logo标签列表

未提供有效凭据(机制级别:未提供有效凭据(机制级别:无法找到任何Kerberos tgt))httpclient

apache-httpclient-4.x
7

我正在尝试使用NTLM身份验证方案的HTTP客户端从服务器下载PDF文件。

但是,当我使用Java代码并使用相同的用户名和密码时,会出现401错误。如果我使用wget并将用户名和密码作为参数,则可以下载该文件。我正在使用httpclient 4.2.2。

Authentication error: No valid credentials provided (Mechanism level: No valid credentials provided 
(Mechanism level: Failed to find any Kerberos tgt))

以下是我使用身份验证下载PDF的代码。
 public ByteArrayOutputStream getFile1(String resourceURL) throws CRMBusinessException {
DefaultHttpClient httpclient = new DefaultHttpClient();
ByteArrayOutputStream tmpOut = null;
try {
  ICRMConfigCache cache = CacheUtil.getCRMConfigCache();
  String host = cache.getConfigValue(ConfigEnum.DOCUMENT_SOURCE_HOST_NAME.toString());
  String user = cache.getConfigValue(ConfigEnum.HTTP_USER_NAME.toString());
  String password = cache.getConfigValue(ConfigEnum.HTTP_PASSWORD.toString());
  String workstation = cache.getConfigValue(ConfigEnum.CLIENT_HOST_NAME.toString());

  // Prerequisites
  PreCondition.checkEmptyString(resourceURL, "'resourceURL' cannot be empty or null");
  PreCondition.checkEmptyString(host, ConfigEnum.DOCUMENT_SOURCE_HOST_NAME + " property is not set in database");
  PreCondition.checkEmptyString(user, ConfigEnum.HTTP_USER_NAME + " property is not set in database");
  PreCondition.checkEmptyString(password, ConfigEnum.HTTP_PASSWORD + " property is not set in database");
  PreCondition.checkEmptyString(workstation, ConfigEnum.CLIENT_HOST_NAME + " property is not set in database");

  // NTLM authentication across all hosts and ports
  httpclient.getCredentialsProvider().setCredentials(
      new AuthScope(host, AuthScope.ANY_PORT, AuthScope.ANY_HOST),
      new NTCredentials(user, password, workstation, MY_DOMAIN));

  httpclient.getAuthSchemes().register("ntlm", new NTLMSchemeFactory());

  // Execute the GET request
  HttpGet httpget = new HttpGet(resourceURL);

  HttpResponse httpresponse = httpclient.execute(httpget);
  if (httpresponse.getStatusLine().getStatusCode() == HttpStatus.SC_OK) {
tmpOut = new ByteArrayOutputStream();
    InputStream in = httpresponse.getEntity().getContent();
    byte[] buf = new byte[1024];
    int len;
    while (true) {
      len = in.read(buf);
      if (len == -1) {
        break;
      }
      tmpOut.write(buf, 0, len);
    }
    tmpOut.close();
  }

  aLog.debug( "IntranetFileDownloaderImpl - getFile - End - " + resourceURL);
  return tmpOut;
} catch (Exception e) {
  aLog.error("IntranetFileDownloaderImpl - getFile - Error while downloading " + resourceURL + "[" + e.getMessage() + "]", e);
  throw new CRMBusinessException(e);
} finally {
  httpclient.getConnectionManager().shutdown();
}
}

有人在使用httpclient时遇到过这种问题吗? "Failed to find any Kerberos tgt"是什么意思? 有人知道吗?

krb5.conf 文件可能需要更新。 - Smart Coder
2个回答
1
使用 Kotlin 和 HttpClient 版本 4.5.8:
    val credentialsProvider = BasicCredentialsProvider().apply {
        setCredentials(
                AuthScope(AuthScope.ANY),
                NTCredentials(user, password, null, domain))
    }

    val requestConfig = RequestConfig.custom().setTargetPreferredAuthSchemes(listOf(AuthSchemes.NTLM)).build()

    return HttpClients.custom()
            .setDefaultCredentialsProvider(credentialsProvider)
            .setDefaultRequestConfig(requestConfig)
            .build()
0

以下代码对我来说在http客户端版本4.2.2中有效。

DefaultHttpClient httpclient = new DefaultHttpClient();
    HttpContext localContext = new BasicHttpContext();
    HttpGet httpget = new HttpGet("url"); 
    CredentialsProvider credsProvider = new BasicCredentialsProvider();
    credsProvider.setCredentials(AuthScope.ANY,
            new NTCredentials("username", "pwd", "", "domain"));
                List<String> authtypes = new ArrayList<String>();
        authtypes.add(AuthPolicy.NTLM);      
        httpclient.getParams().setParameter(AuthPNames.TARGET_AUTH_PREF,authtypes);

    localContext.setAttribute(ClientContext.CREDS_PROVIDER, credsProvider);
    HttpResponse response = httpclient.execute(httpget, localContext);
    HttpEntity entity=response.getEntity();
NTCredentials构造函数的最后两个参数workstation和domain的含义是什么? - Marcin Sanecki
这对于我来说在4.2.2或4.5.6和Java 8上没有起作用。我得到了HTTP/1.1 401未经授权[Content-Length: 58,Content-Type: text/html,Server: Microsoft-IIS/8.5,WWW-Authenticate: Negotiate,WWW-Authenticate: NTLM,Access-Control-Allow-Origin: *,X-Powered-By: ASP.NET,Date: Fri,03 Aug 2018 20:38:09 GMT]。 - John
...或许确实是这样。我使用了错误的用户名(呃!)。我注意到尝试了这里描述的方法:https://dev59.com/WW025IYBdhLWcg3wl3Em#20047880 - John
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接