
    }

    /**
     * Returns textual designation of the NTLM authentication scheme.
     * 
     * @return ntlm
     */
    public String getSchemeName()
    {
        return "ntlm";
    }

    /**
     * The concept of an authentication realm is not supported by the NTLM
     * authentication scheme. Always returns null.
     * 
     * @return null
     */
    public String getRealm()
    {
        return null;
    }

    /**
     * Unsupported.
     */
    public String getID()
    {
        throw new UnsupportedOperationException();
    }

    /**
     * Returns the authentication parameter with the given name, if available.
     * 
     * 

       * NTLM 身份验证没有有效参数,因此此方法 
       * 始终返回 null。 
       *

     * 
     * @param name
     *            The name of the parameter to be returned
     * 
     * @return the parameter with the given name
     */
    public String getParameter(String name)
    {
        if (name == null)
        {
            throw new IllegalArgumentException("Parameter name may not be null");
        }
        return null;
    }

    /**
     * Returns true. NTLM authentication scheme is connection based.
     * 
     * @return true.
     * 
     * @since 3.0
     */
    public boolean isConnectionBased()
    {
        return true;
    }

    /**
     * Unsupported.
     */
    public static String authenticate(
            final NTCredentials credentials, final String challenge)
            throws AuthenticationException
    {
        throw new UnsupportedOperationException();
    }

    /**
     * Unsupported.
     */
    public static String authenticate(
            final NTCredentials credentials, final String challenge,
            String charset) throws AuthenticationException
    {
        throw new UnsupportedOperationException();
    }

    /**
     * Unsupported.
     */
    public String authenticate(
            Credentials credentials, String method, String uri)
            throws AuthenticationException
    {
        throw new UnsupportedOperationException();

    }

    /**
     * Produces NTLM authorization string for the given set of
     * {@link Credentials}.
     * 
     * @param credentials
     *            The set of credentials to be used for athentication
     * @param method
     *            The method being authenticated
     * 
     * @throws InvalidCredentialsException
     *             if authentication credentials are not valid or not applicable
     *             for this authentication scheme
     * @throws AuthenticationException
     *             if authorization string cannot be generated due to an
     *             authentication failure
     * 
     * @return an NTLM authorization string
     * 
     * @since 3.0
     */
    public String authenticate(Credentials credentials, HttpMethod method)
            throws AuthenticationException
    {
        LOG.trace("enter NTLMScheme.authenticate(Credentials, HttpMethod)");

        if (this.state == UNINITIATED)
        {
            throw new IllegalStateException(
                    "NTLM authentication process has not been initiated");
        }

        NTCredentials ntcredentials = null;
        try
        {
            ntcredentials = (NTCredentials) credentials;
        }
        catch (ClassCastException e)
        {
            throw new InvalidCredentialsException(
                    "Credentials cannot be used for NTLM authentication: "
                            + credentials.getClass().getName());
        }
        byte[] msgBytes = null;
        String response = null;
        if (this.state == INITIATED)
        {
            Type1Message msg = new Type1Message();
            // @see http://davenport.sourceforge.net/ntlm.html#theType1Message
            // dont' support Unicode
            // negotiate OEM
            // request authentication realm in Type2 response
            // not signed
            // not encrypted
            // not authenticated
            // no lan manager key
            // negotiate NTLM
            msg.setFlags(0x5206);
            msg.setSuppliedWorkstation(ntcredentials.getHost());
            msg.setSuppliedDomain(ntcredentials.getDomain());
            msgBytes = msg.toByteArray();
            this.state = TYPE1_MSG_GENERATED;
        }
        else if (this.state == TYPE2_MSG_RECEIVED)
        {
            byte[] msg2Bytes =
                    Base64.decodeBase64(EncodingUtil.getBytes(
                            this.ntlmchallenge,
                            method.getParams().getCredentialCharset()));
            try
            {
                Type2Message msg2 = new Type2Message(msg2Bytes);
                Type3Message msg3 =
                        new Type3Message(msg2, ntcredentials.getPassword(),
                                ntcredentials.getDomain(), ntcredentials
                                        .getUserName(), ntcredentials.getHost());
                msgBytes = msg3.toByteArray();
            }
            catch (IOException ex)
            {
                throw new AuthenticationException(
                        "unable to parse Type2Message", ex);
            }
            this.state = TYPE3_MSG_GENERATED;
        }
        else
        {
            throw new RuntimeException("failed to authenticate");
        }
        response = EncodingUtil.getAsciiString(Base64.encodeBase64(msgBytes));
        return "NTLM " + response;
    }
}

和一个注册授权方案的类,就像这样


import org.apache.commons.httpclient.Credentials;
import org.apache.commons.httpclient.NTCredentials;
import org.apache.commons.httpclient.auth.AuthPolicy;
import org.apache.commons.httpclient.auth.AuthScheme;
import org.apache.commons.httpclient.auth.CredentialsNotAvailableException;
import org.apache.commons.httpclient.auth.CredentialsProvider;
import org.apache.commons.httpclient.params.DefaultHttpParams;
import org.apache.commons.httpclient.params.DefaultHttpParamsFactory;
import org.apache.commons.httpclient.params.HttpParams;

/**
 * registers NTLM authentication for apache axis
 * 
 */
public class NtlmJcifsCredentials
{
    public static void register(String password)
    {
        final String username = System.getProperty("user.name");
        final String computername = System.getenv("COMPUTERNAME");
        final String userDomain = System.getenv("USERDOMAIN");
        register(username, password, computername, userDomain);
    }
    public static void register(String username, String password, String userDomain)
    {
        final String computername = System.getenv("COMPUTERNAME");
        register(username, password, computername, userDomain);
    }

    public static void register(
            String username, String password, String computername, String domain)
    {
        final NTCredentials ntCred =
                new NTCredentials(username, password, computername, domain);

        final CredentialsProvider ntlmCredProvider = new CredentialsProvider()
        {
            public Credentials getCredentials(
                    AuthScheme scheme, String host, int port, boolean proxy)
                    throws CredentialsNotAvailableException
            {
                return ntCred;
            }
        };
        final DefaultHttpParamsFactory paramFact =
                new DefaultHttpParamsFactory()
                {
                    @Override
                    protected HttpParams createParams()
                    {
                        HttpParams htp = super.createParams();
                        htp.setParameter(
                                CredentialsProvider.PROVIDER,
                                ntlmCredProvider);
                        return htp;
                    }
                };
        DefaultHttpParams.setHttpParamsFactory(paramFact);

        // we want all our jcifs encoding to be ascii
        jcifs.Config.setProperty("jcifs.encoding", "ASCII");

        // our jcifs implemented NTLM is required for MDW's authentication
        AuthPolicy.registerAuthScheme(AuthPolicy.NTLM, JcifsNtlmScheme.class);
    }
}

在运行时我调用

 NtlmJcifsCredentials.register(username, password, domain)

我构建我的端点存根,它就可以工作。
作为一个有益的副作用,如果身份验证失败,这将简单地抛出异常 - 默认 Apache Commons 类将继续尝试无限连接 - 在 NTLM 的情况下,这很容易导致您的帐户被 Windows 锁定。

In response to Sergey's comment...

I have two clases in my solution. An Authorisation Scheme like this


import java.io.IOException;

import jcifs.ntlmssp.Type1Message;
import jcifs.ntlmssp.Type2Message;
import jcifs.ntlmssp.Type3Message;

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.httpclient.Credentials;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.NTCredentials;
import org.apache.commons.httpclient.auth.AuthChallengeParser;
import org.apache.commons.httpclient.auth.AuthScheme;
import org.apache.commons.httpclient.auth.AuthenticationException;
import org.apache.commons.httpclient.auth.InvalidCredentialsException;
import org.apache.commons.httpclient.auth.MalformedChallengeException;
import org.apache.commons.httpclient.auth.NTLMScheme;
import org.apache.commons.httpclient.util.EncodingUtil;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/**
 * AuthScheme that delegates the work of reading and writing NTLM messages to
 * the JCIFS implementation
 * 
 * directly inspired by org.apache.commons.httpclient.auth.NTLMScheme
 * 
 *
 * This software is based upon voluntary contributions made by many
 * individuals on behalf of the Apache Software Foundation.  For more
 * information on the Apache Software Foundation, please see
 * .
 *
 */
public class JcifsNtlmScheme implements AuthScheme
{
    /** Log object for this class. */
    private static final Log LOG = LogFactory.getLog(NTLMScheme.class);

    /** NTLM challenge string. */
    private String ntlmchallenge = null;

    private static final int UNINITIATED = 0;
    private static final int INITIATED = 1;
    private static final int TYPE1_MSG_GENERATED = 2;
    private static final int TYPE2_MSG_RECEIVED = 3;
    private static final int TYPE3_MSG_GENERATED = 4;
    private static final int FAILED = Integer.MAX_VALUE;

    /** Authentication process state */
    private int state;

    /**
     * Default constructor for the NTLM authentication scheme.
     * 
     * @since 3.0
     */
    public JcifsNtlmScheme()
    {
        super();
        this.state = UNINITIATED;
    }

    /**
     * Constructor for the NTLM authentication scheme.
     * 
     * @param challenge
     *            The authentication challenge
     * 
     * @throws MalformedChallengeException
     *             is thrown if the authentication challenge is malformed
     */
    public JcifsNtlmScheme(final String challenge)
            throws MalformedChallengeException
    {
        super();
        processChallenge(challenge);
    }

    /**
     * Processes the NTLM challenge.
     * 
     * @param challenge
     *            the challenge string
     * 
     * @throws MalformedChallengeException
     *             is thrown if the authentication challenge is malformed
     * 
     * @since 3.0
     */
    public void processChallenge(final String challenge)
            throws MalformedChallengeException
    {
        String s = AuthChallengeParser.extractScheme(challenge);
        if (!s.equalsIgnoreCase(getSchemeName()))
        {
            throw new MalformedChallengeException("Invalid NTLM challenge: "
                    + challenge);
        }
        int i = challenge.indexOf(' ');
        if (i != -1)
        {
            s = challenge.substring(i, challenge.length());
            this.ntlmchallenge = s.trim();
            this.state = TYPE2_MSG_RECEIVED;
        }
        else
        {
            this.ntlmchallenge = "";
            if (this.state == UNINITIATED)
            {
                this.state = INITIATED;
            }
            else
            {
                this.state = FAILED;
            }
        }
    }

    /**
     * Tests if the NTLM authentication process has been completed.
     * 
     * @return true if Basic authorization has been processed,
     *         false otherwise.
     * 
     * @since 3.0
     */
    public boolean isComplete()
    {
        return this.state == TYPE3_MSG_GENERATED || this.state == FAILED;
    }

    /**
     * Returns textual designation of the NTLM authentication scheme.
     * 
     * @return ntlm
     */
    public String getSchemeName()
    {
        return "ntlm";
    }

    /**
     * The concept of an authentication realm is not supported by the NTLM
     * authentication scheme. Always returns null.
     * 
     * @return null
     */
    public String getRealm()
    {
        return null;
    }

    /**
     * Unsupported.
     */
    public String getID()
    {
        throw new UnsupportedOperationException();
    }

    /**
     * Returns the authentication parameter with the given name, if available.
     * 
     * 

     * There are no valid parameters for NTLM authentication so this method
     * always returns null.
     * 

     * 
     * @param name
     *            The name of the parameter to be returned
     * 
     * @return the parameter with the given name
     */
    public String getParameter(String name)
    {
        if (name == null)
        {
            throw new IllegalArgumentException("Parameter name may not be null");
        }
        return null;
    }

    /**
     * Returns true. NTLM authentication scheme is connection based.
     * 
     * @return true.
     * 
     * @since 3.0
     */
    public boolean isConnectionBased()
    {
        return true;
    }

    /**
     * Unsupported.
     */
    public static String authenticate(
            final NTCredentials credentials, final String challenge)
            throws AuthenticationException
    {
        throw new UnsupportedOperationException();
    }

    /**
     * Unsupported.
     */
    public static String authenticate(
            final NTCredentials credentials, final String challenge,
            String charset) throws AuthenticationException
    {
        throw new UnsupportedOperationException();
    }

    /**
     * Unsupported.
     */
    public String authenticate(
            Credentials credentials, String method, String uri)
            throws AuthenticationException
    {
        throw new UnsupportedOperationException();

    }

    /**
     * Produces NTLM authorization string for the given set of
     * {@link Credentials}.
     * 
     * @param credentials
     *            The set of credentials to be used for athentication
     * @param method
     *            The method being authenticated
     * 
     * @throws InvalidCredentialsException
     *             if authentication credentials are not valid or not applicable
     *             for this authentication scheme
     * @throws AuthenticationException
     *             if authorization string cannot be generated due to an
     *             authentication failure
     * 
     * @return an NTLM authorization string
     * 
     * @since 3.0
     */
    public String authenticate(Credentials credentials, HttpMethod method)
            throws AuthenticationException
    {
        LOG.trace("enter NTLMScheme.authenticate(Credentials, HttpMethod)");

        if (this.state == UNINITIATED)
        {
            throw new IllegalStateException(
                    "NTLM authentication process has not been initiated");
        }

        NTCredentials ntcredentials = null;
        try
        {
            ntcredentials = (NTCredentials) credentials;
        }
        catch (ClassCastException e)
        {
            throw new InvalidCredentialsException(
                    "Credentials cannot be used for NTLM authentication: "
                            + credentials.getClass().getName());
        }
        byte[] msgBytes = null;
        String response = null;
        if (this.state == INITIATED)
        {
            Type1Message msg = new Type1Message();
            // @see http://davenport.sourceforge.net/ntlm.html#theType1Message
            // dont' support Unicode
            // negotiate OEM
            // request authentication realm in Type2 response
            // not signed
            // not encrypted
            // not authenticated
            // no lan manager key
            // negotiate NTLM
            msg.setFlags(0x5206);
            msg.setSuppliedWorkstation(ntcredentials.getHost());
            msg.setSuppliedDomain(ntcredentials.getDomain());
            msgBytes = msg.toByteArray();
            this.state = TYPE1_MSG_GENERATED;
        }
        else if (this.state == TYPE2_MSG_RECEIVED)
        {
            byte[] msg2Bytes =
                    Base64.decodeBase64(EncodingUtil.getBytes(
                            this.ntlmchallenge,
                            method.getParams().getCredentialCharset()));
            try
            {
                Type2Message msg2 = new Type2Message(msg2Bytes);
                Type3Message msg3 =
                        new Type3Message(msg2, ntcredentials.getPassword(),
                                ntcredentials.getDomain(), ntcredentials
                                        .getUserName(), ntcredentials.getHost());
                msgBytes = msg3.toByteArray();
            }
            catch (IOException ex)
            {
                throw new AuthenticationException(
                        "unable to parse Type2Message", ex);
            }
            this.state = TYPE3_MSG_GENERATED;
        }
        else
        {
            throw new RuntimeException("failed to authenticate");
        }
        response = EncodingUtil.getAsciiString(Base64.encodeBase64(msgBytes));
        return "NTLM " + response;
    }
}

And a class to register the authorisation scheme, like this


import org.apache.commons.httpclient.Credentials;
import org.apache.commons.httpclient.NTCredentials;
import org.apache.commons.httpclient.auth.AuthPolicy;
import org.apache.commons.httpclient.auth.AuthScheme;
import org.apache.commons.httpclient.auth.CredentialsNotAvailableException;
import org.apache.commons.httpclient.auth.CredentialsProvider;
import org.apache.commons.httpclient.params.DefaultHttpParams;
import org.apache.commons.httpclient.params.DefaultHttpParamsFactory;
import org.apache.commons.httpclient.params.HttpParams;

/**
 * registers NTLM authentication for apache axis
 * 
 */
public class NtlmJcifsCredentials
{
    public static void register(String password)
    {
        final String username = System.getProperty("user.name");
        final String computername = System.getenv("COMPUTERNAME");
        final String userDomain = System.getenv("USERDOMAIN");
        register(username, password, computername, userDomain);
    }
    public static void register(String username, String password, String userDomain)
    {
        final String computername = System.getenv("COMPUTERNAME");
        register(username, password, computername, userDomain);
    }

    public static void register(
            String username, String password, String computername, String domain)
    {
        final NTCredentials ntCred =
                new NTCredentials(username, password, computername, domain);

        final CredentialsProvider ntlmCredProvider = new CredentialsProvider()
        {
            public Credentials getCredentials(
                    AuthScheme scheme, String host, int port, boolean proxy)
                    throws CredentialsNotAvailableException
            {
                return ntCred;
            }
        };
        final DefaultHttpParamsFactory paramFact =
                new DefaultHttpParamsFactory()
                {
                    @Override
                    protected HttpParams createParams()
                    {
                        HttpParams htp = super.createParams();
                        htp.setParameter(
                                CredentialsProvider.PROVIDER,
                                ntlmCredProvider);
                        return htp;
                    }
                };
        DefaultHttpParams.setHttpParamsFactory(paramFact);

        // we want all our jcifs encoding to be ascii
        jcifs.Config.setProperty("jcifs.encoding", "ASCII");

        // our jcifs implemented NTLM is required for MDW's authentication
        AuthPolicy.registerAuthScheme(AuthPolicy.NTLM, JcifsNtlmScheme.class);
    }
}

At runtime I call

 NtlmJcifsCredentials.register(username, password, domain)

I construct my endpoint stub, and it just works.
As a beneficial side-effect this will simply chuck an exception if if fails to authenticate - the Default Apache Commons class will keep trying to connect infinitely - which in the case of NTLM can easily lead to your account being locked out from windows.

回复 原文
七禾 2024-07-29 07:15:04

非常感谢本,干得好。
对于我的解决方案,根据您的课程,我需要 2 项改进。

1) class JcifsNtlmScheme

jcifs中的接口发生了变化(我使用1.3.14版本)。
NTLM 标志是必需的,我不太确定,但 0x82 对我有用。

int flags = Type3Message.NTLMSSP_NEGOTIATE_OEM | Type3Message.NTLMSSP_NEGOTIATE_LM_KEY;

Type3Message msg3 =
        new Type3Message(msg2, ntcredentials.getPassword(),
        ntcredentials.getDomain(), ntcredentials.getUserName(), ntcredentials.getHost(), flags);

2) class NtlmJcifsCredentials

 DefaultHttpParams.setHttpParamsFactory(paramFact);

这对于第一次连接来说效果很好。 这似乎是一个全球性的环境。 它可能不是真正的线程安全。
我需要连接基础上的凭据。 所以我删除了这个类,并在创建 webservice 存根后直接插入内置的 Authenticator:

jcifs.Config.setProperty("jcifs.encoding", "ASCII");
AuthPolicy.registerAuthScheme(AuthPolicy.NTLM, JcifsNtlmScheme.class);

Authenticator authenticator = new Authenticator();
List<String> authScheme = new ArrayList<String>();
authScheme.add(Authenticator.NTLM);
authScheme.add(Authenticator.BASIC);
authenticator.setAuthSchemes(authScheme);
authenticator.setUsername(myusername);
authenticator.setPassword(mypassword);
authenticator.setHost(servername);
authenticator.setDomain(domain);        
exService._getServiceClient().getOptions().setProperty(HTTPConstants.AUTHENTICATE, authenticator);       
exService._getServiceClient().getOptions().setProperty(HTTPConstants.CHUNKED, Boolean.FALSE);
exService._getServiceClient().getOptions().setProperty(HTTPConstants.REUSE_HTTP_CLIENT, Boolean.TRUE);

Thank yo very much Ben, good work.
For my solution I need 2 improvements, based on your classes.

1) class JcifsNtlmScheme

The interface has changed in jcifs (I use version 1.3.14).
The NTLM flag is required, I'm not really sure but 0x82 works for me.

int flags = Type3Message.NTLMSSP_NEGOTIATE_OEM | Type3Message.NTLMSSP_NEGOTIATE_LM_KEY;

Type3Message msg3 =
        new Type3Message(msg2, ntcredentials.getPassword(),
        ntcredentials.getDomain(), ntcredentials.getUserName(), ntcredentials.getHost(), flags);

2) class NtlmJcifsCredentials

 DefaultHttpParams.setHttpParamsFactory(paramFact);

This works fine for the first connection. It seems to be a global setting. It's probably not really thread-safe.
I need the credentials on connections base. So I dropped this class and inserted the built-in Authenticator directly after creation of the webservice stub:

jcifs.Config.setProperty("jcifs.encoding", "ASCII");
AuthPolicy.registerAuthScheme(AuthPolicy.NTLM, JcifsNtlmScheme.class);

Authenticator authenticator = new Authenticator();
List<String> authScheme = new ArrayList<String>();
authScheme.add(Authenticator.NTLM);
authScheme.add(Authenticator.BASIC);
authenticator.setAuthSchemes(authScheme);
authenticator.setUsername(myusername);
authenticator.setPassword(mypassword);
authenticator.setHost(servername);
authenticator.setDomain(domain);        
exService._getServiceClient().getOptions().setProperty(HTTPConstants.AUTHENTICATE, authenticator);       
exService._getServiceClient().getOptions().setProperty(HTTPConstants.CHUNKED, Boolean.FALSE);
exService._getServiceClient().getOptions().setProperty(HTTPConstants.REUSE_HTTP_CLIENT, Boolean.TRUE);
回复 原文
雨轻弹 2024-07-29 07:15:04

我已经让它工作了,但我还没有在 HTTP 中实现代理服务器支持。
http://www.magsoft.nl/share/Axis2%20patch.zip
我使用的所有 jar 都位于项目 lib 目录中。
有一些类路径要求。 首先,Axis2 HTTPClient4 patch.jar 必须位于轴 jar 之上。 此外,commons-httpclient-3.1.jar 仍需要位于类路径中,但在 httpclient-4 jar 之后。

以下是我实现客户端的方法:


Scheme http = new Scheme("http", PlainSocketFactory.getSocketFactory(), 80);
SchemeRegistry sr = new SchemeRegistry();
sr.register(http);
HttpParams httpParms = new BasicHttpParams();
ClientConnectionManager connManager = new ThreadSafeClientConnManager(httpParms, sr);
DefaultHttpClient httpclient = new DefaultHttpClient(connManager, httpParms);
httpclient.getAuthSchemes().register(HttpTransportProperties.Authenticator.NTLM, new NTLMSchemeFactory());
httpclient.getCredentialsProvider().setCredentials(new AuthScope(host, -1), new NTCredentials(user, pass, host, domain));

sps = new SharepointServiceStub(addr.toString());

List authScheme = new ArrayList();
authScheme.add(HttpTransportProperties.Authenticator.NTLM);
HttpTransportProperties.Authenticator auth = new HttpTransportProperties.Authenticator();
auth.setHost(host);
auth.setDomain(domain);
auth.setUsername(user);
auth.setPassword(pass);
auth.setAuthSchemes(authScheme);
Options options = sps._getServiceClient().getOptions();
options.setProperty(org.apache.axis2.transport.http.HTTPConstants.REUSE_HTTP_CLIENT, true);
options.setProperty(org.apache.axis2.transport.http.HTTPConstants.CACHED_HTTP_CLIENT, httpclient);
options.setProperty(org.apache.axis2.transport.http.HTTPConstants.AUTHENTICATE, auth);
options.setProperty(org.apache.axis2.transport.http.HTTPConstants.CHUNKED, Boolean.TRUE);
options.setProperty(org.apache.axis2.transport.http.HTTPConstants.CONNECTION_TIMEOUT, 900000); // 15 minutes
options.setProperty(org.apache.axis2.transport.http.HTTPConstants.SO_TIMEOUT, 180000); // 3 minutes

但是要使其工作,您将需要以下树类:
NTLMSchemeFactory.java


package ...;

import org.apache.http.auth.AuthScheme;
import org.apache.http.auth.AuthSchemeFactory;
import org.apache.http.impl.auth.NTLMScheme;
import org.apache.http.params.HttpParams;

public class NTLMSchemeFactory implements AuthSchemeFactory
{

    public NTLMSchemeFactory()
    {
    }

    public AuthScheme newInstance(final HttpParams params)
    {
        return new NTLMScheme(new JCIFSEngine());
    }

}

JCIFSScheme.java


package ...;

import org.apache.http.impl.auth.NTLMScheme;



public class JCIFSScheme extends NTLMScheme
{
    public JCIFSScheme()
    {
        super(new JCIFSEngine());
    }
}

JCIFSEngine.java


package ...;

import java.io.IOException;

import jcifs.ntlmssp.Type1Message;
import jcifs.ntlmssp.Type2Message;
import jcifs.ntlmssp.Type3Message;
import jcifs.util.Base64;

import org.apache.http.impl.auth.NTLMEngine;
import org.apache.http.impl.auth.NTLMEngineException;

public class JCIFSEngine implements NTLMEngine
{
    public String generateType1Msg(String domain, String workstation) throws NTLMEngineException
    {

        Type1Message t1m = new Type1Message(Type1Message.getDefaultFlags(), domain, workstation);
        return Base64.encode(t1m.toByteArray());
    }


    public String generateType3Msg(String username, String password, String domain, String workstation, String challenge)
            throws NTLMEngineException
    {
        Type2Message t2m;
        try
        {
            t2m = new Type2Message(Base64.decode(challenge));
        } catch (IOException ex)
        {
            throw new NTLMEngineException("Invalid Type2 message", ex);
        }
        Type3Message t3m = new Type3Message(t2m, password, domain, username, workstation, 0);
        return Base64.encode(t3m.toByteArray());
    }

}

I've got it working, but I did NOT yet implement proxy server support in the HTTP.
http://www.magsoft.nl/share/Axis2%20patch.zip
All the jars I use are in the project lib directory.
There are some class path requirements. First the Axis2 HTTPClient4 patch.jar has to be above the axis jars. Furthermore, commons-httpclient-3.1.jar needs to be still in the classpath, but after the httpclient-4 jars.

Here is how I implemented the client:


Scheme http = new Scheme("http", PlainSocketFactory.getSocketFactory(), 80);
SchemeRegistry sr = new SchemeRegistry();
sr.register(http);
HttpParams httpParms = new BasicHttpParams();
ClientConnectionManager connManager = new ThreadSafeClientConnManager(httpParms, sr);
DefaultHttpClient httpclient = new DefaultHttpClient(connManager, httpParms);
httpclient.getAuthSchemes().register(HttpTransportProperties.Authenticator.NTLM, new NTLMSchemeFactory());
httpclient.getCredentialsProvider().setCredentials(new AuthScope(host, -1), new NTCredentials(user, pass, host, domain));

sps = new SharepointServiceStub(addr.toString());

List authScheme = new ArrayList();
authScheme.add(HttpTransportProperties.Authenticator.NTLM);
HttpTransportProperties.Authenticator auth = new HttpTransportProperties.Authenticator();
auth.setHost(host);
auth.setDomain(domain);
auth.setUsername(user);
auth.setPassword(pass);
auth.setAuthSchemes(authScheme);
Options options = sps._getServiceClient().getOptions();
options.setProperty(org.apache.axis2.transport.http.HTTPConstants.REUSE_HTTP_CLIENT, true);
options.setProperty(org.apache.axis2.transport.http.HTTPConstants.CACHED_HTTP_CLIENT, httpclient);
options.setProperty(org.apache.axis2.transport.http.HTTPConstants.AUTHENTICATE, auth);
options.setProperty(org.apache.axis2.transport.http.HTTPConstants.CHUNKED, Boolean.TRUE);
options.setProperty(org.apache.axis2.transport.http.HTTPConstants.CONNECTION_TIMEOUT, 900000); // 15 minutes
options.setProperty(org.apache.axis2.transport.http.HTTPConstants.SO_TIMEOUT, 180000); // 3 minutes

But for this to work you will need the following tree classes:
NTLMSchemeFactory.java


package ...;

import org.apache.http.auth.AuthScheme;
import org.apache.http.auth.AuthSchemeFactory;
import org.apache.http.impl.auth.NTLMScheme;
import org.apache.http.params.HttpParams;

public class NTLMSchemeFactory implements AuthSchemeFactory
{

    public NTLMSchemeFactory()
    {
    }

    public AuthScheme newInstance(final HttpParams params)
    {
        return new NTLMScheme(new JCIFSEngine());
    }

}

JCIFSScheme.java


package ...;

import org.apache.http.impl.auth.NTLMScheme;



public class JCIFSScheme extends NTLMScheme
{
    public JCIFSScheme()
    {
        super(new JCIFSEngine());
    }
}

JCIFSEngine.java


package ...;

import java.io.IOException;

import jcifs.ntlmssp.Type1Message;
import jcifs.ntlmssp.Type2Message;
import jcifs.ntlmssp.Type3Message;
import jcifs.util.Base64;

import org.apache.http.impl.auth.NTLMEngine;
import org.apache.http.impl.auth.NTLMEngineException;

public class JCIFSEngine implements NTLMEngine
{
    public String generateType1Msg(String domain, String workstation) throws NTLMEngineException
    {

        Type1Message t1m = new Type1Message(Type1Message.getDefaultFlags(), domain, workstation);
        return Base64.encode(t1m.toByteArray());
    }


    public String generateType3Msg(String username, String password, String domain, String workstation, String challenge)
            throws NTLMEngineException
    {
        Type2Message t2m;
        try
        {
            t2m = new Type2Message(Base64.decode(challenge));
        } catch (IOException ex)
        {
            throw new NTLMEngineException("Invalid Type2 message", ex);
        }
        Type3Message t3m = new Type3Message(t2m, password, domain, username, workstation, 0);
        return Base64.encode(t3m.toByteArray());
    }

}
回复 原文
梦里的微风 2024-07-29 07:15:04

这个 Axis2Patch.zip 是一个真正的救星。
这就是我所做的:

使用内置 NTLMv2 的 httpclient4.1 beta1 编译 Axis2Patch。
将其导入我的项目并导入 httpclient4.1beta1 。

我像这样更改了导入:

import org.apache.commons.httpclient.auth.AuthenticationException;
import org.apache.commons.httpclient.auth.NTLMScheme;
//import org.apache.commons.httpclient.NTCredentials;
//import org.apache.commons.httpclient.auth.AuthPolicy;

import org.apache.http.auth.AuthScope;
import org.apache.http.auth.NTCredentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.params.AuthPolicy;

并且无需进行太多代码更改即可完美运行。
谢谢!

This Axis2Patch.zip has been a real lifesaver.
This is what I did:

Compiled Axis2Patch with httpclient4.1 beta1 which has NTLMv2 build in.
Imported that into my project and imported httpclient4.1beta1 also.

I changed my imports like this:

import org.apache.commons.httpclient.auth.AuthenticationException;
import org.apache.commons.httpclient.auth.NTLMScheme;
//import org.apache.commons.httpclient.NTCredentials;
//import org.apache.commons.httpclient.auth.AuthPolicy;

import org.apache.http.auth.AuthScope;
import org.apache.http.auth.NTCredentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.params.AuthPolicy;

and without too much code change it works perfectly.
Thanks!

回复 原文
~没有更多了~

关于作者

三生殊途

暂无简介

0 文章
0 评论
21 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文