Apache의 Commons httpclient를 사용하여 NTLM 인증을 사용하여 웹 서버에 대해 어떻게 프로그램 적으로 인증합니까?

StackOverflow https://stackoverflow.com/questions/199145

  •  11-07-2019
  •  | 
  •  

문제

이 코드를 사용하고 있으며 아래에 나열된 스택 추적을 얻습니다. HTTP 만으로도이 작업을 수행했지만 기본 인증이 있지만 NTLM은 아닙니다.

HttpClient client = null;
HttpMethod get = null;
try
{
  Protocol myhttps = new Protocol("https", ((ProtocolSocketFactory) new EasySSLProtocolSocketFactory()), 443);
  Protocol.registerProtocol("https", myhttps);
  client = new HttpClient();
  get = new GetMethod("https://tt.dummycorp.com/tmtrack/");
  Credentials creds = new NTCredentials("dummy", "dummy123", "host", "DUMMYDOMAIN");
  client.getState().setCredentials(AuthScope.ANY, creds);
  get.setDoAuthentication(true);
  int resultCode = client.executeMethod(get);
  System.out.println(get.getResponseBodyAsString());
}

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
    at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
    at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
    at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
    at com.dummycorp.teamtrack.TeamTrackHack.main(TeamTrackHack.java:38)
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
    at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:251)
    at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:234)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:158)
    at sun.security.validator.Validator.validate(Validator.java:218)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
    at org.apache.commons.httpclient.contrib.ssl.EasyX509TrustManager.checkServerTrusted(EasyX509TrustManager.java:104)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:967)
    ... 17 more
Caused by: java.security.cert.CertPathValidatorException: signature check failed
    at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139)
    at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:316)
    at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178)
    at java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
    at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:246)
    ... 24 more
Caused by: java.security.SignatureException: Signature does not match.
    at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:446)
    at sun.security.provider.certpath.BasicChecker.verifySignature(BasicChecker.java:133)
    at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:112)
    at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:117)
    ... 28 more
도움이 되었습니까?

해결책

httpclient는 NTLM을 완전히 지원하지 않습니다. 살펴보세요 알려진 한계와 문제. NTLM에 관한 httpclient 문서는 약간 혼란 스럽지만 결론은 NTLMV2를 지원하지 않아서 이와 관련하여 거의 사용할 수 없다는 것입니다.

NTLM은 표준 java httpurlconnection에 의해 지원됩니다 (링크), 그러나 httpclient는 JDK의 httpurlconnection에 비해 몇 가지 장점이 있습니다.

다른 팁

게시 된 유틸리티를 살펴보십시오 여기.

그것은 다른 문제, 즉 인증서가없는 반면, 유효하지 않은 인증서가 설치되었지만 설치된 인증서에 대한 장점은 도움이 될 수 있습니다.

라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top