我有一个托管网址,使用ntlm进行身份验证(Windows集成身份验证)。我在Windows上并使用java 1.8
URL url = new URL("someUrl");
HttpURLConnection con = (HttpURLConnection) url.openConnection();
// con.setInstanceFollowRedirects(false);
con.setRequestProperty("Content-Type", "application/json");
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
if (responseCode == HttpURLConnection.HTTP_OK) {
// read response
...
in.close();
}else{
System.out.println("Error while fetching reponse, recieved response code " + responseCode);
}
上面的代码一直工作到java 1.8.0_181随后的更新它开始失败,我已经测试了191和201.如果向后移植到181,代码仍然有效。我也尝试使用Authenticator,但它没有被调用(不知道为什么)使用java的内部日志记录,我可以在日志中看到以下消息“NegotiateAuthentication:java.io.IOException:Negotiate support not initiated”我得到了401
我期待任何机制来帮助java自己协商进行身份验证。
在Java发行说明中,它没有在任何地方提及,但NTLM身份验证实现发生了变化。我已经调试了java代码,并在下面的java.home / lib中有文件net.properties,现在提到以下
#
# Transparent NTLM HTTP authentication mode on Windows. Transparent authentication
# can be used for the NTLM scheme, where the security credentials based on the
# currently logged in user's name and password can be obtained directly from the
# operating system, without prompting the user. This property has three possible
# values which regulate the behavior as shown below. Other unrecognized values
# are handled the same as 'disabled'. Note, that NTLM is not considered to be a
# strongly secure authentication scheme and care should be taken before enabling
# this mechanism.
#
# Transparent authentication never used.
#jdk.http.ntlm.transparentAuth=disabled
#
# Enabled for all hosts.
#jdk.http.ntlm.transparentAuth=allHosts
#
# Enabled for hosts that are trusted in Windows Internet settings
#jdk.http.ntlm.transparentAuth=trustedHosts
#
jdk.http.ntlm.transparentAuth=disabled
直到jdk1.8.0_181,有一个默认的NTLM身份验证回调,这在NTLM身份验证过程中很有用。
要使用jdk1.8.0_181向前运行上面的代码,您只需要为您的java进程设置jdk.http.ntlm.transparentAuth。
如果选择trustedHosts,请确保在Windows受信任站点中添加了URL。