1. 首页
  2. 问答
  3. 你如何以编程方式验证使用NTLM身份验证与Apache的公共httpclient的Web服务器?

你如何以编程方式验证使用NTLM身份验证与Apache的公共httpclient的Web服务器?

2008-10-13 49 views
2

我正在使用此代码,并获得下面列出的堆栈跟踪。 我只有https和基本身份验证,但不是ntlm。你如何以编程方式验证使用NTLM身份验证与Apache的公共httpclient的Web服务器?

HttpClient client = null; 
HttpMethod get = null; 
try 
{ 
    Protocol myhttps = new Protocol("https", ((ProtocolSocketFactory) new EasySSLProtocolSocketFactory()), 443); 
    Protocol.registerProtocol("https", myhttps); 
    client = new HttpClient(); 
    get = new GetMethod("https://tt.dummycorp.com/tmtrack/"); 
    Credentials creds = new NTCredentials("dummy", "dummy123", "host", "DUMMYDOMAIN"); 
    client.getState().setCredentials(AuthScope.ANY, creds); 
    get.setDoAuthentication(true); 
    int resultCode = client.executeMethod(get); 
    System.out.println(get.getResponseBodyAsString()); 
} 

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed 
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) 
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591) 
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187) 
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181) 
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975) 
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123) 
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516) 
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454) 
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884) 
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096) 
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623) 
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59) 
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65) 
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) 
    at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828) 
    at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116) 
    at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096) 
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398) 
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) 
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) 
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323) 
    at com.dummycorp.teamtrack.TeamTrackHack.main(TeamTrackHack.java:38) 
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed 
    at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:251) 
    at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:234) 
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:158) 
    at sun.security.validator.Validator.validate(Validator.java:218) 
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126) 
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209) 
    at org.apache.commons.httpclient.contrib.ssl.EasyX509TrustManager.checkServerTrusted(EasyX509TrustManager.java:104) 
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:967) 
    ... 17 more 
Caused by: java.security.cert.CertPathValidatorException: signature check failed 
    at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139) 
    at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:316) 
    at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178) 
    at java.security.cert.CertPathValidator.validate(CertPathValidator.java:250) 
    at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:246) 
    ... 24 more 
Caused by: java.security.SignatureException: Signature does not match. 
    at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:446) 
    at sun.security.provider.certpath.BasicChecker.verifySignature(BasicChecker.java:133) 
    at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:112) 
    at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:117) 
    ... 28 more

来源

2008-10-13 ScArcher2

回答

2

HttpClient不完全支持NTLM。请看看Known limitations and problems。有关NTLM的HttpClient文档有点令人困惑,但底线是它们不支持NTLMv2,这使得它在这方面几乎不可用。

NTLM由标准的java HttpURLConnection(link)支持,但HttpClient比jdk的HttpURLConnection有一些优势。

来源

2008-12-03 11:00:11

+1

请注意,HttpClient的当前版本(4.2.1)声称支持NTLMv2。有关更多信息,请参阅http://hc.apache.org/httpcomponents-client-ga/ntlm.html。 – 2012-10-04 12:00:06

0

看看贴的实用工具here

它解决了不同的问题,即没有证书,而您安装了无效的证书,但可能有关已安装证书的详细输出可能会有帮助。

来源

2008-10-14 09:15:09

相关问题

 相关问题